: I keep getting blacklisted. I have just purchased a VPS with Centos 6 and I have installed ZPanel on it. I have created a mailbox and everything seemed to work perfectly for a few days however,
I have just purchased a VPS with Centos 6 and I have installed ZPanel on it.
I have created a mailbox and everything seemed to work perfectly for a few days however, suddenly my mail stopped working.
I did some basic troubleshooting and discovered that I was blacklisted (CBL). I immediately did a virus scan with CLAMAV and everything was fine.
I also created a reverse DNS record and then removed myself from the blacklist. All was well for two days and now, I am back on the list.
FYI: the domain is strongimages.net
What things should I do to stop getting listed?
More posts by @Bryan171
1 Comments
Sorted by latest first Latest Oldest Best
The CBL blacklist is not an e-mail blacklist per se. It is used to indicate that a system is compromised, however, I fault the methodologies of how systems are detected and placed onto this blacklist. All that is required is legitimate functioning and a single access to the wrong place.
How this works is often really simple. Any IP/port access to a known command and control sever of a hacker is detected by a router or other network device often within the hosts network or ISP. This device then reports the access to the blacklist automatically. This is instantaneous. The most common accesses that are blocked are HTTP port 80 an SMTP port 25.
The premise is this. These ports are often used because they are open ports. A system is compromised and command and control software is installed to use these common ports. Any other compromised system creates an HTTP or SMTP (mini) server used to transmit data from a compromised client system to the command and control server. It gets more complicated than this, but this is enough to understand what is happening. ISP and host companies sometimes cooperate and set up traps for packets that are destined to the command and control server by IP address and port. Any innocent access is captured. For example, anyone who is browsing the web can lick on a link to a web server that has been compromised. This is a proper link made in the ordinary way from one page to another. The user IP address is then immediately blacklisted.
In your case, assuming that you are not using a proxy server or scanning, spidering, or scraping content off of the web, then I would assume that a valid e-mail within your e-mail list is using a domain name that is a known compromised system acting as a command and control server. Just sending an e-mail to this e-mail address is causing you to be blacklisted.
What you will need to do is verify that all of your e-mail address domain names are not blacklisted one at a time. This can be time consuming. I have tools for this that I use here, however, my favorite online tool is: mxtoolbox.com/blacklists.aspx You can check your e-mail address domain names here. Once you find one in CBL or perhaps other blacklists, a decision would have to be made, you should remove these addresses from your list until they are removed from the blacklist.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.