Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: I've been blacklisted.

  1. #1
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default I've been blacklisted.

    I'm not sure how this has happened and I'm more looking for answers as to how I can avoid it going forward. Any help would be appreciated.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Which RBL have you been listed on ? Have you contacted them and asked why you have been listed ?

  3. #3
    Join Date
    Aug 2007
    Posts
    100
    Rep Power
    8

    Default

    Quote Originally Posted by reckless2k2 View Post
    I'm not sure how this has happened and I'm more looking for answers as to how I can avoid it going forward. Any help would be appreciated.
    Do you mean your server's IP/network address are appearing in a Spam database ?

    Some of these blacklists are over the top and will blacklist entire ISPs because of a few black sheep. Where have you been blacklisted ? Usually there's a mechanism whereby you as the mail server admin of the blacklisted host have a way to at least see their "evidence" against you.

    Does this Zimbra server only handle mail for your organization's users or do you resell / host domains for other people as well ?

    In general, try implementing SPF records as this will make it harder for a spammer to pretend to be you.

    This is done via your domain's DNS zone, no zimbra modification is needed.

    SPF: Project Overview

  4. #4
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    I was just at 10 and in a matter of minutes it has gone to 13. I can't paste the image in but I'll put them down below:

    FIVETENSRC
    FIVETENTCPA
    FIVETENWEBFORM
    SORBS-BLOCK
    SORBS-DUHL
    SORBS-HTTP
    SORBS-MISC
    SORBS-SMTP
    SORBS-SOCKS
    SORBS-SOAM
    SORBS-WEB
    WORBS-ZOMBIE
    Spamhaus-ZEN

    My ISP informed me that they blocked my port 25 because of complaints. I have everything pointing to Google Apps and forward to Zimbra on home-based server as backup. I don't even send anything from the Zimbra server but I have recently noticed spam coming into my Google App box from my address. Bad news and caught too late since my ISP has shut me down.

    I'm just trying to figure out this happened. I don't even know who or how to contact. Any help would be appreciated.

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Your domain may have been spoofed or your Zimbra account has been hacked. Are you using complex passwords ? Check /var/log/zimbra.log and /opt/zimbra/log/audit.log for any erroneous activity.

  6. #6
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    I'm leaning on spoof but I could be wrong. How would I tell if I were spoofed?

  7. #7
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Admin logs

    Do you check your Admin logs daily? They tell you who has sent how many messages.

    Do you have a static public IP for your server or are you behind a NAT router? If you have a static public IP, Zimbra will add the entire subnet to the trusted IP's. For instance, my ISP uses a subnet mask of 255.255.255.0. Zimbra used the same and this opened up all of the IP's on that subnet. I went in and changed the trusted IP's appendix to /32 to allow only that IP.
    Last edited by Bill Brock; 01-28-2009 at 08:59 AM.

  8. #8
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    There is definitely some type of compromise but I don't think that someone hacked my accounts. I only had 2 (admin and my own). That's why I asked what's involved with spoofing. I have been running for a few years without issue. I just reinstalled on my server and nothing has been right since. It's ironic that suddenly now I'm showing up on a blacklist. Obviously, I missed something on the reinstall that caused this.

    So how does spoofing happen?

  9. #9
    Join Date
    Jan 2009
    Location
    Buffalo, NY
    Posts
    5
    Rep Power
    6

    Default

    At the risk of sounding obvious, you've ensured that you aren't acting as an open relay, yes?

  10. #10
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    I'm not sure how I make sure that I'm not acting as an open relay. I know everything seemed to be working for months and then not long after a reinstall I was blocked. It could have been a problem for months now and not known.

    How would I tell if I was spoofed?

    How would I tell if I was an open relay?

    Thanks.

Similar Threads

  1. Blacklisted server
    By kiran.maan in forum Administrators
    Replies: 1
    Last Post: 02-03-2012, 07:52 AM
  2. any tips to not be blacklisted by msn/hotmail..etc
    By Michael REMY in forum Administrators
    Replies: 3
    Last Post: 03-03-2011, 03:59 AM
  3. How to Whitelist a SORBS Blacklisted Server
    By the_griz in forum Administrators
    Replies: 4
    Last Post: 04-03-2010, 04:59 PM
  4. [SOLVED] Zimbra blacklisted
    By ask2me007 in forum Installation Help
    Replies: 8
    Last Post: 11-25-2009, 09:43 AM
  5. Blacklisted after testdriving Zimbra.
    By rasjani in forum Administrators
    Replies: 5
    Last Post: 10-11-2006, 03:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •