CBL Problems

[flen]

Hi,

One of our servers is in the CBL Blacklist. I've requested serval removals but it still comes back in the blacklist. The people of CBL can't give me a solution or tell me where the problem exactly is.

- Server hostname is setted up right
- Reverse DNS is okay
- Nothing strange in mail queue as far as I could see
- No other blacklists, only CBL
- Running PhpSuExec, no mail is send under nobody (right?)

[dalem]

check that a cgi script is not conecting directly to the mail server via localhost there is a couple of BB scripts that do this and it connects as somthing@localhost and thats why its getting into to the CBL

[AndyReed]

Quote:

Originally Posted by flen

The people of CBL can't give me a solution or tell me where the problem exactly is.

- Server hostname is setted up right
- Reverse DNS is okay
- Nothing strange in mail queue as far as I could see
- No other blacklists, only CBL
- Running PhpSuExec, no mail is send under nobody (right?)

In addition to what dalem suggested, you need to make sure that there are no spammers in-house. It is very likely that a spammer, through one of your clients, downloaded and installed a script on your server. So, you need to find out where that script, or scripts, is/are located and remove them. Overall, secure your server. Good luck!

[flen]

Like I said, there is nothing strange to see. I can't find any spam scripts and running serval things like Mod_Security, Open_Basedir, PHPSuExec, etc .

[flen]

No suggestions further? . Server is still daily on CBL and nothing strange to see :/.

[chirpy]

Only the maintainers of the list can tell you why or how you got on the list, so you're going to have to pursue it with them.

[flen]

The problem is that they only can tell me "there is something wrong with your mailserver configuration". And there it is a standard cPanel configuration :/.

[oulzac]

wich cbl is it?
most of them have a contact were you can email them directly for further assistance.

[payne]

This has been happening to me to for the past several days. http://cbl.abuseat.org

[payne]

Mine was due to a script that was sending a HELO command over a smtp connection. Instead of HELO myservername.com, it was doing HELO emailrecipient.com. Apparently when done to the wrong server this gets you on the blacklist somehow. I fixed the script and haven't been relisted.

[Jorge]

I tried to contact them asking for some help (otherwise is almost impossible to know which may be the reason) and I keep receiving the same "auto-responder" message.

BTW, I sent you a PM.

[payne]

I had the autoresponder problem with a different blacklist, spamcop, and ended up disabling the autoresponder feature in whm. I also disabled spam trapper for the same reason. I haven't had problems with spamcop since then (a few days running).

[payne]

ok... just got blacklisted again. I just followed the advice at http://www.farhad.ca/2006/07/27/how-...sages-in-exim/ and sent an email to deputies[at]admin.spamcop.net asking if they can give more info on what exactly is being bounced to a spamcop trap.

I'm wondering if it might be this in my exim.conf:

accept domains = +local_domains
local_parts = postmaster:abuse
deny message = Message rejected because $sender_fullhost \
is blacklisted at $dnslist_domain see $dnslist_text
!hosts = +relay_hosts
!authenticated = *
dnslists = dnsbl.njabl.org : \
sbl.spamhaus.org : \
list.dsbl.org : \
cbl.abuseat.org : \
relays.ordb.org

[Jorge]

Is incredible, CBL can't tell me what's the HELO that they get, thefore, it makes me impossible to find out in the whole server where it may be the problem.

[sparek-3]

I have run into similar issues before. Can't say as if I really have any suggestions.

As others have said, you will really just have to communicate with the list administrators to determine why you are listed and what can be done to get off of the list. Of course, this is what you are trying to do and you're not getting any responses. I too have this problem from time to time.

If a spam blacklist is going to block one of our servers, I would appreciate it if they could give me information pertaining to the blacklisting whenever it is requested.

As much as I depise AOL, I do like their feedback loop system. With their feedback loop system, we can see exactly who is responsible for getting our servers blacklisted at AOL. This same type of information would be useful with other spam blacklists.

When one of our servers gets blacklisted, I will write the list administrators and explain to them that the issue is likely a user forwarding mail, an autoresponder, or perhaps some script on the server that is responsible for the blacklisting. I'm not going to disagree with them that they should not have blacklisted the server. But, if they can give me the information that resulting in the server being blacklisted, then I can attempt to trace that down to a specific user and educate or inform that user of their action. However, this usually goes on deaf ears.

If blacklist maintainers really want to help stop spam, I think they should develop some way of providing this information. Use AOL's feedback system as a basis.