Results 1 to 5 of 5
-
01-03-2014, 03:58 PM #1Newbie
- Join Date
- Jan 2014
- Posts
- 5
Is there a way to find out the source of a comprised mail server?
Hello!
For the past few months, we have been added & removed to email blacklists / spamlists. We had gone through the first few times and submitted manual removal requests, and everything was okay for a couple days / weeks, then we would randomly pop back up on spamlists (we use MXToolbox to scan).
We don't send any unsolicited email, and as of recently we haven't been using our emails at all because they often land in client's spam boxes, so it's very unreliable. We've just been using our gmail.
We have a dedicated server that has about 10 other sites (of ours) that we're sharing it with. They are not really active sites, possibly old WordPress installs or whatever. We only use the one main site, which is the one we're having email issues with.
I've contacted our host to inquire about what's going on, but they suggested we get something like SendGrid.com to send out our emails. That's all fine and well, however I believe there's a deeper problem considering that we're not sending any unsolicited emails and we're still being added to spamlists.
Is it possible that one of the sites that shares the dedi-server OR the main site in question has been compromised and is sending out mail on our behalf? And to follow on that, is there a way to track down where the source of this problem is originating so we could patch up the exploit?
I read the sticky, however I only know that our server is Linux and we have Direct Admin.Last edited by hermit13; 01-03-2014 at 04:03 PM.
-
01-03-2014, 05:05 PM #2Newbie
- Join Date
- Jan 2014
- Posts
- 6
Hi,
Yes, by scanning your server and going through the mail queue, you can find out the source. DirectAdmin usually have exim as the MTA.
exim -bpc -- will show you the total amount of emails stuck.
exim -bp -- will show you the emails stuck in your email queus.
-
01-03-2014, 05:06 PM #3Web Hosting Guru
- Join Date
- Mar 2012
- Posts
- 287
Sounds like a configuration issue. Either an issue with your reverse DNS, SPF or similar. Hopefully you're not hosting an open relay, You may be able to test for that here: http://www.mailradar.com/openrelay/ but I did not test this tool.
-
01-03-2014, 05:55 PM #4Newbie
- Join Date
- Jan 2014
- Posts
- 5
Thanks for the reply - unfortunately I don't think we have exim as the MTA. I don't see anything in DirectAdmin, and I tried running those commands through SSH (was this correct?), however the 'exim' command was not found. I looked around the net, but I'm just not familiar with this concept.
Originally Posted by Dave G
HTTPS Certificate Check: The Certificate is invalid
SPF Record: A Valid SPF Record was not found
DNS At Least Two Servers?: Less than Two Name Servers Found
SMTP Reverse DNS Mismatch: Warning - Reverse DNS does not match SMTP Banner
I'm going to look in to these right now, I don't know what they mean. I'll also forward this along to my host.Last edited by hermit13; 01-03-2014 at 06:01 PM.
-
01-04-2014, 02:29 AM #5Web Hosting Master
- Join Date
- Mar 2009
- Location
- Gods Own Country
- Posts
- 681
If it is directadmin, it should have exim as MTA. Something is wrong. What service do you have running at port 25?
Try running this to find out
netstat -plant | grep ":25"
Similar Threads
-
open source mail exchange mail
By skywin in forum Hosting Software and Control PanelsReplies: 2Last Post: 12-08-2011, 06:16 PM -
zimbra(open source mail server) Installation
By ODISHASERVER in forum Dedicated ServerReplies: 4Last Post: 03-18-2011, 06:32 AM -
Server comprised – steps for recovery.
By RelativeDesign-Jerret in forum Hosting Security and TechnologyReplies: 11Last Post: 04-14-2008, 02:53 AM -
How to find out if someone is relaying mail off of a server?
By embsupafly in forum Hosting Security and TechnologyReplies: 13Last Post: 05-22-2005, 11:06 AM -
Find reliable host for mail server...
By hookgr in forum Web HostingReplies: 11Last Post: 06-09-2004, 04:18 AM