I would ask to be delisted and see what happens; if they turn you down, they might offer an explanation. If you don't get one, ask for one.
If a user is spamming through your server, they are doing it as your direct customer, as, by default, qmail toasters aren't open relays. They use SMTP AUTH and POP-before-SMTP authentication (courier-imap compiled with "roaming users on") to prevent that. If I really suspected spamming coming from a customer of mine, I would look for large mailing lists set up by users on my toaster and then use vqadmin to shut it down. > -----Original Message----- > From: Riezal Ross [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 1:02 AM > To: [email protected] > Subject: RE: [qmailtoaster] CBL > > > Thanks for the input. So you are saying that even if my > server is used to send out spam mails, CBL wouldn't have > blocked me? Instead I would be blocked by a proper spam > detection list? > > I've never had this problem for ages. And since I used > toaster, I've never had such blacklisting problems. One > possible misconfiguration stated on CBL's site was that my > HELO would not return a fully-qualified domain name. However, > my email server does in fact return my actual domain name. So > that can't be the reason. > > > Regards, > > Riezal Ross > Network Engineer / Project Manager > CIS (M) Engineering Division > > Clipsal Integrated Systems (M) Sdn Bhd > Unit 3-2, CP Tower, No. 11, Jalan 16/11, > Pusat Dagang Seksyen 16, 46350 Petaling Jaya, > Selangor Darul Ehsan, Malaysia. > Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 > Mobile: 012-6285210 > E-mail: [EMAIL PROTECTED] > http://www.cisasia.com.my > http://www.clipsalportal.com > > > -----Original Message----- > From: Dairenn Lombard [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 5:00 PM > To: [email protected] > Subject: RE: [qmailtoaster] CBL > > > It wouldn't have to be an exploit. > > Anyone can configure Outlook (or whatever) to have somebody > else's e-mail address on the From: line, so that when they > send e-mail to someone, it appears to be coming from someone > else. Mail to unknown users would also bounce to the address > specified, and not themselves. > > If someone is using an e-mail address at your domain to send > out spam, spam to non-existant addresses would bounce back to you. > > But RBLs like CBL don't work that way. Spamhaus and Friends > normally look at full SMTP headers to figure out which SMTP > servers actually relayed the spam received. So, if your > server didn't actually do it, it is very rare that your > server would get implicated. > > There are some overly aggressive RBLs out there that ban > hosts based on being even mentioned in spam that never even > touched your mail server. Luckily, most ISPs are smart enough > not to use overly zealous RBLs. > > I suggest that before you assume there is an exploit being, > well, exploited--to find out why you got listed, and make > sure your configuration is correct. If they can show you > evidence of spam coming from your server's IP (ie., a message > with full SMTP headers), then at least you have something to > investigate. Until then, you're just guessing, and that's a > waste of time. > > > > -----Original Message----- > > From: Riezal Ross [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 12:48 AM > > To: [email protected] > > Subject: RE: [qmailtoaster] CBL > > > > > > Is it possible, that someone sent a mail to my server that contains > > some sort of known exploit. So the server bounces the > message and it > > is actually that bounce message that made my server get listed into > > CBL. They probably think my server is sending out viruses. Possible? > > > > That is the only think I can think of, other than one of my users > > sending out virus mail. I have a centralized anti-virus > server on my > > network and its very unlikely that it's a virus that is > causing this. > > > > Regards, > > > > Riezal Ross > > > > > > > > -----Original Message----- > > From: Dairenn Lombard [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 4:50 PM > > To: [email protected] > > Subject: RE: [qmailtoaster] CBL > > > > > > It might be because of a malformed SMTP header when sending > e-mail to > > other mail servers. I had this problem, and GoDaddy banned our > > toaster. > > > > Check to make sure that your /var/qmail/control/me and locals files > > have valid hostnames (not localhost.localdomain) and then > follow the > > directions on their website for getting delisted. > > > > Otherwise, ask them why you got tagged. They could have made a > > mistake. > > > > > > -----Original Message----- > > From: Riezal Ross [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 12:40 AM > > To: [email protected] > > Subject: [qmailtoaster] CBL > > > > > > Hi, > > I don't know how my server managed to get listed in CBL, but > > I'm wondering if anyone here has faced this before. Any ideas > > in general why my mail server is getting listed? > > <[EMAIL PROTECTED]>: > > 203.121.47.59 does not like recipient. > > Remote host said: 553 > > http://www.spamhaus.org/query/bl?ip=202.75.186.170 > > > > Giving up on 203.121.47.59. > > > > > > Regards, > > Riezal Ross > > Network Engineer / Project Manager > > CIS (M) Engineering Division > > Clipsal Integrated Systems (M) Sdn Bhd > > Unit 3-2, CP Tower, No. 11, Jalan 16/11, > > Pusat Dagang Seksyen 16, 46350 Petaling Jaya, > > Selangor Darul Ehsan, Malaysia. > > Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 > > Mobile: 012-6285210 > > E-mail: [EMAIL PROTECTED] > > http://www.cisasia.com.my > > http://www.clipsalportal.com > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
