Web Hosting Forum | Lunarpages

Author Topic: ipsec IP Blocking  (Read 3826 times)

Offline Comet Software

  • Spacescooter Operator
  • *****
  • Posts: 40
ipsec IP Blocking
« on: January 06, 2016, 04:01:15 PM »
For the first 4-5 days of 2016 I did not receive emails to accounts with my domain, and, the email senders did not receive any notification that the emails did not go through.  So, I submitted a Help Ticket and was told that "the issue you were experiencing was related to an ipsec IP Blocking that was in place blocking the IP Address of our smarthost".  I have a few questions:

- what is that?
- who did/would do that?
- why would they do that?
- should I and/or Lunarpages have been notified as to when and why this was done?

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6204
Re: ipsec IP Blocking
« Reply #1 on: January 06, 2016, 06:24:53 PM »
LP (and many other hosts) automatically block IP addresses that appear to be trying to access a server at an "excessive" frequency. This is done to stop Denial of Service attacks. It's quite common for someone to perform too many FTP connections, or load a page to many times too quickly, and trip this security check. You have to open a ticket to get the offending IP address cleared from the block list. This is the first time I've heard of a mail server doing this, but I suppose it's possible. Is this an external (non-LP) mail server that's connecting directly to your site, or something like that? If so, you may want to tweak its settings to not try to connect quite so frequently.
Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-

Offline Comet Software

  • Spacescooter Operator
  • *****
  • Posts: 40
Re: ipsec IP Blocking
« Reply #2 on: January 06, 2016, 06:46:33 PM »
I have several Plesk Scheduler Tasks that run every night, which have been in place for several years now, but, I have not changed any of the task parameters for months.  The only thing I have seen different was that I started receiving "Message Delivery Delay" emails in relationship to those tasks.  Those emails started in November 2015 and increased in frequency in December.  Typically those tasks would generate a maximum total of 25 emails per night, with the vast majority sent to an account in my domain to "report" the results of those tasks.

So, I am trying to find out what "ipsec IP Blocking" really means, and, in this specific case, who did it to my domain.  If Lunarpages did it, why?  What changed suddenly on January 1, 2016 to cause this to happen?  If Lunarpages did this, why was I not notified as to why this was happening?  Is the generation of at most 25 emails per 24 hours an excessive amount that warrants shutting down my email?

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6204
Re: ipsec IP Blocking
« Reply #3 on: January 07, 2016, 05:49:07 AM »
So, are these server accesses coming from outside Lunarpages, or from within your site? Or are they just an increase in email volume? Server connections, when appearing to be in excess, can automatically cause an IP block, but I don't think an excessive number of emails being sent from your account will do that (they get your email shut down), unless LP changed something to add an IP block instead. You might just check if your site is generating a total of more than 300-400 emails per hour (that was the limit last time I inquired about it) and if it is, do something to throttle it back. If you learn that LP has added additional limits (per day or per minute), could you please inform the rest of us?

This is getting outside the area of my experience (I'm not in support), so you'll probably need to open a support ticket to work out this problem. If you if find something new that I haven't mentioned, please update this thread.
Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-

Offline Comet Software

  • Spacescooter Operator
  • *****
  • Posts: 40
Re: ipsec IP Blocking
« Reply #4 on: January 07, 2016, 09:39:48 AM »
You said "So, are these server accesses coming from outside Lunarpages, or from within your site?"

That seems to be part of the problem here.  I am trying to find out what "ipsec IP Blocking" is, who is capable and/or has the authority to do it, why it was done in this particular case, and, why was I not notified when and why it was being done.

When I submitted my Help Ticket, Lunarpages support responded within 24 hours with the diagnosis and stated "This ipsec blocking rule was removed and you should now be able to send/receive new messages through your email accounts without any issues".  They did not state if this "blocking rule" is placed in Lunarpages equipment or the equipment of some other company.  They did not say if Lunarpages made the change or they got somebody else to make the change.  They also did not say what circumstances caused the "blocking rule" to be put in place or who did it.

So, this is why I am posting here, to see if somebody in the community knows what "ipsec IP Blocking" is, what it involves, and, if anybody has had any problems with this with Lunarpages.

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6204
Re: ipsec IP Blocking
« Reply #5 on: January 07, 2016, 05:03:58 PM »
If LP was able to quickly remove the block, it means that LP put it there in the first place. That means that someone was accessing your LP server at such high frequency that it appeared to be a Denial of Service attack, and so was blocked. So my question was... was this someone outside of LP (including you at your computer, accessing your site; or an external mail system), or was it a mail server or something else within LP? I've never heard of LP mail servers tripping the IP block, but I suppose there's a first time for everything.
Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-

Offline Comet Software

  • Spacescooter Operator
  • *****
  • Posts: 40
Re: ipsec IP Blocking
« Reply #6 on: January 07, 2016, 05:38:24 PM »
Well, it wasn't anything that I did different, cus I didn't do anything different.  Maybe those "Message Delivery Delay" messages were something different for Lunarpages over the past month and a half, but, that would seem to be a problem with their equipment.

Lunarpages' latest response is:

"We believe that this blocking was placed by our system due to a misconfiguration. We have now ensured that our smarthost ip wont be blocked again by the same server due to multiple connections and you wont be experiencing the same issue again in the future."

OK, I do not have any experience as a web host, but, shouldn't a web host/domain/server have the ability to handle multiple connections without deciding that the domain/server should be (automatically) blocked?  What is involved in the descision-making process where a technician is confronted with the question "should your own smarthost IP be blocked if your own servers are generating multiple connections?" and then decides "yeah, let's completely stop our client's email without any type of notification because of something we don't want to investigate right now, although we risk getting sued for violation of user agreement and loss of business".  I would consider my domain to be a very low-usage client, but, I used Plesk (provided by Lunarpages) to schedule two tasks to run at the same time.  If that is something that Lunarpages servers can't or don't want to handle, why does Lunarpages allow Plesk to schedule such a "problem"?

The overriding theme with the vast vast majority of my support issues with Lunarpages seems to be very simple:  I have done nothing different to my domain for months, all of the sudden something stops working, I receive no notification of a functionality being changed or stopped, I contact support with an outline of the problem, support is immediately able to identify and correct the problem (sometimes after questioning/accusing me of having made a change), the "cause" seems to be something that Lunarpages changed without notification, and, Lunarpages does not provide any explanation as to why they made the change, why they did not notify me of the change, or, any type of plan of how to avoid these types of problems in the future.  They always seem to end their communications with "Thank you for your patience and understanding while dealing with this issue", but, I don't recall them EVER apologizing for a mistake that they made.

Is this the way that most web hosts treat their clients?

 

Share |