BSNL IP Range blacklisted

[dukhi]

Hey guys,
New user here. A nice community you got here so that we can all share our internet woes :tongue:
I have been reading posts here for a long time, but was finally forced to register due to the following issue.
I am using bsnl and for the past few days, I have been unable to send mails using my gmx.com account.
I use mutt + msmtp for sending mails, but since the past few days, gmx doesn't allow me to send mails through this setup. The error message says that my IP has been blacklisted. I have tried renewing IP addresses, but with each one of them the result is the same. I can send mails using the gmx web interface though.
I tried checking the IPs assigned for blacklisting, and each one of them came up as blacklisted. I visited some of the blacklists and some of them have blacklisted all of bsnl's IP range!
Here's one such result:
https://imgur.com/lji5WBF
The issue is because gmx uses some of these blacklists, on the other hand gmail works fine.
I contacted gmx and they asked me to contact my ISP.
Anyway, I have the following questions?
1) Can anyone with a GMX account and using Bsnl confirm that they can send mails using their mail clients?
2) Who do I contact in Bsnl to raise an issue, I doubt my local SDO can help?
Bsnl has become a huge pain. Ever since the last cable cut, my Internet has been shitty with latency upwards of 1000 ms, and most of the times Internet speeds of 5-10 KBps. I am on the ULD 800 plan.
And now we cannot even access services because we have been blacklisted! :crying:

 

[mgcarley]

They have probably blacklisted BSNL due to excessive spam or attempts by malware-infested PCs trying to send spam etc through their relays. It happens. Often.This is not an uncommon move - I, for example, have blacklisted the entire country of China from accessing my servers since, well, the concerned servers have no business with China and it has proven to reduce the number of form-spam by I guess 95%The ban on your IP range may or may not be temporary depending on whether they blocked the range themselves or whether the servers download a list from some organization like spamhaus or rbl etc. You may need to set up a VPN in another country to be able to continue sending emails through their smtp server. Or simply rent space on a webhost that offers email (either option would probably cost about the same depending on where you got it).

 

[Deleted member 10390]

Many foreign forum owners have blocked India, Pakistan, China, Philippines, Russia etc for spending spam. They often forget that these spammers are paid by their fellow citizens.

 

[dukhi]

The ban on your IP range may or may not be temporary depending on whether they blocked the range themselves or whether the servers download a list from some organization like spamhaus or rbl etc.

Yes, they use third party RBLs, probably spamhaus too. But haven't specified which ones.

You may need to set up a VPN in another country to be able to continue sending emails through their smtp server. Or simply rent space on a webhost that offers email (either option would probably cost about the same depending on where you got it).

Well, I am using tor to work around the problem, and I also have a VPS.
But if our national ISP gets blacklisted, and we are unable to access essential services, then something is very wrong with this country...
Instead of topping charts for service quality and bandwidth, we top spamming charts:
http://www.uceprotect.net/en/l3charts.php

Many foreign forum owners have blocked India, Pakistan, China, Philippines, Russia etc for spending spam. They often forget that these spammers are paid by their fellow citizens.

Yes, I can understand small communities blocking us, but imagine if gmail or facebook start blocking us...

 

[Deleted member 10390]

They won't. They know the market potential. They will find other ways of misusing their accounts.

 

[mgcarley]

Yes, they use third party RBLs, probably spamhaus too. But haven't specified which ones.

The block is probably legit and/or justified... as in, there's probably a reason that the IP blocks are on the blacklists. You mention that your Internet speed has been reduced - have you done any packet analysis to see if your machine is for any reason generating excess traffic? A responsible ISP can and would suspend your connection if they saw "bad" traffic saturating the upstream if it were that.Of course, it may also be such that BSNL has started blocking outgoing smtp (this is common practice, and for the sake of network safety, not a bad idea on BSNL's part) - so if you were previously connecting to GMX on port 25, now you'd no longer be able to do it that way, so they may have an alternative port for you to connect on and/or suggest you use SSL. I personally prefer the latter.

Well, I am using tor to work around the problem, and I also have a VPS.

Setup OpenVPN or something on it. It's easy enough to install via yum/apt.But more to the point, why not just use your VPS as a MTA instead of GMX? To secure it slightly you could set it to only accept smtp connections from BSNL and/or your specific IP block (probably the /22 should be sufficient, but you could go all the way up to whatever the denomination has been granted to BSNL for your particular range - BSNL has several).Mind you, this would only really work if you aren't like me and moving around a lot.

But if our national ISP gets blacklisted, and we are unable to access essential services, then something is very wrong with this country...

A German mail provider is probably not what one would consider as an "essential service", and for them the negative impact of blocking smtp connections from India is probably minimal - that is to say, the benefits outweighed the consequences. Assuming it's a GMX block and not BSNL.

Instead of topping charts for service quality and bandwidth, we top spamming charts: http://www.uceprotect.net/en/l3charts.php

Not to mention open SOCKS and HTTP proxies.Also, I doubt I'm exactly the bearer of bad news here but... service quality? From an Indian company? Really? Uh. Hmm. Forgive me for being quite a bit more cynical now than I was a few years ago 😉

Yes, I can understand small communities blocking us, but imagine if gmail or facebook start blocking us...

Both Google and Facebook have facilities actually *in* India, so blocking India would be... silly.

 

---

[mgcarley]

Many foreign forum owners have blocked India, Pakistan, China, Philippines, Russia etc for spending spam. They often forget that these spammers are paid by their fellow citizens.

By making spam prohibitively expensive, you can partially alleviate the problem.Also, your signature - terrible analogy - think about it 😀

 

[Deleted member 10390]

In India $ has touched Rs 60. Peanuts for those hire is a big amount in India and India is not known for rich people. I do not support people who spam, but blaming it on Indians or South Asians as a whole is a bit of irony.

 

[dukhi]

The block is probably legit and/or justified... as in, there's probably a reason that the IP blocks are on the blacklists. You mention that your Internet speed has been reduced - have you done any packet analysis to see if your machine is for any reason generating excess traffic? A responsible ISP can and would suspend your connection if they saw "bad" traffic saturating the upstream if it were that.

I don't generate any bad traffic. The low speeds started happening after the cable cut in march, and high latencies due to shitty routing by bsnl.

[Of course, it may also be such that BSNL has started blocking outgoing smtp (this is common practice, and for the sake of network safety, not a bad idea on BSNL's part) - so if you were previously connecting to GMX on port 25, now you'd no longer be able to do it that way, so they may have an alternative port for you to connect on and/or suggest you use SSL. I personally prefer the latter.

I am using TLS with port 587, and I know for a fact (confirmed through GMX themselves), that they are the ones blocking me, not bsnl.

But more to the point, why not just use your VPS as a MTA instead of GMX? To secure it slightly you could set it to only accept smtp connections from BSNL and/or your specific IP block (probably the /22 should be sufficient, but you could go all the way up to whatever the denomination has been granted to BSNL for your particular range - BSNL has several).

I am inclined to run my own mailserver, but then again blacklisting and spam control are what's keeping me from running it.

A German mail provider is probably not what one would consider as an "essential service", and for them the negative impact of blocking smtp connections from India is probably minimal - that is to say, the benefits outweighed the consequences.

Fair enough. But it just makes us Indians feel as third rate citizens of the world, and that's because of our incompetent ISPs. Why aren't they doing enough to stop misuse of their services? Why is it that providers such as Verizon, Comcast, etc aren't blacklisted despite having a considerably large user base.

Also, I doubt I'm exactly the bearer of bad news here but... service quality? From an Indian company? Really? Uh. Hmm. Forgive me for being quite a bit more cynical now than I was a few years ago 😉

Indeed 🙁

 

[jessijass]

Many of BSNL's dynamic IP's are listed as open delegations across the web and whenever I try to log into my admin page from that IP. I simply thrown out by the plugin saying that I am trying to login from a banned IP.I am not complaining about BSNL because being India's largest broadband provider many of its IP are bound to be blacklisted at open proxies. But at the same time I am not ready to disable the Bad Behavior plugin too as it has protect my site from atleast 3 hack attempts.

