[extropy-chat] Clamping down email server

Eugen Leitl eugen at leitl.org
Sun Oct 15 15:11:40 UTC 2006 

On Sat, Oct 14, 2006 at 07:19:11PM -0400, David Lubkin wrote:

> I've been sending and receiving my email through my hosted FreeBSD 
> server for years, fairly smoothly. Of late I've been getting 
> thousands of messages a day purportedly from other mail servers, 
> rejecting email attributed to my domain, viz., that uses a random 
> address like jkkqrlaz at unreasonable.com.

Most spam uses forged From: addresses.
 
> Meanwhile, there are signs that some email I've originated is not 
> getting to its destination, suggesting that it's being blocked along the way.

Not at all unsual.
 
> I've checked a couple of blacklist sites, and not found my domain or 
> its IP address listed, and confirmed that sendmail is using POP Auth.

I've tried http://www.robtex.com/rbls/207.159.131.159.html
and several others on http://www.google.com/search?hl=en&q=RBL+check&btnG=Google+Search
which come up green.
 
> Could someone point me to a straight-forward procedure for clamping 
> down my email server, seeing if it's on any blacklists, and restoring 

You can always use http://www.abuse.net/relay.html or similiar online
relaying sites to test whether you're having a misconfiguration.

You do seem to have a lot of open ports, though:
helium:~# nmap 207.159.131.159

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-10-15 17:09 CEST
Interesting ports on unreasonable.com (207.159.131.159):
(The 1639 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
23/tcp    open     telnet
25/tcp    open     smtp
30/tcp    open     unknown
53/tcp    open     domain
80/tcp    open     http
110/tcp   open     pop3
111/tcp   open     rpcbind
135/tcp   filtered msrpc
139/tcp   open     netbios-ssn
143/tcp   open     imap
443/tcp   open     https
587/tcp   open     submission
648/tcp   open     unknown
993/tcp   open     imaps
995/tcp   open     pop3s
1022/tcp  open     unknown
1023/tcp  open     netvenuechat
3306/tcp  open     mysql
6666/tcp  filtered irc-serv
6667/tcp  filtered irc
6668/tcp  filtered irc
13782/tcp open     VeritasNetbackup


> its good name?

As far as I can tell you're not in any RBL, so there's no way
to restore what is not tarnished to start with. You typically
can't get an RBL to unblock you or any target site to use
non-braindead mail filtering anyway, so you could as well send a fax,
or pick up the phone, if you want to make sure your missive
came through. Yes, it is really that bad.
 
> I plan to switch soon to a new web host, where I figured I'd rely on 
> postfix, but I need email fully functional right away.

Picking postfix is a good choice.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20061015/ee0f0948/attachment.bin>

More information about the extropy-chat mailing list