Results 1 to 10 of 10

Thread: vps help

  1. #1

    vps help

    hi im new to vps and ive only had this one a few months. Everything is going good with m hosting. my problem is that today i noticed i had bounced emails in my in box. I then noticed my domain name is blacklisted. i am the only person who uses this domain. there isnt even a index page on the domain. Now it got blacklisted in the last day or two. how can i save this from happening to my other emails. why did this happen. I run spamassasin and never had any problems.
    now my server says it sends no emails but i am getting bounced emails and blacklisting.

  2. #2
    Join Date
    Feb 2004
    Posts
    371
    Make sure your server is not open to mail-relay.

  3. #3
    Join Date
    Aug 2007
    Posts
    6,884
    Search your mail server IP if it is listed in spam database. Check the mail logs and see if there is any unwanted mails routing. Block all suspicious IPs on server.
    iHubNet Ltd - Premium Hosting Solutions 4 ALL
    Solid Support Solid Equipment Solid Network
    Shared Hosting / Reseller Hosting / Managed Server
    Matt A.

  4. #4
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Quote Originally Posted by ctaborda View Post
    Make sure your server is not open to mail-relay.
    Quote Originally Posted by iHubNet-Matt View Post
    Search your mail server IP if it is listed in spam database. Check the mail logs and see if there is any unwanted mails routing. Block all suspicious IPs on server.
    Both are good points, but also be sure to test with new ip address, try to get new ip assigned and see if it's still problem.

    Cheers
    █• Taskade - To-Do List & Tasks All-in-One To-Do List & Mind Map App for Remote Teams
    █• Simple and shareable to-do lists for web, mobile, and desktop
    █• To-Do List Templates 300+ shareable templates and productivity workflows
    █• Get things done, faster and smarter! I eat penguins for breakfast ...

  5. #5
    Join Date
    Jun 2008
    Posts
    1,471
    You might also want to put up a SPF record so others can't spoof your domain in emails as easily.

  6. #6
    okay i can see in whm that someone has sent out alot of email through the server. i just did a spf record too.
    but i think its a deeper issue.
    my shell quit working three days ago, now my ip is listed in some blacklist sites.

    how do i make sure it is not open to relay, i am the only user of this server. and the domain name that it is coming from is actually my domain name i use only for emailing.

    linux,WHM /CPanel

  7. #7
    Join Date
    Jun 2008
    Posts
    1,471
    Try a open relay test like this one:
    http://www.abuse.net/relay.html

    or google for many others

  8. #8
    <<< 220-server.ski.org ESMTP Exim 4.68 #1 Thu, 12 Jun 2008 14:02:30 -0400
    <<< 220-We do not authorize the use of this system to transport unsolicited,
    <<< 220 and/or bulk e-mail.
    >>> HELO www.abuse.net
    <<< 250 server.ski.org Hello www.abuse.net [208.31.42.77]
    Relay test 1
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@abuse.net>
    <<< 250 OK
    >>> RCPT TO:<securitytest@abuse.net>
    <<< 550-Verification failed for <spamtest@abuse.net>
    <<< 550-Called: 208.31.42.109
    <<< 550-Sent: RCPT TO:<spamtest@abuse.net>
    <<< 550-Response: 553 Not our message (5.7.1)
    <<< 550 Sender verify failed
    Relay test 2
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest>
    <<< 501 <spamtest>: sender address must contain a domain
    Relay test 3
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<>
    <<< 250 OK
    >>> RCPT TO:<securitytest@abuse.net>
    <<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
    <<< 550-this server. Perhaps you have not logged into the pop/imap server in the
    <<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
    <<< 550 client.
    Relay test 4
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@ski.com>
    <<< 250 OK
    >>> RCPT TO:<securitytest@abuse.net>
    <<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
    <<< 550-this server. Perhaps you have not logged into the pop/imap server in the
    <<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
    <<< 550 client.
    Relay test 5
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@[66.197.153.186]>
    <<< 501 <spamtest@[66.197.153.186]>: domain literals not allowed
    Relay test 6
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@kanafoski.com>
    <<< 250 OK
    >>> RCPT TO:<securitytest%abuse.net@ski.com>
    <<< 250 Accepted
    Relay test result
    Hmmn, at first glance, host appeared to accept a message for relay.


    so it says there open how do i stop it.

  9. #9
    i suspended the account which is sending out the email, to stop any from going out. i noticed since i started this thread 9 emails have went out. so i disabled the cpanel account they are supposeable coming from

  10. #10
    i ran chkrootkit

    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'... find: WARNING: Hard link count is wrong for /proc/sys/net: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.
    not tested: can't exec
    Checking `rexedcs'... not found
    Last edited by shakybaky; 06-12-2008 at 08:06 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •