preventing spam and other unquthorized use

Discussions on webmail and the Professional version.
Post Reply
dcioffi
Posts: 15
Joined: Thu Sep 08, 2005 10:50 pm

preventing spam and other unquthorized use

Post by dcioffi » Tue Dec 30, 2014 1:10 am

I've had mailenable installed for a number of years. I had to do minimal work on it. I had someone handling it and only needed to deal with minimal issues when he wasn't available. He's no longer able to do the work so it's left to me. I'm not a network guy or mailserver guru by any means.

I have a mailenable server, 7.5 Standard installed. I host 7 domains and two of them use the mail server and a third is the primary domain on the mail server. One of them uses DotNetNuke and some modules to manage mailing lists. I have 5 static IP addresses X.X.X.138-142 available to me from my ISP. My ISP (Road Runner) has to configure the PTR record.

A couple of months ago the first IP which was the default IP started popping up on blacklists. It took a while but I was able to get off the lists. I never found out why. I know the emails being sent are can-spam compliant, I send them.

A month ago we started to end up on the blacklists again. This time I was pressed for time and the easiest solution was to move the domains to the 139 IP. But I'm still having problems and I'm not sure why. Using mailenable tools and others I have verified that the server doesn't have any open relay enabled.

there are very few email accounts configured to allow authentication. There are less than a dozen actually for all domains.

The DNS PTR for all IP addresses points to RailroadCentral.net
DNS MX and all other DNS records are configured on IP 139.
I haven't bound the mail server to the public IP address. Mail should bind to the default IP, which would be the one listed on the MX record.
The primary domain RailroadCentral.net, doesn't receive or send email. There wasn't an MX record until today which I set to IP address 139.
All accounts are required to authenticate prior to sending/receiving email
SPF is not enabled. If I turn it on, what is the effect?
I plan on upgrading to 8.5 pro next month but until then I can't implement DKIM
On a hardware firewall, inbound traffic on ports 110, 587 & 25 on IP address 138 are blocked.

Not sure why this is happening. and not sure what to look at next. I don't want the changes to using 139 IP address to end up on blacklists again. I would hope someone can point me in some directions and tell me what I should look at next. Thanks in advance

One email address doesn't receive email from Amazon.com not sure about other originators or accounts because there are so few and little traffic from/to them.
I'm seeing things like this in the SMTP log
12/29/14 13:09:03 SMTP-OU 4D9487DA46FA42709195C3D51EDD7AD6.MAI 908 165.212.65.113 CONN 220 emd3.mbox.net ESMTP USA.NET-SMTA vC8.MAIN.4.00L; Mon, 29 Dec 2014 18:09:20 -0000 0 86 Blocked Unauthorized Transaction
12/29/14 13:09:03 SMTP-OU 4D9487DA46FA42709195C3D51EDD7AD6.MAI 908 165.212.65.113 EHLO EHLO RailroadCentral.net 250-emd3.mbox.net Hello RailroadCentral.net [24.73.80.138], pleased to meet you 26 154 Blocked Unauthorized Transaction
12/29/14 13:09:03 SMTP-OU 4D9487DA46FA42709195C3D51EDD7AD6.MAI 908 165.212.65.113 MAIL MAIL FROM:<service@payee.com> SIZE=37418 250 Sender OK 42 15 Blocked Unauthorized Transaction
12/29/14 13:09:03 SMTP-OU 4D9487DA46FA42709195C3D51EDD7AD6.MAI 908 165.212.65.113 RCPT RCPT TO:<cindy.osborne@century21.com> 550 Mail from 24.73.80.138 refused. Please refer to http://www.spamhaus.org/lookup.lasso for an explanation. 39 112 Blocked Unauthorized Transaction
12/29/14 13:09:03 SMTP-OU 4D9487DA46FA42709195C3D51EDD7AD6.MAI 908 165.212.65.113 QUIT QUIT 221 Goodbye 6 13 Blocked Unauthorized Transaction

Post Reply