Hi guys,
Any suggestions on which logs I can check, or maybe some kind of SSH command that can tell me for sure that Exim is the only one sending out mail on the server?
We got listed in Spamhaus CSS list, requested removal and they removed us, within hours they listed us again, even though our mail server had literally sent only a handful of emails. The emails were notification type emails received by our server, not marked as SPAM from well regarded, large websites, these were then forwarded to a Gmail address via our server which also did not mark them as SPAM. No other mails were sent according to the cPanel WHM "Mail Delivery Reports".
I have ClamAV, CHKRootkit and others installed and running, no problems found, have already done Exim hardening including not allowing "nobody" to send out mails etc. As far as I can see setting wise, the only way emails can send is if Exim handles them.
Getting very hard to solve the issue, as now Spamhaus will not remove us, nor tell us why its listed. So unless someone is fraudulently reporting us, or spoofing our IP, we shouldn't be listed.
Bit of backstory: We first got listed because a customer of ours who just signed up, sent about 100 emails to his contacts telling them of his new email address, many bounced due to them being old records. I assume due to our server being relatively new with no reputation, this triggered Spamhaus easier than if we already had a good rep.
Any suggestions on which logs I can check, or maybe some kind of SSH command that can tell me for sure that Exim is the only one sending out mail on the server?
We got listed in Spamhaus CSS list, requested removal and they removed us, within hours they listed us again, even though our mail server had literally sent only a handful of emails. The emails were notification type emails received by our server, not marked as SPAM from well regarded, large websites, these were then forwarded to a Gmail address via our server which also did not mark them as SPAM. No other mails were sent according to the cPanel WHM "Mail Delivery Reports".
I have ClamAV, CHKRootkit and others installed and running, no problems found, have already done Exim hardening including not allowing "nobody" to send out mails etc. As far as I can see setting wise, the only way emails can send is if Exim handles them.
Getting very hard to solve the issue, as now Spamhaus will not remove us, nor tell us why its listed. So unless someone is fraudulently reporting us, or spoofing our IP, we shouldn't be listed.
Bit of backstory: We first got listed because a customer of ours who just signed up, sent about 100 emails to his contacts telling them of his new email address, many bounced due to them being old records. I assume due to our server being relatively new with no reputation, this triggered Spamhaus easier than if we already had a good rep.
