Results 1 to 6 of 6

Thread: CBL Blocking

  1. #1
    Join Date
    Dec 2008
    Location
    North Bay, CA
    Posts
    31
    Rep Power
    7

    Default CBL Blocking

    I have a server running 5.0.13 NE on Ubuntu 8.04 and its been running for a few months with no problems. All of a sudden I keep getting messages that its been listed in the CBL.

    Following a few of the posts on here, I have run a rootkit check and everything was fine. Since I'm running on amazon's EC2, I checked my relay and made it very restrictive
    Mta trusted network: "127.0.0.0/8 10.254.199.144/32"

    My external IP address has not changed...I'm not sure why we are getting on the CBL. Does anyone have any troubleshooting steps? What info should I be looking at and where would i find it?

    Any help is greatly appreciated.
    Last edited by lsu_guy; 03-13-2009 at 03:57 PM.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Have you asked CBL why your IP has been blacklisted ?

  3. #3
    Join Date
    Dec 2008
    Location
    North Bay, CA
    Posts
    31
    Rep Power
    7

    Default

    Hi uxbod: I would love to talk to someone at CBL. I have emailed them but I havent gotten through to them yet.

    Here are some things I tried:
    I tried to delist my ip a couple of times and it always ends up there.

    I looked through the zimbra log and I couldnt find anything there

    I ran the rootkit software through "chkrootkit" and couldn't detect anything through that (except for the false positive on bindshell port 465. However this has mentioned various times on google). Checking the pid using that port, I ran ps to see who that pid belonged to and it turned out to be one of the zimbra pids


    I'm really stuck. I know this may not be zimbra specific, but I figured that since all the zimbra admins collaborate here they may have some info to get me unstuck.

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Have you tried running a Open Relay test ?

  5. #5
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    It doesnt need to be your zimbra box that is getting you on the CBL either - you might have other machines that use the same internet connection, and thus can spam out of the same ip address. Its not a server that gets onto the CBL, its an IP address.

    You will definately want to restrict outgoing tcp port 25 to only your zimbra box, and monitor everything on the router.

  6. #6
    Join Date
    Dec 2008
    Location
    North Bay, CA
    Posts
    31
    Rep Power
    7

    Default

    uxboxd: I ran the open relay test and everything passed. I forgot to mention that in my first post.

    captainmish: I understand that it could be other machines using the same internet connection. I own this IP on amazon, so no-one else uses that public IP except for us. As per the above first post, I have also restricted my mta trusted network to be "10.254.199.144/32" where 10.254.199.144 is the internal network IP address of the mailserver

    Update from CBL: Someone from there finally did get back to me. It seems like the problem may have been due to identification. This is what CBL wrote

    "Note: xxx.xx.xxx.xxx appeared to be suspicious because it was using the following name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:

    hostname.myisp.com"

    This machine has 2 names that point to it. hostname.myisp.com and mail.mydomain.com. It seems that after months of operation, CBL doesnt like the machine identifying itself with hostname.myisp.com. I'm going to change that and see how it works out. I will keep you guys updated.

Similar Threads

  1. [SOLVED] Attachment blocking within .zip files?
    By bsneddon in forum Administrators
    Replies: 6
    Last Post: 02-15-2010, 10:58 PM
  2. [SOLVED] blocking by subject or by IP
    By chrisp8756 in forum Administrators
    Replies: 5
    Last Post: 05-13-2009, 02:58 PM
  3. [SOLVED] Blocking domains
    By chrisp8756 in forum Administrators
    Replies: 7
    Last Post: 07-25-2008, 02:47 PM
  4. ISP blocking ports
    By ScottChapman in forum Installation
    Replies: 1
    Last Post: 05-09-2008, 02:50 AM
  5. Replies: 2
    Last Post: 10-26-2006, 11:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •