Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Abuseat.com's CBL is giving me headaches
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Abuseat.com's CBL is giving me headaches

Since Monday, all the mails I've sent on my dedicated server were rejected.

I realized my server is on Spamhaus XBL because it was listed at ABUSEAT CBL. Never heard of it. So, I looked on my logs and figured the server was compromised and indeed sent spam from my e-mailaddress (only address that can relay).

I reinstalled the server. I figured some Indian guy is posting my e-mailaddress as contact info for his restaurant. I decided to buy a new domain name.

So far, so good. I got delisted on the CBL. I'm listed on the CBL AGAIN! And I couldn't find anything that has to do with spam. As long as I'm on the list, I can't send emails anymore.

What to do to stop these guys?!

«1

Comments

  • MunMun Member without signature

    Check your server and see if it is an open relay.

  • MunMun Member without signature

    http://mxtoolbox.com/diagnostic.aspx here is a tool to do it for you.

  • I ran that tool. My server is not an open relay.

  • jarjar Provider

    It's a pretty good site in my opinion. Haven't seen a false listing there in a long time. It will say what you're listed for.

    http://configserver.com/cp/cxs.html

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • said: I got delisted on the CBL. I'm listed on the CBL AGAIN!

    How long between those two events?

  • @jimpop said:

    7 hours. Just when I reinstalled everything.

  • BrianHarrisonBrianHarrison Member, Provider

    @DennisdeWit said:
    7 hours. Just when I reinstalled everything.

    It's possible that they were responding to an old report. If someone was heavily spamming from your server, then it can take a few days for all the spam reports to roll in.

    Reprise Hosting (AS62838) Intel Xeon L5520, 1TB SATA, 4GB RAM, 10TB BW, $27/mo with DED10 promo! Cheap dedicated servers.
    VPSHostingDeal.com - Low-cost self-managed OpenVZ + Xen cheap VPS hosting. Plans starting at $12 PER YEAR! Cheap VPS.

  • Doesn't IP address also come into the equation or just domain name?

  • jcalebjcaleb Moderator

    i read the name as abuse-at

  • I delisted myself manually. I'm not listed anymore now. Yay! :)

  • I've never heard of ABUSEAT or CBL. What are they?

    Hi :>

  • @OkieDoke said:
    I've never heard of ABUSEAT or CBL. What are they?

    See this article: http://en.wikipedia.org/wiki/DNSBL

  • Ah ok fair enough. Well as I host my own mail server I have control over whether I can or can't send emails so I don't need to worry.

    Hi :>

  • Damnit. I'm at the list again. And I can't find anything wrong.

  • jarjar Provider

    @DennisdeWit said:
    Damnit. I'm at the list again. And I can't find anything wrong.

    Something clearly is. Feel up to sharing the contents of their listing?

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    Something clearly is. Feel up to sharing the contents of their listing?

    I'm listed due to unknow1895. Very helpful! http://cbl.abuseat.org/lookup.cgi?ip=94.100.24.139. A needle in a haystack.

  • That IP address also listed at xbl.spamhaus.org and zen.spamhaus.org

    Happy to be alive and kicking!

  • DennisdeWitDennisdeWit Member
    edited November 2013

    @vRozenSch00n said:
    That IP address also listed at xbl.spamhaus.org and zen.spamhaus.org

    Why? I reinstalled everything yesterday and chose a brand-new password. There's no chance something is hacked or compromised at this time.

    "94.100.24.139 is listed in the XBL, because it appears in:

    CBL"

  • vRozenSch00nvRozenSch00n Member
    edited November 2013

    I don't know why, but it is possible if you use bind, when the setting is not correct it might be a way in for malicious software.

    Happy to be alive and kicking!

  • I'm using ZPanel, so I assume the configs are proper.

  • Also it is possible if you use ZPanel

    Happy to be alive and kicking!

  • @vRozenSch00n said:
    Also it is possible if you use ZPanel

    Want to take a look at my config?

  • I'm not a Zpanel expert. Ask @joepie91 for this matter. He is a better coder than I am.

    Happy to be alive and kicking!

  • I won't let @joepi91 in. He's considered a big Dutch criminal.

  • Well, he is a good coder though.

    Happy to be alive and kicking!

  • jarjar Provider

    zPanel is a security flaw in itself. You can roll the dice with it but when you get a bad roll you probably won't shake it off easy.

    Thanked by 1vRozenSch00n

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    zPanel is a security flaw in itself. You can roll the dice with it but when you get a bad roll you probably won't shake it off easy.

    I thought it was much safer since the new iteration. If not, what would you recommend me? I'm not thinking about something like DirectAdmin or so, since it's not very cheap.

  • jarjar Provider

    Vestacp.com is my recommendation. It's light, fast, and support is very responsive.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • Virtualmin ftw.

    Hi :>

  • DennisdeWitDennisdeWit Member
    edited November 2013

    @jarland said:
    Vestacp.com is my recommendation. It's light, fast, and support is very responsive.

    And expensive as fuck. I'm looking for a very cheap hosting control panel, since it will be for private use only.

  • jarjar Provider

    What? It's free.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    What? It's free.

    Oh, you only have to pay if you want support. I understand.

  • jarjar Provider

    Yeah, and I even paid for support because it's just that good. Felt like they deserved money.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland I'm in the process of preparint to test Vestacp.com after reading your recommendation on vpsboard.com :)

    Happy to be alive and kicking!

  • jarjar Provider
    edited November 2013

    @vRozenSch00n said:
    jarland I'm in the process of preparint to test Vestacp.com after reading your recommendation on vpsboard.com :)

    I've been on the lookout for a free hosting control panel that I felt comfortable recommending to people for quite some time. There has not been an option that has met my requirements since learning of the security problems with zPanel.

    My demands are that it be attractive, easy to install, easy to configure, reasonably secure, and reasonable on usage. The main requirement is that it be attractive and new user friendly. Something like virtualmin simply does not fit the bill. It is hideous on first install and it's option set is too much for the average hobbyist. These people need something for their use, and being asked to simply learn more is not a valid answer. What is a valid answer? Vesta. It meets all of my requirements and quite frankly it has blown me away with it's functionality and ease of use. It is truly the cPanel of the free and low end.

    Those who can do should, those who can't or prefer not to, should use vesta.

    Thanked by 1vRozenSch00n

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • Try webuzo...

  • Holy crap. Just looked at VestaCP as per @jarland recommendation and I am extremely impressed.

    Hi :>

  • Does look nice..

  • I decided to give Vesta a shot.

  • @jarland: Vesta is not working right. My incoming mailserver works fine. SMTP is not responsive at all. Any help?

  • jarjar Provider

    @DennisdeWit said:
    jarland: Vesta is not working right. My incoming mailserver works fine. SMTP is not responsive at all. Any help?

    Should auto configure. I always install mine on top of a fresh copy of centos 6.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • DennisdeWitDennisdeWit Member
    edited November 2013

    @jarland said:
    Should auto configure. I always install mine on top of a fresh copy of centos 6.

    I did so too. SMTP-server is dead.

  • jarjar Provider

    @DennisdeWit said:
    I did so too. SMTP-server is dead.

    One sec let me re familiarize myself with the config/log file locations.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • jarjar Provider

    Alright, output of these:

    netstat -tulpn | grep exim

    iptables -nL

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • jarjar Provider

    Interestingly I can't even ping your IP right now.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    Interestingly I can't even ping your IP right now.

    No. I'm doing a reinstall as I'm afraid something went wrong at first. Give me a moment.

  • jarjar Provider
    edited November 2013

    @DennisdeWit said:
    No. I'm doing a reinstall as I'm afraid something went wrong at first. Give me a moment.

    Sure. I'm happy to jump on and take a look at any point as well. I wonder if your ISP is blocking port 25 and maybe it needs to be altered to use port 26. It's becoming more common.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    Sure. I'm happy to jump on and take a look at any point as well. I wonder if your ISP is blocking port 25 and maybe it needs to be altered to use port 26. It's becoming more common.

    Nope, I'm with Swiftway. I used port 25 at ZPanel and no problems. Now I reinstalled that server with Vesta and SMTP is dead.

  • jarjar Provider

    I can't even reach port 80 via telnet. Sounds like firewall.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @jarland said:
    I can't even reach port 80 via telnet. Sounds like firewall.

    It's because I reinstalled my server and I'm installing Vesta again now.

Sign In or Register to comment.