Thanks for the input. So you are saying that even if my server is used to send out spam mails, CBL wouldn't have blocked me? Instead I would be blocked by a proper spam detection list?
I've never had this problem for ages. And since I used toaster, I've never had such blacklisting problems. One possible misconfiguration stated on CBL's site was that my HELO would not return a fully-qualified domain name. However, my email server does in fact return my actual domain name. So that can't be the reason. Regards, Riezal Ross Network Engineer / Project Manager CIS (M) Engineering Division Clipsal Integrated Systems (M) Sdn Bhd Unit 3-2, CP Tower, No. 11, Jalan 16/11, Pusat Dagang Seksyen 16, 46350 Petaling Jaya, Selangor Darul Ehsan, Malaysia. Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 Mobile: 012-6285210 E-mail: [EMAIL PROTECTED] http://www.cisasia.com.my http://www.clipsalportal.com -----Original Message----- From: Dairenn Lombard [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 21, 2006 5:00 PM To: [email protected] Subject: RE: [qmailtoaster] CBL It wouldn't have to be an exploit. Anyone can configure Outlook (or whatever) to have somebody else's e-mail address on the From: line, so that when they send e-mail to someone, it appears to be coming from someone else. Mail to unknown users would also bounce to the address specified, and not themselves. If someone is using an e-mail address at your domain to send out spam, spam to non-existant addresses would bounce back to you. But RBLs like CBL don't work that way. Spamhaus and Friends normally look at full SMTP headers to figure out which SMTP servers actually relayed the spam received. So, if your server didn't actually do it, it is very rare that your server would get implicated. There are some overly aggressive RBLs out there that ban hosts based on being even mentioned in spam that never even touched your mail server. Luckily, most ISPs are smart enough not to use overly zealous RBLs. I suggest that before you assume there is an exploit being, well, exploited--to find out why you got listed, and make sure your configuration is correct. If they can show you evidence of spam coming from your server's IP (ie., a message with full SMTP headers), then at least you have something to investigate. Until then, you're just guessing, and that's a waste of time. > -----Original Message----- > From: Riezal Ross [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 12:48 AM > To: [email protected] > Subject: RE: [qmailtoaster] CBL > > > Is it possible, that someone sent a mail to my server that > contains some sort of known exploit. So the server bounces > the message and it is actually that bounce message that made > my server get listed into CBL. They probably think my server > is sending out viruses. Possible? > > That is the only think I can think of, other than one of my > users sending out virus mail. I have a centralized anti-virus > server on my network and its very unlikely that it's a virus > that is causing this. > > Regards, > > Riezal Ross > > > > -----Original Message----- > From: Dairenn Lombard [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 4:50 PM > To: [email protected] > Subject: RE: [qmailtoaster] CBL > > > It might be because of a malformed SMTP header when sending > e-mail to other mail servers. I had this problem, and > GoDaddy banned our toaster. > > Check to make sure that your /var/qmail/control/me and locals > files have valid hostnames (not localhost.localdomain) and > then follow the directions on their website for getting delisted. > > Otherwise, ask them why you got tagged. They could have made > a mistake. > > > -----Original Message----- > From: Riezal Ross [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 12:40 AM > To: [email protected] > Subject: [qmailtoaster] CBL > > > Hi, > I don't know how my server managed to get listed in CBL, but > I'm wondering if anyone here has faced this before. Any ideas > in general why my mail server is getting listed? > <[EMAIL PROTECTED]>: > 203.121.47.59 does not like recipient. > Remote host said: 553 > http://www.spamhaus.org/query/bl?ip=202.75.186.170 > > Giving up on 203.121.47.59. > > > Regards, > Riezal Ross > Network Engineer / Project Manager > CIS (M) Engineering Division > Clipsal Integrated Systems (M) Sdn Bhd > Unit 3-2, CP Tower, No. 11, Jalan 16/11, > Pusat Dagang Seksyen 16, 46350 Petaling Jaya, > Selangor Darul Ehsan, Malaysia. > Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 > Mobile: 012-6285210 > E-mail: [EMAIL PROTECTED] > http://www.cisasia.com.my > http://www.clipsalportal.com > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
