Re: CBL Blacklist

Begin <1180631729.671492.228340@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
On 2007-05-31, Dwan Hailoo <dwanhailoo@xxxxxxxxx> wrote:
I've recently created my own SMTP server and POP3 server.

Probably the simplest way to avoid a lot of problems is to configure
that SMTP server to hand off all mail to your ISP's outgoing
mailservers. Provided, of course, that your ISP knows what it is doing.


[snip!]
I'm not using a NAT, which CBL says is the most common cause of
blacklistings. I'm running Linux 2.6 on 3 computers. The computers
are connected via a LAN. The computer running the email server has a
static IP from a local internet provider. Again, there is no router
or NAT, simply a switch connecting the three computers.

You haven't understood that FAQ entry. Consider that NAT in itself
is not a cause to get listed. What NAT can do is make the public IPA
assigned to some box that is known to be virus and malware free show up
as the originator of spamfloods sent by other machines making use of its
NAT services. Appearing to originate spamfloods can get that IPA listed
in the CBL.


Essentially, it seems as though CBL thinks my home-made email server
is some kind of spam-bot, even though I rarely ever send out emails.
What are some solutions to this problem?

You've oversimplified the problem. You're back to where you started and
you still have to figure out just why you're listed in the CBL. If there
is a problem that might cause your machine to send spam that needs to be
fixed, of course.

Make sure your box really is not a spambot. Inspect your logs for
starters. You might have accidentally configured it as an open relay,
or someone else rooted your box and did it, or installed spam sending
malware, or whatever. If that machine also runs a webserver with PHP
or another scripting language (some forum application, perhaps?), that
might be exploited as well. You need to check for all possibilities.


It would be helpful to post the exact response you get from looking
up your IPA in the CBL, minus the actual address of course.


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
.

Relevant Pages

  • Re: Open Relay issues
    ... both have the Allow all computers which ... ... list below selected with only the NAT ip class c networks that are ... When I test for open relay it states ... better use a smtp server in a dmz ...
    (microsoft.public.exchange2000.admin)
  • Re: router and firewall
    ... > the IP address of the router itself. ... The IP addresses of any computers behind the router, ... > the uninitiated, this makes a router with NAT seem like a firewall, but it ...
    (microsoft.public.windowsxp.general)
  • Re: Learning tricks with Gmail
    ... Now for you who have not a guess what SMTP server means, ... The field my PHd. is in is Electrical Engineering and my company did things that needed computers. ... Now, to Karl, if I want to read a blog, I find it and add it to my feed reader... ... I really don't care if that you sold a company for 2 millions or to whom you sold it to or that you're a PHd... ...
    (Ubuntu)
  • Re: Port forwarding for AoC?
    ... Thanks for the response. ... didn't even know what NAT was or what I was talking about. ... I hate being newbie at computers;) ... >> my modem with MSN Boradband. ...
    (microsoft.public.games)
  • RE: Advice sought on machine web-server safe
    ... >> since I have a number of other computers ... > To see if you have NAT, ... Chain POSTROUTING ... Isn't that slightly against the Linux philosophy? ...
    (Fedora)
Loading