All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Abuseat.com's CBL is giving me headaches
Since Monday, all the mails I've sent on my dedicated server were rejected.
I realized my server is on Spamhaus XBL because it was listed at ABUSEAT CBL. Never heard of it. So, I looked on my logs and figured the server was compromised and indeed sent spam from my e-mailaddress (only address that can relay).
I reinstalled the server. I figured some Indian guy is posting my e-mailaddress as contact info for his restaurant. I decided to buy a new domain name.
So far, so good. I got delisted on the CBL. I'm listed on the CBL AGAIN! And I couldn't find anything that has to do with spam. As long as I'm on the list, I can't send emails anymore.
What to do to stop these guys?!
Comments
Check your server and see if it is an open relay.
http://mxtoolbox.com/diagnostic.aspx here is a tool to do it for you.
I ran that tool. My server is not an open relay.
It's a pretty good site in my opinion. Haven't seen a false listing there in a long time. It will say what you're listed for.
http://configserver.com/cp/cxs.html
How long between those two events?
7 hours. Just when I reinstalled everything.
It's possible that they were responding to an old report. If someone was heavily spamming from your server, then it can take a few days for all the spam reports to roll in.
Doesn't IP address also come into the equation or just domain name?
i read the name as abuse-at
I delisted myself manually. I'm not listed anymore now. Yay!
I've never heard of ABUSEAT or CBL. What are they?
See this article: http://en.wikipedia.org/wiki/DNSBL
Ah ok fair enough. Well as I host my own mail server I have control over whether I can or can't send emails so I don't need to worry.
Damnit. I'm at the list again. And I can't find anything wrong.
Something clearly is. Feel up to sharing the contents of their listing?
I'm listed due to unknow1895. Very helpful! http://cbl.abuseat.org/lookup.cgi?ip=94.100.24.139. A needle in a haystack.
That IP address also listed at xbl.spamhaus.org and zen.spamhaus.org
Why? I reinstalled everything yesterday and chose a brand-new password. There's no chance something is hacked or compromised at this time.
"94.100.24.139 is listed in the XBL, because it appears in:
CBL"
I don't know why, but it is possible if you use bind, when the setting is not correct it might be a way in for malicious software.
I'm using ZPanel, so I assume the configs are proper.
Also it is possible if you use ZPanel
Want to take a look at my config?
I'm not a Zpanel expert. Ask @joepie91 for this matter. He is a better coder than I am.
I won't let @joepi91 in. He's considered a big Dutch criminal.
Well, he is a good coder though.
zPanel is a security flaw in itself. You can roll the dice with it but when you get a bad roll you probably won't shake it off easy.
I thought it was much safer since the new iteration. If not, what would you recommend me? I'm not thinking about something like DirectAdmin or so, since it's not very cheap.
Vestacp.com is my recommendation. It's light, fast, and support is very responsive.
Virtualmin ftw.
And expensive as fuck. I'm looking for a very cheap hosting control panel, since it will be for private use only.