 

[mgcarley]

In India $ has touched Rs 60. Peanuts for those hire is a big amount in India and India is not known for rich people. I do not support people who spam, but blaming it on Indians or South Asians as a whole is a bit of irony.

Perhaps, but your average sysadmin isn't going to follow the money, he's going to see "oh, there's a bunch of spammy traffic coming from this place - ban it".

I don't generate any bad traffic. The low speeds started happening after the cable cut in march, and high latencies due to shitty routing by bsnl.

So, just another day on BSNL (if I'm to believe the sentiments of many users here).

I am using TLS with port 587, and I know for a fact (confirmed through GMX themselves), that they are the ones blocking me, not bsnl.

Just had to check.

I am inclined to run my own mailserver, but then again blacklisting and spam control are what's keeping me from running it.

Is your VPS on BSNL's network or is it located elsewhere? If you have a VPS on another network (whether in India or abroad), typically speaking if the hosting company sets all that up correctly, you shouldn't have to worry too much.

Fair enough. But it just makes us Indians feel as third rate citizens of the world

Hate to break it to you, but... there's a lot of xenophobia in the world. I get it in India, you guys get it in Europe, the US, you name it.

and that's because of our incompetent ISPs.

Is that really the only reason?

Why aren't they doing enough to stop misuse of their services?

Customer wrath? Blocking is considered unfair? People would just think they've hit their FUP? Some ISPs (like BSNL) don't have the resources? It's not the ISP's job to police the Internet (and if they did, people would be up in arms about it)? How many reasons do you want? 😀Were I to block a customer because his PC was generating a ton of bad traffic, we'd probably get a *very* angry call from said customer asking why his access was blocked (I've paid my bill, I'll do this, I'll do that, I'll burn your salesmen alive etc etc etc). Now, while I'm prepared to tell people to bugger off, fix their computer and then we'll reconnect them, the same can't always be said for other providers.

Why is it that providers such as Verizon, Comcast, etc aren't blacklisted despite having a considerably large user base.

Statistically speaking: their users PCs aren't infected with Malware. They also have many many more IPs to choose from (India only has something like 2-3% of worldwide IP addresses). US and European ISPs definitely do get blacklisted, I can assure you.

Many of BSNL's dynamic IP's are listed as open delegations across the web and whenever I try to log into my admin page from that IP. I simply thrown out by the plugin saying that I am trying to login from a banned IP.I am not complaining about BSNL because being India's largest broadband provider many of its IP are bound to be blacklisted at open proxies. But at the same time I am not ready to disable the Bad Behavior plugin too as it has protect my site from atleast 3 hack attempts.

3. Sounds alarmingly low to me (just sayin').

 

[Deleted member 10390]

Perhaps, but your average sysadmin isn't going to follow the money, he's going to see "oh, there's a bunch of spammy traffic coming from this place - ban it".

I agree that is the best thing to do as a forum owner. But before blaming everyone in South Asia they should first generate some culture in their fellow citizens who pays to make him block that IP range. They simply say all Indian are spammer, so I blocked India IP range. Do you think it is a good statement ?

 

[mgcarley]

I agree that is the best thing to do as a forum owner. But before blaming everyone in South Asia they should first generate some culture in their fellow citizens who pays to make him block that IP range. They simply say all Indian are spammer, so I blocked India IP range. Do you think it is a good statement ?

I think you're missing the point: blame is not necessarily involved here at all. All they're trying to do is stop the flow of bad traffic/spam/etc to their servers - which they have every right to do.Whether the original order to have that forum attacked came from within their own borders or from an enemy state does not matter to them, and they have every right to protect their assets.If I was to pay your neighbour (and you had no way of knowing who is behind it) to be really loud every single morning and to throw stones at your house, who are you going to be getting mad at? Me or him? From who are you going to be protecting yourself by, say, building a fence? Me or him?Or worse still: what if I paid your neighbour (again, you have no way of knowing this) to go inside your house and steal something, and you caught him in the act? Who are you going to never let in your house again? Me or him?I think in all of these cases, it's going to be him, since you don't even know I exist, let alone that I am trying to disturb you.

 

[Deleted member 10390]

I already agreed on that point. What that do not digest to me is see all South Asians as spammers. There are millions of net connection in all these countries put together. If you are banning the whole IP range, you are accusing all of them as bad traffic as you call it.

 

[mgcarley]

I already agreed on that point. What that do not digest to me is see all South Asians as spammers. There are millions of net connection in all these countries put together. If you are banning the whole IP range, you are accusing all of them as bad traffic as you call it.

It's not how *I* or how anyone else sees Asians that is the problem - they'll be going strictly by the numbers. It just so happens to be reasonably accurate that there is significant spam generated on machines located in Asia (who/how is not important), so it doesn't seem to occur to you that it just so happens that the region has earned this reputation.It's not so much an accusation as having been caught "red-handed", so in cases like this, the short story is that if the numbers say that a particular network is hitting your own network and hitting it hard, you gotta do what you gotta do to protect it. It would be irresponsible to think or do otherwise.I mean, not every person is a thief, but many people lock their doors and have bars on the windows to protect themselves from the few, right? Or are you gonna go around asking everyone to take away the things that impede your entry to their home because you don't like the implication that they are accusing you of being a criminal? Doubtful. Same basic premise applies.As you say, there surely are millions of connections in the region but if 99.9% of those connections don't use your service, all you care about are the 0.1% that do, and if out of that that 0.1% a significant fraction of *that* is bad traffic... what choice do you have? How do you tell which specific addresses are OK? How do you guarantee that address won't be allocated to a spammer tomorrow?Basically, the admins have no way of determining that a particular IP address is going to be associated with good or bad traffic for any length of time, and as banning single IP addresses would be both arduous and tedious, expensive (man hours, even if one were to script it) and ultimately, counter-productive because all the spammer needs to do is disconnect and reconnect and he'll probably have himself a brand-spanking new IP to continue his nefarious ways, again, what choice do you have?If one writes a script, one risks flagging legitimate traffic (including traffic from countries where "bad traffic" is less of a problem) being dropped which is kinda bad for business.So my mode of thinking remains that this particular service probably does not cater to a large audience in India and as such a blanket ban was the most effective yet least negative impact option, and unless it's a really badly run service (unlikely, being German), I'm quite sure this wouldn't have been a decision made (or actioned) by one of the junior techs.I also notice that you didn't really answer to my analogy - I put it to you that if it was one guy doing these bad things, you might even just be able to ignore his behaviour; but if it was the whole building, complex, block, suburb throwing stones at your windows every day, that would be harder to ignore. And you'd still be pissed at all the neighbours throwing stones - even *if* you knew they were being paid, you still don't know who is paying them.What I'm trying to say is that a blanket ban like this wouldn't be the result of an isolated incident - it would have to be a relatively serious problem for them to go ahead and implement a ban like this, as in, enough of the traffic originating on BSNL's network was bad that it dwarfed the good/legit traffic (hence, the impact would be minimal) and it would be highly unusual for them to not weigh up the pros and cons of doing so.For example, in my case, blocking China wasn't the easiest decision but my thinking was basically that unless I am seeking Chinese investment in my company, or if I'm buying stuff from China (yes, both options exist), but on the whole I don't need to worry about traffic originating in China, as it's highly unlikely (close enough to 100% chance) that anyone viewing and/or signing up for my service with a Chinese address would be legitimate. Sure, yeah, it is different use-case, but the principle is basically the same.So instead of repeating the same sentiment over and over again, despite me informing you *why* they probably did this; perhaps you could come up with a solution or alternative to a blanket IP ban.