Results 1 to 5 of 5
  1. #1

    Is there a way to find out the source of a comprised mail server?

    Hello!


    For the past few months, we have been added & removed to email blacklists / spamlists. We had gone through the first few times and submitted manual removal requests, and everything was okay for a couple days / weeks, then we would randomly pop back up on spamlists (we use MXToolbox to scan).

    We don't send any unsolicited email, and as of recently we haven't been using our emails at all because they often land in client's spam boxes, so it's very unreliable. We've just been using our gmail.

    We have a dedicated server that has about 10 other sites (of ours) that we're sharing it with. They are not really active sites, possibly old WordPress installs or whatever. We only use the one main site, which is the one we're having email issues with.

    I've contacted our host to inquire about what's going on, but they suggested we get something like SendGrid.com to send out our emails. That's all fine and well, however I believe there's a deeper problem considering that we're not sending any unsolicited emails and we're still being added to spamlists.

    Is it possible that one of the sites that shares the dedi-server OR the main site in question has been compromised and is sending out mail on our behalf? And to follow on that, is there a way to track down where the source of this problem is originating so we could patch up the exploit?

    I read the sticky, however I only know that our server is Linux and we have Direct Admin.
    Last edited by hermit13; 01-03-2014 at 04:03 PM.

  2. #2
    Hi,

    Yes, by scanning your server and going through the mail queue, you can find out the source. DirectAdmin usually have exim as the MTA.

    exim -bpc -- will show you the total amount of emails stuck.
    exim -bp -- will show you the emails stuck in your email queus.

  3. #3
    Sounds like a configuration issue. Either an issue with your reverse DNS, SPF or similar. Hopefully you're not hosting an open relay, You may be able to test for that here: http://www.mailradar.com/openrelay/ but I did not test this tool.

  4. #4
    Quote Originally Posted by Lilly88 View Post
    Hi,

    Yes, by scanning your server and going through the mail queue, you can find out the source. DirectAdmin usually have exim as the MTA.

    exim -bpc -- will show you the total amount of emails stuck.
    exim -bp -- will show you the emails stuck in your email queus.
    Thanks for the reply - unfortunately I don't think we have exim as the MTA. I don't see anything in DirectAdmin, and I tried running those commands through SSH (was this correct?), however the 'exim' command was not found. I looked around the net, but I'm just not familiar with this concept.

    Quote Originally Posted by Dave G
    Sounds like a configuration issue. Either an issue with your reverse DNS, SPF or similar. Hopefully you're not hosting an open relay, You may be able to test for that here: http://www.mailradar.com/openrelay/ but I did not test this tool.
    Thanks for the link - I also tried another open relay check and I don't think we have an open relay. Here are some other problems / errors that popped up when scanning my "domain health":

    HTTPS Certificate Check: The Certificate is invalid
    SPF Record: A Valid SPF Record was not found
    DNS At Least Two Servers?: Less than Two Name Servers Found
    SMTP Reverse DNS Mismatch: Warning - Reverse DNS does not match SMTP Banner

    I'm going to look in to these right now, I don't know what they mean. I'll also forward this along to my host.
    Last edited by hermit13; 01-03-2014 at 06:01 PM.

  5. #5
    Join Date
    Mar 2009
    Location
    Gods Own Country
    Posts
    681
    If it is directadmin, it should have exim as MTA. Something is wrong. What service do you have running at port 25?

    Try running this to find out

    netstat -plant | grep ":25"

Similar Threads

  1. open source mail exchange mail
    By skywin in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 12-08-2011, 06:16 PM
  2. zimbra(open source mail server) Installation
    By ODISHASERVER in forum Dedicated Server
    Replies: 4
    Last Post: 03-18-2011, 06:32 AM
  3. Server comprised – steps for recovery.
    By RelativeDesign-Jerret in forum Hosting Security and Technology
    Replies: 11
    Last Post: 04-14-2008, 02:53 AM
  4. How to find out if someone is relaying mail off of a server?
    By embsupafly in forum Hosting Security and Technology
    Replies: 13
    Last Post: 05-22-2005, 11:06 AM
  5. Find reliable host for mail server...
    By hookgr in forum Web Hosting
    Replies: 11
    Last Post: 06-09-2004, 04:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •