Yeah that's what I thought. It's unlikely that one of my users are doing any 'unauthorized' spamming. Since I'm quite confident that my toaster setup is good and I've no users sending out spam mails, I think it could be something else. That IP address actually belongs to my IPCOP firewall and is forwarded into my toaster mail server. So I'm not really sure what is going on.
In any case, I've requested for the IP to be removed. We'll see what happens after. Thanks again. Regards, Riezal Ross -----Original Message----- From: Dairenn Lombard [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 21, 2006 5:12 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] CBL I would ask to be delisted and see what happens; if they turn you down, they might offer an explanation. If you don't get one, ask for one. If a user is spamming through your server, they are doing it as your direct customer, as, by default, qmail toasters aren't open relays. They use SMTP AUTH and POP-before-SMTP authentication (courier-imap compiled with "roaming users on") to prevent that. If I really suspected spamming coming from a customer of mine, I would look for large mailing lists set up by users on my toaster and then use vqadmin to shut it down. > -----Original Message----- > From: Riezal Ross [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 1:02 AM > To: qmailtoaster-list@qmailtoaster.com > Subject: RE: [qmailtoaster] CBL > > > Thanks for the input. So you are saying that even if my > server is used to send out spam mails, CBL wouldn't have > blocked me? Instead I would be blocked by a proper spam > detection list? > > I've never had this problem for ages. And since I used > toaster, I've never had such blacklisting problems. One > possible misconfiguration stated on CBL's site was that my > HELO would not return a fully-qualified domain name. However, > my email server does in fact return my actual domain name. So > that can't be the reason. > > > Regards, > > Riezal Ross > Network Engineer / Project Manager > CIS (M) Engineering Division > > Clipsal Integrated Systems (M) Sdn Bhd > Unit 3-2, CP Tower, No. 11, Jalan 16/11, > Pusat Dagang Seksyen 16, 46350 Petaling Jaya, > Selangor Darul Ehsan, Malaysia. > Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 > Mobile: 012-6285210 > E-mail: [EMAIL PROTECTED] > http://www.cisasia.com.my > http://www.clipsalportal.com > > > -----Original Message----- > From: Dairenn Lombard [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 21, 2006 5:00 PM > To: qmailtoaster-list@qmailtoaster.com > Subject: RE: [qmailtoaster] CBL > > > It wouldn't have to be an exploit. > > Anyone can configure Outlook (or whatever) to have somebody > else's e-mail address on the From: line, so that when they > send e-mail to someone, it appears to be coming from someone > else. Mail to unknown users would also bounce to the address > specified, and not themselves. > > If someone is using an e-mail address at your domain to send > out spam, spam to non-existant addresses would bounce back to you. > > But RBLs like CBL don't work that way. Spamhaus and Friends > normally look at full SMTP headers to figure out which SMTP > servers actually relayed the spam received. So, if your > server didn't actually do it, it is very rare that your > server would get implicated. > > There are some overly aggressive RBLs out there that ban > hosts based on being even mentioned in spam that never even > touched your mail server. Luckily, most ISPs are smart enough > not to use overly zealous RBLs. > > I suggest that before you assume there is an exploit being, > well, exploited--to find out why you got listed, and make > sure your configuration is correct. If they can show you > evidence of spam coming from your server's IP (ie., a message > with full SMTP headers), then at least you have something to > investigate. Until then, you're just guessing, and that's a > waste of time. > > > > -----Original Message----- > > From: Riezal Ross [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 12:48 AM > > To: qmailtoaster-list@qmailtoaster.com > > Subject: RE: [qmailtoaster] CBL > > > > > > Is it possible, that someone sent a mail to my server that contains > > some sort of known exploit. So the server bounces the > message and it > > is actually that bounce message that made my server get listed into > > CBL. They probably think my server is sending out viruses. Possible? > > > > That is the only think I can think of, other than one of my users > > sending out virus mail. I have a centralized anti-virus > server on my > > network and its very unlikely that it's a virus that is > causing this. > > > > Regards, > > > > Riezal Ross > > > > > > > > -----Original Message----- > > From: Dairenn Lombard [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 4:50 PM > > To: qmailtoaster-list@qmailtoaster.com > > Subject: RE: [qmailtoaster] CBL > > > > > > It might be because of a malformed SMTP header when sending > e-mail to > > other mail servers. I had this problem, and GoDaddy banned our > > toaster. > > > > Check to make sure that your /var/qmail/control/me and locals files > > have valid hostnames (not localhost.localdomain) and then > follow the > > directions on their website for getting delisted. > > > > Otherwise, ask them why you got tagged. They could have made a > > mistake. > > > > > > -----Original Message----- > > From: Riezal Ross [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 21, 2006 12:40 AM > > To: qmailtoaster-list@qmailtoaster.com > > Subject: [qmailtoaster] CBL > > > > > > Hi, > > I don't know how my server managed to get listed in CBL, but I'm > > wondering if anyone here has faced this before. Any ideas in general > > why my mail server is getting listed? > > <[EMAIL PROTECTED]>: > > 203.121.47.59 does not like recipient. > > Remote host said: 553 > > http://www.spamhaus.org/query/bl?ip=202.75.186.170 > > > > Giving up on 203.121.47.59. > > > > > > Regards, > > Riezal Ross > > Network Engineer / Project Manager > > CIS (M) Engineering Division > > Clipsal Integrated Systems (M) Sdn Bhd > > Unit 3-2, CP Tower, No. 11, Jalan 16/11, > > Pusat Dagang Seksyen 16, 46350 Petaling Jaya, > > Selangor Darul Ehsan, Malaysia. > > Tel: (+603) 7665 3555 Fax: (+603) 7665 3155 > > Mobile: 012-6285210 > > E-mail: [EMAIL PROTECTED] > > http://www.cisasia.com.my > > http://www.clipsalportal.com > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]