CBL Blacklist - Unix

This is a discussion on CBL Blacklist - Unix ; I've recently created my own SMTP server and POP3 server. Yesterday, I tried to send mail, and found out my IP was blacklisted by CBL. Since I'm not a serial spammer, I was naturally a bit confused as to what ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: CBL Blacklist

  1. CBL Blacklist

    I've recently created my own SMTP server and POP3 server. Yesterday,
    I tried to send mail, and found out my IP was blacklisted by CBL.
    Since I'm not a serial spammer, I was naturally a bit confused as to
    what was going on. So I read the CBL website, and I can't figure out
    exactly what I'm doing to cause them to blacklist me.

    I'm not using a NAT, which CBL says is the most common cause of
    blacklistings. I'm running Linux 2.6 on 3 computers. The computers
    are connected via a LAN. The computer running the email server has a
    static IP from a local internet provider. Again, there is no router
    or NAT, simply a switch connecting the three computers.

    Essentially, it seems as though CBL thinks my home-made email server
    is some kind of spam-bot, even though I rarely ever send out emails.
    What are some solutions to this problem?


  2. Re: CBL Blacklist

    Begin <1180631729.671492.228340@g4g2000hsf.googlegroups.c om>
    On 2007-05-31, Dwan Hailoo wrote:
    > I've recently created my own SMTP server and POP3 server.


    Probably the simplest way to avoid a lot of problems is to configure
    that SMTP server to hand off all mail to your ISP's outgoing
    mailservers. Provided, of course, that your ISP knows what it is doing.


    [snip!]
    > I'm not using a NAT, which CBL says is the most common cause of
    > blacklistings. I'm running Linux 2.6 on 3 computers. The computers
    > are connected via a LAN. The computer running the email server has a
    > static IP from a local internet provider. Again, there is no router
    > or NAT, simply a switch connecting the three computers.


    You haven't understood that FAQ entry. Consider that NAT in itself
    is not a cause to get listed. What NAT can do is make the public IPA
    assigned to some box that is known to be virus and malware free show up
    as the originator of spamfloods sent by other machines making use of its
    NAT services. Appearing to originate spamfloods can get that IPA listed
    in the CBL.


    > Essentially, it seems as though CBL thinks my home-made email server
    > is some kind of spam-bot, even though I rarely ever send out emails.
    > What are some solutions to this problem?


    You've oversimplified the problem. You're back to where you started and
    you still have to figure out just why you're listed in the CBL. If there
    is a problem that might cause your machine to send spam that needs to be
    fixed, of course.

    Make sure your box really is not a spambot. Inspect your logs for
    starters. You might have accidentally configured it as an open relay,
    or someone else rooted your box and did it, or installed spam sending
    malware, or whatever. If that machine also runs a webserver with PHP
    or another scripting language (some forum application, perhaps?), that
    might be exploited as well. You need to check for all possibilities.


    It would be helpful to post the exact response you get from looking
    up your IPA in the CBL, minus the actual address of course.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  3. Re: CBL Blacklist

    > It would be helpful to post the exact response you get from looking
    > up your IPA in the CBL, minus the actual address of course.


    Thanks for all the advice. I'm going to try and figure out if my
    computer is acting as a spambot. In the meantime, here's what the CBL
    site reponds with:

    IP Address x.x.x.x was found in the CBL.

    It was detected at 2007-05-31 16:00 GMT (+/- 30 minutes),
    approximately 3 hours ago.

    Not very informative really. But the fact that it was detected only 3
    hours ago seems to imply this is some ongoing problem, which could
    mean one of my computers is sending out spam.


  4. Re: CBL Blacklist

    On 2007-05-31, jpd wrote:

    > Probably the simplest way to avoid a lot of problems is to configure
    > that SMTP server to hand off all mail to your ISP's outgoing
    > mailservers. Provided, of course, that your ISP knows what it is
    > doing.


    That's a big if!

  5. Re: CBL Blacklist

    Begin
    On 2007-05-31, Adam Funk wrote:
    > On 2007-05-31, jpd wrote:
    >> [...] Provided, of course, that your ISP knows what it is doing.

    >
    > That's a big if!


    Sadly, yes. There are ISPs that do know, though. Now to figure out which
    ones do.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  6. Re: CBL Blacklist

    On 2007-05-31, jpd wrote:

    >>> [...] Provided, of course, that your ISP knows what it is doing.

    >>
    >> That's a big if!

    >
    > Sadly, yes. There are ISPs that do know, though. Now to figure out which
    > ones do.


    I've concluded it's worth it to make other arrangements (e.g. $10/year
    for DynDNS mailhop outbound, or through a good hosting company).

+ Reply to Thread