The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to monitor,or be notified of email blacklisting ?

Discussion in 'Data Protection' started by SoftDux, Mar 12, 2010.

  1. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Hi,

    Does anyone know how I can monitor our server's for blacklisting? We run a large amount of shared hosting & reseller hosting servers and from time to time one of the IP's will get blacklisted. I'm looking for a way to be notified if any of our IP's get blacklisted. Is this possible?
     
  2. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Not sure if such a tool exists, however you could check your IPs frequently in renowned spam databases like SenderBase® The IronPort Security Network and Email Blacklist Check - See if your server is blacklisted. You could also check "Top 50 mail rejection reasons by message count" in "WHM >> Email >> View Mail Statistics" to find any RBL listings. Many top mail providers have their anti-spam programs like Aol's email feed back loop and hotmail's SDNS program where you could subscribe your IP range and get feedback regarding any IP blacklisting.
     
  3. randy.raine

    randy.raine Registered

    Joined:
    Mar 13, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Blacklistmonitor.com

    Check out blacklistmonitor.com, you can check 10,000s of IPs using this service.

    Please note: I work for the company that owns blacklistmonitor.com

    Thanks,
    Randy Raine
     
  4. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Re: monitoring if you're IP's are on a blacklist

    Hi,

    Besides considering the blacklistmonitoring.com that was recommended, which sounds like a nice service, Keep an eye on your "E-Mail Bounce Notifications" You'll get an idea pretty quick if and why your customers' e-mails are being bounced back by other ISPs.

    A real nice thing would be if were possible to get notification "before" your IPs get blacklisted... Like an impending blacklist warning! But you can also forsee a blacklisting situation if you are seeing e-mail bounce-backs for reasons of spam. You could possibly catch it before you get on multiple blacklists.

    I hope my thoughts are of some help,
    Drake Pallister
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Aside from running a grep of your /var/log/exim_rejectlog for 'RBL', it would only take all of maybe 30 seconds to script a cronjob to periodically check your own server's IP addresses against all the major blacklist databases!

    RBL's -- Dns blacklist databases for those who don't know how to run checks from your server other than checking the box in your exim confingation or typing in your IP address on a web site, here is a very quick rundown on how these services work.

    Say you want to check the IP address 192.168.14.62 (non-routable IP just for example) against SpamCop database (bl.spamcop.net) ....

    You would simply reverse the IP address so that 192.168.14.62 became 62.14.168.192 and then append the RBL hostname to get a new address so in the above example:

    62.14.168.192.bl.spamcop.net

    All you simply do is resolve your new hostname back to IP address with a simple host lookup (IE #host 62.14.168.192.bl.spamcop.net) and if the original IP address is listed in the blacklist database, you will get a return IP address back from your query --- usually localhost (127.0.0.1).

    If your query hostname cannot be resolved back to an IP address then the original IP address is not listed in the blacklist database.

    That's it! That is how they work! Simple as that!
     

Share This Page