hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : vps help
Reply

Forum Jump

vps help

Reply Post New Thread In VPS Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 06-12-2008, 11:57 AM
shakybaky shakybaky is offline
Disabled
 
Join Date: Mar 2008
Posts: 48

vps help


hi im new to vps and ive only had this one a few months. Everything is going good with m hosting. my problem is that today i noticed i had bounced emails in my in box. I then noticed my domain name is blacklisted. i am the only person who uses this domain. there isnt even a index page on the domain. Now it got blacklisted in the last day or two. how can i save this from happening to my other emails. why did this happen. I run spamassasin and never had any problems.
now my server says it sends no emails but i am getting bounced emails and blacklisting.



Sponsored Links
  #2  
Old 06-12-2008, 12:18 PM
ctaborda ctaborda is offline
Premium Member
 
Join Date: Feb 2004
Posts: 371
Make sure your server is not open to mail-relay.

  #3  
Old 06-12-2008, 01:14 PM
iHubNet-Matt iHubNet-Matt is offline
Web Hosting Master
 
Join Date: Aug 2007
Posts: 6,883
Search your mail server IP if it is listed in spam database. Check the mail logs and see if there is any unwanted mails routing. Block all suspicious IPs on server.

__________________
iHubNet Ltd - Premium Hosting Solutions 4 ALL
Solid Support Solid Equipment Solid Network
Shared Hosting / Reseller Hosting / Managed Server
Matt A.

Sponsored Links
  #4  
Old 06-12-2008, 01:24 PM
Cirtex Cirtex is offline
WebHostingTalk Lover
 
Join Date: Mar 2003
Location: New York City
Posts: 7,392
Quote:
Originally Posted by ctaborda View Post
Make sure your server is not open to mail-relay.
Quote:
Originally Posted by iHubNet-Matt View Post
Search your mail server IP if it is listed in spam database. Check the mail logs and see if there is any unwanted mails routing. Block all suspicious IPs on server.
Both are good points, but also be sure to test with new ip address, try to get new ip assigned and see if it's still problem.

Cheers

__________________
CirtexHosting Providing Affordable and Quality Web Hosting & Reseller Hosting since 2003
LINUX based cPANEL/WHM Shared and Reseller Web Hosting with Fantastico
HostV VPS Premium Virtual Private Servers & Dedicated Servers powered by cPanel/WHM
We transfer your sites over quickly! I eat penguins for breakfast ...

  #5  
Old 06-12-2008, 01:43 PM
The Universes The Universes is offline
Web Hosting Master
 
Join Date: Jun 2008
Posts: 1,471
You might also want to put up a SPF record so others can't spoof your domain in emails as easily.

  #6  
Old 06-12-2008, 01:53 PM
shakybaky shakybaky is offline
Disabled
 
Join Date: Mar 2008
Posts: 48
okay i can see in whm that someone has sent out alot of email through the server. i just did a spf record too.
but i think its a deeper issue.
my shell quit working three days ago, now my ip is listed in some blacklist sites.

how do i make sure it is not open to relay, i am the only user of this server. and the domain name that it is coming from is actually my domain name i use only for emailing.

linux,WHM /CPanel

  #7  
Old 06-12-2008, 01:56 PM
The Universes The Universes is offline
Web Hosting Master
 
Join Date: Jun 2008
Posts: 1,471
Try a open relay test like this one:
http://www.abuse.net/relay.html

or google for many others

  #8  
Old 06-12-2008, 02:05 PM
shakybaky shakybaky is offline
Disabled
 
Join Date: Mar 2008
Posts: 48
<<< 220-server.ski.org ESMTP Exim 4.68 #1 Thu, 12 Jun 2008 14:02:30 -0400
<<< 220-We do not authorize the use of this system to transport unsolicited,
<<< 220 and/or bulk e-mail.
>>> HELO www.abuse.net
<<< 250 server.ski.org Hello www.abuse.net [208.31.42.77]
Relay test 1
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-Verification failed for <spamtest@abuse.net>
<<< 550-Called: 208.31.42.109
<<< 550-Sent: RCPT TO:<spamtest@abuse.net>
<<< 550-Response: 553 Not our message (5.7.1)
<<< 550 Sender verify failed
Relay test 2
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 501 <spamtest>: sender address must contain a domain
Relay test 3
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
<<< 550-this server. Perhaps you have not logged into the pop/imap server in the
<<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
<<< 550 client.
Relay test 4
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@ski.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550-www.abuse.net [208.31.42.77] is currently not permitted to relay through
<<< 550-this server. Perhaps you have not logged into the pop/imap server in the
<<< 550-last 30 minutes or do not have SMTP Authentication turned on in your email
<<< 550 client.
Relay test 5
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[66.197.153.186]>
<<< 501 <spamtest@[66.197.153.186]>: domain literals not allowed
Relay test 6
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@kanafoski.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@ski.com>
<<< 250 Accepted
Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.


so it says there open how do i stop it.

  #9  
Old 06-12-2008, 02:16 PM
shakybaky shakybaky is offline
Disabled
 
Join Date: Mar 2008
Posts: 48
i suspended the account which is sending out the email, to stop any from going out. i noticed since i started this thread 9 emails have went out. so i disabled the cpanel account they are supposeable coming from

  #10  
Old 06-12-2008, 07:56 PM
shakybaky shakybaky is offline
Disabled
 
Join Date: Mar 2008
Posts: 48
i ran chkrootkit

Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... find: WARNING: Hard link count is wrong for /proc/sys/net: this may be a bug in your filesystem driver. Automatically turning on find's -noleaf option. Earlier results may have failed to include directories that should have been searched.
not tested: can't exec
Checking `rexedcs'... not found


Last edited by shakybaky; 06-12-2008 at 08:06 PM.
Reply

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?