Another blacklist from AT&T, how to make sure the issue isn't on my end

[GoWilkes]

At least once every few months, I discovered that AT&T has blacklisted my IP. I usually find out when a client reports that their email to a customer bounced.

I check MX Toolbox to make sure that I'm not on any other RBLs. I never am. So I forward it to [email protected] , and after 24-48 hours they remove it.

So now I'm trying to triple-check to make sure that there's no problem on my end, because it makes me look incompetent to my clients when this happens over and over.

I'm looking at WHM > View Sent Summary for the last 7 days, and the only line with any failures says:

Domain: (blank)
User: -remote-
Successful: 81
Deferrals: 7
Failures: 497

The WIDE majority of those failures (492 of them) happened on October 25, at around 1am. 41 of those 492 had a spam score ranging from -110 to 5, the rest were 0 or blank.

I looked at the first one, and even though it shows up in my Sent Summary it shows that the "Sender IP" was totally different than mine (the "From Address" is Ebay, and the IP belongs to Ebay). The "Delivery IP", though, is 127.0.0.1.

And that's suspicious, but I'm not sure why AT&T would be aware of it when no other RBLs are.

Any suggestions on tracking this down further?

 

[cPRex]

Hey hey! Check the mail ID in the exim_mainlog and see who sent the message - that would be best place to start.

You can also run this command to get a list of directories that have sent mail on your server:

awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr