My IP, is on the spam block list.... :(

Hello guys,
I had setup up my own server, which are running apache ,mysql, php,
qmail, vpopmail,qmail-toaster,etc. It act as a web and mail server.

It ran well for 2 days. However, somebody cannot recevie the email
from my server, and then I found out my IP is already o the spam
database (I tested with http://www.dnsstuff.com/).

And then I try to path the smtp-Auth thing, and request to remove my
IP on the DB, it works fine again, but it is on the list again and
again :(

I scan my whole system with clamAV, it is virus free (I hope so.....)
and checked the qmail log (which are under /var/log/qmail and the
isoqlog in the qmail toaster) it looks fine for me.
checked on http://www.ordb.org/submit/ , and it said that my machine is
not open relay......

I have no idea what's going on on my machine....would you guys share
experience, or give me a direction please.

OS: CentOS 4.3
2 email account.

thanks heap,
Mr. Sleepy

somebody_hon@yahoo.com.hk wrote:

> It ran well for 2 days. However, somebody cannot recevie the email
> from my server, and then I found out my IP is already o the spam
> database (I tested with http://www.dnsstuff.com/).

WHICH list on WHICH database? Are you on an "Open Relay" list, or just
a "Dynamic IP" list? If the first, fix the open relay. If the latter,
there's nothing you can do to get off that list, short of getting a
static IP from your internet provider.

That's not to say you can't send email. But to do it, you will have to
use a workaround: Edit your /var/qmail/control/smtproutes file so that
all outgoing mail is relayed through your ISP's SMTP server. If your
ISP uses POP-before-SMTP or some other authentication scheme, you will
have to patch qmail to do this.

Running a mail server on a residential dynamic IP is fundamentally
unreliable, but can be done. Just be aware of the potential issues.

Jack

Hi, JR
Thanks for your attention, my server having a fix IP and using my
own SMTP , and Usually listed on http://cbl.abuseat.org/
(ns1-cbl.abuseat.org), I am not quite sure it is "open-rely" or not.
but I did some setting on the tcp.smtp, and the smtp authentication is
working fine (fine for me at least). And I tested with
http://www.ordb.org/submit/ and RelayTest Pro
(http://www.digiarch.org/relaytest.html), and the server looks not
"Open-relay", and I scanned the server, it is virus free. I am planning
to rebuild the server, hopfully, this would be stop this happen.

if that still not working, I am planning to replace the router with
another linux machine, Log every outgoing tranfic, hope this can help
me find out, what is going on on my LAN.

By this, would you mind to give me some suggestion to setup the Log
thing? or the way to find out what is happening in my network.

Thanks heap,
Mr. Sleepy

JR wrote:
> somebody_hon@yahoo.com.hk wrote:
>
> > It ran well for 2 days. However, somebody cannot recevie the email
> > from my server, and then I found out my IP is already o the spam
> > database (I tested with http://www.dnsstuff.com/).
>
> WHICH list on WHICH database? Are you on an "Open Relay" list, or just
> a "Dynamic IP" list? If the first, fix the open relay. If the latter,
> there's nothing you can do to get off that list, short of getting a
> static IP from your internet provider.
>
> That's not to say you can't send email. But to do it, you will have to
> use a workaround: Edit your /var/qmail/control/smtproutes file so that
> all outgoing mail is relayed through your ISP's SMTP server. If your
> ISP uses POP-before-SMTP or some other authentication scheme, you will
> have to patch qmail to do this.
>
> Running a mail server on a residential dynamic IP is fundamentally
> unreliable, but can be done. Just be aware of the potential issues.
>
> Jack

somebody_hon@yahoo.com.hk wrote:

> I scan my whole system with clamAV, it is virus free (I hope so.....)

Those virus checkers are best used for scanning attachments for microsoft
viruses and I do strongly advice against using those on the linux system as
they tend to give false positives.

I would recommend you to install chkrootkit and rkhunter and run those, I do
suggest you get official RPMs of them and not compile it yourself, just in
case you would have got root kitted.

Using logwatch is a good thing to do too, as this will give you a review what
has happen during the previous day, of course it won't detect services that a
root kit may have installed, as they tend to not generate logs, but you would
notice if your mail server is working as an open relay.


//Aho

no rootkit was found in my server :(

and I am going to use the logwatch thing....hope I can get sometihing
on there...

Thanks all you guys

Mr. Sleepy

J.O. Aho wrote:
> somebody_hon@yahoo.com.hk wrote:
>
> > I scan my whole system with clamAV, it is virus free (I hope so.....)
>
> Those virus checkers are best used for scanning attachments for microsoft
> viruses and I do strongly advice against using those on the linux system as
> they tend to give false positives.
>
> I would recommend you to install chkrootkit and rkhunter and run those, I do
> suggest you get official RPMs of them and not compile it yourself, just in
> case you would have got root kitted.
>
> Using logwatch is a good thing to do too, as this will give you a review what
> has happen during the previous day, of course it won't detect services that a
> root kit may have installed, as they tend to not generate logs, but you would
> notice if your mail server is working as an open relay.
>
>
> //Aho