New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Blacklisted, no MX server
Hi there,
I have been blacklisted twice (appeared on the blacklists at mxtoolbox) although I don't have a mail server running.
What I'm I doing wrong? My VPS is running on centos 6 with fail2ban active and configured correctly. I also have iptables allowing only the ports/services I need. What could be causing my IP to appear on those blacklists??
Comments
Maybe the IP was previously used to send spam.
What are you exactly doing with the VPS ??
Some cases which can happen:
You're hosting some websites which have Malware infected PHP Files which are sending Emails from your Server and it's getting blacklisted.
The IP's are blacklisted when you got that. I mean from the provider's end somehow.
This is the most probable reason.
Who's the blacklists? SPAMCANNIBAL for example or horrible. They will blacklist simply because you don't have an rDNS setup on your IP.
I'm on UCEPROTECTL1. rDNS? how do I set that up??
What datacenter?
If you haven't setup anything and it's on Blacklist, then We can assume that the provider gave you a blacklisted IP & at the time of sign up, you didn't check it. Now, the way to remove it is to contact with that particular Blacklisting Company. And Setting up rDNS might be helpful. It should be available in SolusVM / Virtualizor Panel.
Proper rDNS will get you out of it slowly, not that it matters. Don't worry about a UCEPROTECT listing, especially if you're not sending mail. More than anything, they're just trying to make a few bucks off of people.
@msana: maybe it's your provider's IP range which is blacklisted because of others customers who have spammed.
So even if your server is clean, your neighbors may be messy :-(
THE CRAP WAS DELIVERED TO YOUR SYSTEM! Whether you read it or not does not matter to the spammer!!!
"We prevent messages from being sent to you, so when you were supposed to receive a legitimate one you would never receive a notification that it was blocked and thus you would never suspect it's our fault, also our blacklists allow spammers to select their IP addresses to make sure they'll always reach your inbox. Love love love, we are the best blacklist, we blacklist better than the others. UCEPROTECT".
Now the question is, what scums are using this?
Do you have an MTA installed? Is port 25 open?
Even if you are just sending outgoing email if you don't configure a proper mail server name the MTA will call itself localhost and that's enough to get you on certain blacklists.
The other possibility is that you have an open relay. Spammers are exploiting that.
I had postfix installed by default. It's default configuration doesn't allow open relays afaik. Have tried that from my end. Also mxtoolbox checks for that too.
@Jar @Mahfuz_SS_EHL @Alt
I got a reply from my hoster: it's the missing rDNS entry which got me blacklisted. How I even ended up there without sending any email is a real puzzle!!
@cassa I don't really understand you
So this is solved. Thanks a lot for your help. summary:
Make sure you:
then you can be almost 50% sure you won't land on some blacklist xD
I'm of the opinion that this is their game. Seek out IP ranges, regardless of whether or not they send mail, list them for not conforming to their standards, and hope someone like you runs across it that never saw it before and ends up paying them for swift removal.
I have a huge problem with any RBL that charges people they list, especially for inaction rather than actually spamming. There are plenty of profitable reasons to run an RBL that do not involve blackmail, example being an attempt to improve quality of a paid mail service.