Stop Spam and http access with IPtables

July 22, 2014 The Geek Decoder No Comments Email, Firewall, Iptables, Spam

To stop Spam:

drop SMTP on port 25, 465 and 587 to prevent further spam from being sent out by running the following commands:


# /sbin/iptables -A INPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 465 -j DROP
# /sbin/iptables -A INPUT -p tcp --dport 587 -j DROP
# /sbin/iptables -A OUTPUT -p tcp --dport 587 -j DROP

Restart:

# service iptables restart

Block an IP accessing the site:

# iptables -A INPUT -s 80.35.xx.xxx -j DROP

Restart:

# service iptables restart

After that – check the cpnael access logs for the domain and see that there is a 403 Error:

# tail -f /usr/local/apache/domlogs/gamedayboston.com

80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.xx.xx - - [07/Oct/2014:17:13:46 -0400] "POST /xmlrpc.php HTTP/1.0" 403 - "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

Helo incorrect?

July 17, 2014 The Geek Decoder No Comments Email, Postfix, Qmail

There’s a test available at http://cbl.abuseat.org/helocheck.html that will show you how the server is actually HELOing.

For Qmail:

# cat /var/qmail/control/me
mail.fromthepavilion.org

Email Deferred/Greylisting error

July 7, 2014 The Geek Decoder No Comments Email, Plesk

Getting email logs that show the following?

mail qmail-queue-handlers[8672]: Handlers Filter before-queue for qmail started …Jul 7 14:17:18 mail qmail-queue-handlers[8672]: from=domain@domain.comJul 7 14:17:18 mail qmail-queue-handlers[8672]: to=domain@domain.comJul 7 14:17:18 mail greylisting filter[8673]: Starting greylisting filter…Jul 7 14:17:18 mail qmail-queue-handlers[8672]: handlers_stderr: DEFERJul 7 14:17:18 mail qmail-queue-handlers[8672]: DEFER during call ‘grey’ handlerJul 7 14:17:26 mail pop3d: Connection, ip=[::ffff:203.197.xx.xx]Jul 7 14:17:26 mail pop3d: LOGOUT, ip=[::ffff:203.197.xx.xx]

In this case its referring to greylisting which you can choose to disable if you wish, http://kb.parallels.com/en/6359 is an article that refers to it.

Or run:

/usr/local/psa/bin/grey_listing --update-server -status off

Plesk Email Size Error

June 7, 2014 The Geek Decoder No Comments Email, Plesk

When changing the email from 100MB to 500 for the emails in the domain the following error:


Incorrect limit value was specified.

Under the subscription settings, you would need to increase the maximum size for the mailbox. If you attempt to make the limit for a mailbox higher than the current max mailbox setting for the subscription you will encounter that error. If the subscription is owned by a reseller, the reseller limit must also be increased.

Hotmail and Outlook Black List

April 1, 2014 The Geek Decoder No Comments Email, Spam

If you cannot send emails to Outlook or Hotmail or MSN, then your server’s IP address maybe blacklisted. Here are some tips to get removed from the MSN blacklist.

Before jumping through the blacklist removal hoops, you may want to double-check that your emails are not simply going into the spam folder. This process will not help you with emails being dropped into the spam folder. This is for getting off of MSN’s blacklist. I am going to outline 3 steps.

Verify you are on the MSN blacklist.
Perform preliminary blacklist removal checks.
Submit MSN blacklist delisting request.

Delist Here – Sender Information for Outlook.com Delivery –

https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&ccsid=635808707851479494&wa=wsignin1.0

MSN Blacklist Check

If MSN has blacklisted your IP, you will receive a delivery rejection notice from MSN or Hotmail. If you check your server’s logs or your email bounce you may see something like this:

SMTP error from remote mail server after end of data:
host mx1.hotmail.com [65.54.188.94]: 550 SC-001 (BAY0-MC2-F59) Unfortunately, messages from 216.55.xxx.xxx weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to <a href="http://mail.live.com/mail/troubleshooting.aspx#errors." target="_blank" rel="noopener">http://mail.live.com/mail/troubleshooting.aspx#errors.</a>

If you are seeing this or a similar email error, then your server’s IP has likely been blocked by MSN/Hotmail. There could be other response codes, but typically all MSN blacklist notifications will include a 500 series error. MSN’s postmaster service as a list of MSN’s blacklist codes.

MSN Blacklist Codes

I suggest you check this list to find the exact reason Hotmail or MSN is rejecting your emails.

There are some 400 series errors that deal with email volume rather than suspected spam. If you are sending high volumes of email to MSN, you may need to sign up for their bulk sender’s program.

If you are not seeing 500 errors, then you may not have an email blacklist problem but some other email delivery issue.
Preliminary Blacklist Delisting Tasks

Before requesting removal from MSN’s blacklist, you will want to take some steps to stop whatever caused the listing.

Make sure there is no unauthorized email going from your server.

Check the daily volume of email going to Hotmail, MSN or Outlook
Look for compromised user accounts.
Look for people forwarding email to Hotmail, MSN, or Outlook.com.
Do you have SPF and rDNS records set up?

If someone is forwarding email to Hotmail related addresses and then marketing it as spam, Hotmail will lower your server’s sender reputation. Window’s Live and related email services such as Hotmail and MSN.com emails work with Return Path to filter email. So email server reputation is more important for sending to these accounts than some of the other ISP’s covered in this series.

Hotmail/MSN Blacklist Removal Process

To start the process of getting removed from Hotmail’s blacklist, you will need to complete their sender information form.

Unfortunately since Microsoft maintains their own blacklist they have no obligation to accept email from anyone. Please have a look at some of their suggestions located at https://mail.live.com/mail/services.aspx

I would suggest signing up for both SNDS and Microsoft’s Junk Mail Reporting Program.

Submit to get Delisted!

Sender Information for Outlook.com Delivery – https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&ccsid=636529520240187401&wa=wsignin1.0

Provide all of the requested information. Unlike some other ISPs, MSN Support requires you to run some telnet tests from the command line on your server. If you do not know how to run these tests, you will need to get someone to help you.

In working with MSN, I have found it very important to provide accurate email headers. If you provide reliable information and are truly not spamming their systems, you will typically see removal in 2-3 business days. MSN is very picky about DNS. So be sure your DNS, PTR and SPF/SenderID records are in order before requesting removal.

If you have root access and need to send email now, try below:

Partial Solution:

Re-route the IP on port 25 if you have a linux box and you have another IP that is not blacklisted.

apply an iptables rule to route your outbound SMTP to a new IP

216.55.xxx.xxx


# iptables -t nat -A POSTROUTING -p tcp --dport 25 -j SNAT --to-source 216.55.xxx.xxx

GEEKDECODER

Category: Email