What RBLs are enabled by default in cPanel? For some reason one of them is stuffed up

burnleyvic

Registered
Jan 31, 2021
2
0
1
Location
cPanel Access Level
Website Owner
Hi,

New user here. It appears since Jan 31 20:52:44 Australian Eastern DST a number of SMTP servers *all* running cPanel started to reject with SMTP 550 SMTP connections from at least:
175.45.x.x/16
172.105.177.207
14.201.136.92
45.79.35.45
I'm not a cPanel user and the question is: How can we find out what are the preconfigured RBLs in a default cPanel installation? My guess is one of those RBLS has started to block accidentally some IP addresses / net blocks in the last 24 hours or so. None of the above IPs are coming up as blacklisted with Email Blacklist Check - IP Blacklist Check - See if your server is blacklisted so I don't know what's going on there.
Example of a failed SMTP session (some data hidden):

telnet 13.237.145.67 25
Trying 13.237.145.67...
Connected to 13.237.145.67.
Escape character is '^]'.
220-awcp044.server-cpanel.com ESMTP Exim 4.93 #2 Mon, 01 Feb 2021 15:10:33 +1100
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
HELO host.host.com.au
250 awcp044.server-cpanel.com Hello host.host.com.au [45.79.35.45]
MAIL FROM:<>
250 OK
RCPT TO:<[email protected]>
550-"JunkMail rejected - li1134-45.members.linode.com (host.host.com.au)
550 [45.79.35.45]:39014 is in an RBL: "
Connection closed by foreign host.

Here is a list of cPanel servers actively blocking, or having blocked email from our IPs above in the last 24 hours:
3.104.42.165
3.105.103.30
3.105.250.197
3.106.179.106
3.24.6.135
3.24.79.109
13.237.145.67
13.237.237.202
13.237.69.52
13.55.180.246
27.121.64.134
27.121.64.150
27.121.66.155
27.121.67.137
27.121.68.110
43.250.140.16
52.62.141.41
52.62.23.37
52.64.219.23
52.65.88.200
67.225.162.135
103.18.109.180
103.18.109.95
103.27.34.29
103.9.171.125
103.9.171.182
139.162.58.184
207.148.83.109
221.121.154.42

Again, it'd be great if we could find out what are the default RBLs enabled by default in a cPanel stock installation. Thanks in advance.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,984
922
313
cPanel Access Level
Root Administrator
Hey there! In case you haven't seen the issue yet, SpamCop had their domain expire leading to problems with their RBL and many mailing systems:


If you need more clarification just let me know!
 

burnleyvic

Registered
Jan 31, 2021
2
0
1
Location
cPanel Access Level
Website Owner
Hey there! In case you haven't seen the issue yet, SpamCop had their domain expire leading to problems with their RBL and many mailing systems:


If you need more clarification just let me know!
Yeah, that's funny (NOT for some!) Might have been related, cause we've stopped seeing the RBL rejections around Feb 1 11pm AEDST. Having said that, the question I still have is: why doesn't cPanel RBL rejection message display the specific blocklist? "Hey your IP is blacklisted but won't tell you by whom" is useless and causes frustration when trying to work out why the IP is blacklisted. Thanks.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,984
922
313
cPanel Access Level
Root Administrator
@burnleyvic - we seem to already do that in the mail logs. I checked my personal system for "RBL" in the /var/log/exim_mainlog file and I found this entry:

Code:
2021-01-31 05:03:31 H=(remote.spammer.server) [1.2.3.4]:58726 F=<[email protected]> rejected RCPT <[email protected]>: "JunkMail rejected - (server.spammer.com) [1.2.3.4]:58726 is in an RBL: Blocked - see https://www.spamcop.net/bl.shtml?1.2.3.4"
Are you expecting to see that in a different location on the machine?