Results 1 to 10 of 10
Thread: vps help
-
06-12-2008, 11:57 AM #1Disabled
- Join Date
- Mar 2008
- Posts
- 49
vps help
hi im new to vps and ive only had this one a few months. Everything is going good with m hosting. my problem is that today i noticed i had bounced emails in my in box. I then noticed my domain name is blacklisted. i am the only person who uses this domain. there isnt even a index page on the domain. Now it got blacklisted in the last day or two. how can i save this from happening to my other emails. why did this happen. I run spamassasin and never had any problems.
now my server says it sends no emails but i am getting bounced emails and blacklisting.
-
06-12-2008, 12:18 PM #2Aspiring Evangelist
- Join Date
- Feb 2004
- Posts
- 371
Make sure your server is not open to mail-relay.
-
06-12-2008, 01:14 PM #3Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 6,884
Search your mail server IP if it is listed in spam database. Check the mail logs and see if there is any unwanted mails routing. Block all suspicious IPs on server.
iHubNet Ltd - Premium Hosting Solutions 4 ALL
• Solid Support • Solid Equipment • Solid Network
Shared Hosting / Reseller Hosting / Managed Server
Matt A.
-
06-12-2008, 01:24 PM #4WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
█• Taskade - To-Do List & Tasks • All-in-One To-Do List & Mind Map App for Remote Teams
█• Simple and shareable to-do lists for web, mobile, and desktop
█• To-Do List Templates • 300+ shareable templates and productivity workflows
█• Get things done, faster and smarter! • I eat penguins for breakfast ...
-
06-12-2008, 01:43 PM #5Web Hosting Master
- Join Date
- Jun 2008
- Posts
- 1,471
You might also want to put up a SPF record so others can't spoof your domain in emails as easily.
-
06-12-2008, 01:53 PM #6Disabled
- Join Date
- Mar 2008
- Posts
- 49
okay i can see in whm that someone has sent out alot of email through the server. i just did a spf record too.
but i think its a deeper issue.
my shell quit working three days ago, now my ip is listed in some blacklist sites.
how do i make sure it is not open to relay, i am the only user of this server. and the domain name that it is coming from is actually my domain name i use only for emailing.
linux,WHM /CPanel
-
06-12-2008, 01:56 PM #7Web Hosting Master
- Join Date
- Jun 2008
- Posts
- 1,471
Try a open relay test like this one:
http://www.abuse.net/relay.html
or google for many others
-
06-12-2008, 02:05 PM #8Disabled
- Join Date
- Mar 2008
- Posts
- 49
<<< 220-server.ski.org ESMTP Exim 4.68 #1 Thu, 12 Jun 2008 14:02:30 -0400
<<< 220-We do not authorize the use of this system to transport unsolicited,
<<< 220 and/or bulk e-mail.
>>> HELO www.abuse.net
<<< 250 server.ski.org Hello www.abuse.net [208.31.42.77]
Relay test 1
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-Verification failed for <spamtest@abuse.net>
<<< 550-Called: 208.31.42.109
<<< 550-Sent: RCPT TO:<spamtest@abuse.net>
<<< 550-Response: 553 Not our message (5.7.1)
<<< 550 Sender verify failed
Relay test 2
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 501 <spamtest>: sender address must contain a domain
Relay test 3
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
<<< 550-this server. Perhaps you have not logged into the pop/imap server in the
<<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
<<< 550 client.
Relay test 4
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@ski.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
<<< 550-this server. Perhaps you have not logged into the pop/imap server in the
<<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
<<< 550 client.
Relay test 5
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[66.197.153.186]>
<<< 501 <spamtest@[66.197.153.186]>: domain literals not allowed
Relay test 6
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@kanafoski.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@ski.com>
<<< 250 Accepted
Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
so it says there open how do i stop it.
-
06-12-2008, 02:16 PM #9Disabled
- Join Date
- Mar 2008
- Posts
- 49
i suspended the account which is sending out the email, to stop any from going out. i noticed since i started this thread 9 emails have went out. so i disabled the cpanel account they are supposeable coming from
-
06-12-2008, 07:56 PM #10Disabled
- Join Date
- Mar 2008
- Posts
- 49
i ran chkrootkit
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... find: WARNING: Hard link count is wrong for /proc/sys/net: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.
not tested: can't exec
Checking `rexedcs'... not foundLast edited by shakybaky; 06-12-2008 at 08:06 PM.