Hallo,
ich bin Suse Neuling & mehr Programmierer als Linux Administrator.
Nun habe ich vor kurzem festgestellt das sich unser gehosteter Server
mit Resellerfunktion inkl. mehreren Kunden Hosts in einer Blacklist befindet
mit folgender Meldung:
----------------------------------------------------------------------
This IP IS CURRENTLY LISTED in our Database.
Please note that this listing does not mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
If you don't know what BACKSCATTER or Sender Callouts are, click the links above to get clue how to stop that kind of abuse.
To track down what happened investigate your smtplogs near 09.10.2009 14:20 CEST +/-10 minutes.
You will either find that your system tried to send bounces or autoresponders to claimed but in reality faked senders, or your system tried sender verify callouts against our members near that time.
So you should look for outgoing emails that have a NULL SENDER or POSTMASTER in MAIL FROM and which got rejected at remote systems.
Read the rejection texts carefully and it shouldn't be a big deal to figure out what caused or renewed your listing.
History:
09.02.2009 10:50 CET listed
A total of 423 Impacts were detected during this listing. Last was 09.10.2009 14:20 CEST +/- 10 minutes.
Earliest date this IP can expire is 06.11.2009 13:20 CET.
----------------------------------------------------------------------
Was hat dies zu bedeuten? Was kann ich tun um herauszufinden wo
das Problem liegt?
Unser Provider hat mir mitgeteilt das ich mal in folgendem Verzeichnis
suchen soll: /usr/local/psa/var/log/maillog
Nun müßte ich natürlich wissen nach was !!!
Folgende Problematiken in dieser Hinischt sind mir bekannt:
+ offene, unsichere Ports
+ gehackte FTP Accounts
+ gehackte Mail Accounts
+ unsichere / fehlerhaft Mail Skripte
System:
- Rootserver
- Suse Linux 10.1
Verwaltung
- SSH Zugang
- Plesk 8.3.
Wer hat eine Idee? Freu mich über verständliche & aussagekräftige
Antworten!
Gruß
Siggi
ich bin Suse Neuling & mehr Programmierer als Linux Administrator.
Nun habe ich vor kurzem festgestellt das sich unser gehosteter Server
mit Resellerfunktion inkl. mehreren Kunden Hosts in einer Blacklist befindet
mit folgender Meldung:
----------------------------------------------------------------------
This IP IS CURRENTLY LISTED in our Database.
Please note that this listing does not mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
If you don't know what BACKSCATTER or Sender Callouts are, click the links above to get clue how to stop that kind of abuse.
To track down what happened investigate your smtplogs near 09.10.2009 14:20 CEST +/-10 minutes.
You will either find that your system tried to send bounces or autoresponders to claimed but in reality faked senders, or your system tried sender verify callouts against our members near that time.
So you should look for outgoing emails that have a NULL SENDER or POSTMASTER in MAIL FROM and which got rejected at remote systems.
Read the rejection texts carefully and it shouldn't be a big deal to figure out what caused or renewed your listing.
History:
09.02.2009 10:50 CET listed
A total of 423 Impacts were detected during this listing. Last was 09.10.2009 14:20 CEST +/- 10 minutes.
Earliest date this IP can expire is 06.11.2009 13:20 CET.
----------------------------------------------------------------------
Was hat dies zu bedeuten? Was kann ich tun um herauszufinden wo
das Problem liegt?
Unser Provider hat mir mitgeteilt das ich mal in folgendem Verzeichnis
suchen soll: /usr/local/psa/var/log/maillog
Nun müßte ich natürlich wissen nach was !!!
Folgende Problematiken in dieser Hinischt sind mir bekannt:
+ offene, unsichere Ports
+ gehackte FTP Accounts
+ gehackte Mail Accounts
+ unsichere / fehlerhaft Mail Skripte
System:
- Rootserver
- Suse Linux 10.1
Verwaltung
- SSH Zugang
- Plesk 8.3.
Wer hat eine Idee? Freu mich über verständliche & aussagekräftige
Antworten!
Gruß
Siggi
Last edited by a moderator: