The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Autoresponder Abuse - Got listed in MAPS RBL

Discussion in 'General Discussion' started by BraveX, May 1, 2007.

  1. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Our main server IP got listed in MAPS RBL. They said it was because of an autoresponder being abused. All autoresponders are cPanel-based. How is this possible? Do we need to completely remove this feature?

    Quite frustrating.
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I wouldn't recommend using autoresponders, but at the same time I'm not entirely sure how one would handle this situation. Autoresponders have been around for quite some time and it has been my experience when dealing with customers that if something has been around for quite a while, no matter if it is causing problems, it is difficult to get them to stop using them.

    The problem is, imagine that you have a domain, domain.com with joe@domain.com set up as an e-mail account with an autoresponder. When spam is sent to joe@domain.com the spammer practically always uses a fake address to send the message from, not their real address. So a spam message might be sent to joe@domain.com and appear to be sent from bob@anotherdomain.com. Now its important to realize that bob@anotherdomain.com did not send you a message and has no idea who you are. Suddenly when bob@anotherdomain.com checks their mail, they have a message from you, joe@domain.com (your autoresponder). bob@anotherdomain.com flags this message as spam. Do this a few times, and suddenly the server hosting domain.com is blacklisted for sending spam.

    Ideally, no you would not allow autoresponders, because they will just send a message back to the sender blindly. I'm not entirely sure how one would tackle this problem. With the ever increasing problem of messages being flagged as spam left and right (some claims are legitimate, others not so much), any type of situation where a message is sent automatically has the chance of blacklisting an IP.
     
  3. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for responding and this stinks. We have a lot of customers that depend on their autoresponders. Some for sending out things like automated sales letters and others for vacation mail or informing people of new e-mail addresses.

    Wish there was something that could be done. Telling customers they can't use this anymore is going to piss them off. Not crazy about that. You're right about not wanting to give up something that you're used to using.

    BX
     
  4. delsurf

    delsurf Registered

    Joined:
    Apr 17, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I too got listed this past week for the same reason. I also have a few customers using auto-responders for contact forms, vacation messages, etc...

    The best solution I've thought of is to have SpamAssassin and your RBL checks check the incoming email and reject it before it gets to the autoresponder or before it hits an email that forwards to another email (this would also solve alot of the AOL forwarding problems).

    Problem is, I don't know how to set this up... I've looked before, but didn't get anywhere....

    It would be nice if the cPanel / Exim team helped us out on this one. I feel like between the email forwarders and now the auto-responders, spammers are rendering many useful features useless...
     
  5. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    That's a good suggestion. I wish I knew how to do that, too. Maybe someone here can offer some suggestions.
     
  6. bashcpanel

    bashcpanel Well-Known Member

    Joined:
    Apr 15, 2007
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Setting Up Rbl And Spamassassin

    Hi,

    You can set up RBL in exim.conf directly.

    Search for "accept hosts = :" in exim.conf file and paste the below statements.

    ==================
    #Reject message if address listed in blacklist.
    deny message = Message rejected because $sender_fullhost \
    is blacklisted at $dnslist_domain see $dnslist_text Contact ISP now
    !hosts = +relay_hosts
    !authenticated = *
    dnslists = dnsbl.njabl.org : \
    bl.spamcop.net : \
    sbl.spamhaus.org : \
    list.dsbl.org : \
    relays.ordb.org
    ====================

    Restart exim to make changes affective. You can do the same from whm , the option is "exim configuration editor" adn then switch to advanced mode.

    For setting up Spamassassin you can do this from Cpanel .
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I might be completely wrong on this, but this is my take on it.

    E-mail was originally set up based on a trust system. Back when e-mail first started, it was trusted that you would send an e-mail specifying the sender as your real e-mail address. There was no internal check to insure that this was correct or really no way to do a check based on this. This is what is being exploited by spammers. This is why you see a lot of spam now.

    It seems that over the past few years (probably more than a few) spammers have exploited this deficiency in the SMTP protocol.

    If all e-mail coming into your e-mail account had a From line and an envelope sender that correctly identified the individual that actually sent the message, then there would not be as much of a concern for the issues surrounding auto-responders and e-mail forwarders.

    However as it stands now, this is not possible, and it really just shows how much of a bad idea autoresponders and e-mail forwarding really is.

    I don't really have a solution for this, but I ultimately think that using autoresponders and e-mail forwarders are a bad idea. It is just a shame that the potential for abuse of these "features" was not seen before they were instituted as a hosting or e-mail feature. If the idea of an autoresponder had never been thought up or never been set up, then you would not be running into issues where users have autoresponders set up and causing this problem. I think any attempt to circumvent this issue, whether it be spam filtering, RBLs, etc, is still ignoring the underlying premise behind autoresponders and the problems that they can cause. Thats not to say that I disagree with putting these measures in place, just that ultimately if you want to stop autoresponder abuse, you have to disallow autoresponders.

    Again, I'm no expert, and this is just my opinion.
     
  8. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    DO NOT use ordb.org

    The server is gone and adding this one will cause alot of timeouts for exim AND servers that do callout/callback to you to verify addresses and such may hit a timeout and refuse to take email from you.
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I couldn't agree more. There really isn't a solution to this other than not to use auto-responders. It's another example (e.g. with boxtrapper) where the use of the feature can very easily get you into RBL's.

    The only recommendation I can make is to try and filter out as much spam as possble before it hits the users account/autoresponder.

    That, or don't allow autoresponders or boxtrapper.
     
  10. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your feedback/thoughts on this.
     
  11. ilir038

    ilir038 Member

    Joined:
    Feb 26, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    How would one disable auto-responders?

    Thanks!
     
  12. ilir038

    ilir038 Member

    Joined:
    Feb 26, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1

Share This Page