Results 1 to 7 of 7
  1. #1

    Keep Getting Listed at DSBL

    I have a server that keeps getting listed by DSBL. It is RHEL 3 running Plesk and Qmail. In the MAIL config SMTP relay is set to "Authorization is Required" and the SMTP box is checked. I have a couple other very similar server setups and they have never been listed, so I dont know why this one is. I suspect it may be a bug.

    As for the last listing (yesterday) here is the exerpt from the maillog showing the SMTP relay

    ===================
    Aug 26 13:36:48 slv3 qmail-queue[426]: scan: the message(drweb.tmp.0PW0bG) sent by nobody@cor.neva.ru to listme@listme.dsbl.org should be passed without checks, because contains uncheckable addresses
    Aug 26 13:36:48 slv3 qmail-queue-handlers[428]: to=listme@listme.dsbl.org
    Aug 26 13:36:48 slv3 qmail-queue-handlers[428]: recipient[3] = 'listme@listme.dsbl.org'
    Aug 26 13:36:48 slv3 qmail-queue-handlers[428]: handlers dir = '/var/qmail//handlers/before-queue/recipient/listme@listme.dsbl.org'
    Aug 26 13:36:48 slv3 qmail: 1188153408.989183 starting delivery 7244: msg 2327042 to remote listme@listme.dsbl.org
    Aug 26 13:36:48 slv3 qmail-remote-handlers[430]: to=listme@listme.dsbl.org
    ===================

    Any ideas why my server is relaying?

  2. #2
    If you need more information, let me know.

  3. #3
    Join Date
    Aug 2007
    Posts
    57
    Okay, so the qmail log is showing that qmail is delivering the mail. The question is, where is the mail coming from. This is most likely from your SMTP daemon, so you need to check the SMTP logs to see why the sender is being allowed.

    Try running an 'open relay test' on your server, e.g. from the abuse.net website. Do a web search for terms like "open relay" and "test", "check", "checker", etc. Only thing required should be the IP (or DNS name) of your server.

  4. #4
    Thanks for your reply. I have dome a lot of research on this over the last week. The excerpt I provided above is from the /usr/local/psa/var/log/maillog Is there another log that I need to check othe rthan this one? I was under the impression that the maillog was the smtp log.

    I went to the http://www.abuse.net/cgi-bin/relaytest and it says at the bottom "All tests performed, no relays accepted."

    Additionally, the testers at http://www.mob.net/~ted/tools/relaytester.php3 says NEGATIVE
    http://www.antispam-ufrj.pads.ufrj.br/test-relay.html says "All tests performed, no relays accepted by remote host."
    http://www.rbl.jp/svcheck.php says "All tests performed, no relays accepted."
    http://www.mob.net/%7Eted/tools/relaytester.php3 says NEGATIVE
    http://www.dnsgoodies.com/ says "Good News!
    All tests for an open relay on your mail server failed.
    Your mail server does not allow open relay."

    It really appears to me that my server is indeed NOT an open relay, so why on earth would DSBL say I am?

  5. #5
    Join Date
    Aug 2007
    Posts
    57
    It's been a while since I've dealt with servers running Plesk, but the maillog file may contain SMTP daemon traffic as well.

    As DSBL says, they do not generate the tests, they only receive them. E.g. if a legitimate user sent an e-mail to one of DSBL's test addresses, it would flag on DSBL.

    We can see that qmail IS delivering mail to DSBL, which is why DSBL is adding your server to their RBL. So this is clearly a problem on your system, not on DSBL's side.

    The question is where is that mail coming from. Is it from an SMTP connection, from a web script, or something else?

    I would start by doing a 'grep -iR nobody@cor.neva.ru /usr/local/psa/var/log/*'. See if there's any additional info you can glean from the logs, regarding this sender.

    If you're able to obtain a copy of the message sent to DSBL, either before it leaves your system, or from DSBL, then the headers would probably have more clues. As to how to obtain the copy of the message, that's for you to research. (If DSBL wont provide it, you could use tcpdump, but that'd be an extreme measure, and a complicated explanation on how to use it)

  6. #6
    I don't suppose you have one of those email a friend scripts running and someone is just coming along and filling in 'listme@listme.dsbl.org' as the recipient address?

    What *reason* is dsbl.org giving for the listing? If it is the fact of receiving a message addressed to 'listme@listme.dsbl.org'
    , then blacklist all outbound mail to dsbl.org.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com

  7. #7
    Join Date
    Aug 2007
    Posts
    57
    I'd have to disagree here... blacklisting listme@listme.dsbl.org doesn't necessarily solve the problem.

    _IF_ you specifically identify that it's something like a "Send this item to a friend" script, then I would suggest blocking *@*.dsbl.org within the script (after confirming that the mail being sent isn't actually filled with spam). Be wary of these scripts in general, if they allow the user to include comments, then a spammer could abuse it to "send an item" and include their spam text. They wont care that it includes other stuff, that just helps it get past filters.

    But blocking outbound mail to dsbl.org could be counter-productive, as you _are_ being made aware of undesired use of your mail server to send e-mail to third parties. Kind of like removing the battery from the smoke alarm, because something in your house keeps triggering it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •