ME020166 - HOWTO: How does a server get blacklisted and how to get removed from blacklists


SUMMARY

How to prevent the server getting blacklisted and to get removed from a blacklist database.

DETAIL

Spam is a huge problem on the Internet and as a mail server operator it is important to take reasonable steps to ensure that the server is secured from being hijacked by those wishing to distribute bulk unsolicited e-mail.

If the server is not configured correctly, spammers can use the mail server to dispatch messages through the server uninhibited. Mail servers accept messages for recipients that have their mailboxes hosted on the mail server itself, but it is critical to regulate who can send messages to others (non-local recipients). Secure the server by configuring strict rules as to who can use the server to send messages (relay messages) to non-local recipients.

The article
Article ME020001describes which relay settings are most appropriate.

Review any domain redirections mail users may have set up on the server.  If mail users have been permitted to redirect their mail to other mail systems then they will also be redirecting any spam to those mail systems. These mail systems will detect the server as spamming and this may cause the server to be blacklisted as a result. As such, in a hosted environment, either moderate the use of redirections, or prevent users from redirecting their mailboxes by disabling the feature in web mail.

It is possible to get blacklisted or have your server IP(s) blacklisted via notifications being incorrectly sent to a forged senders address. Here are the common ways that notifications or bounced messages where replies to a forged address from a message envelope can have you added to a blacklist;

  • If a message is sent an address on the server that is associated with a list and the sender is not validated as an authenticated sender, a notification is sent to the original sender which may be forged, hence sending messages to an invalid account.
  • If an action on a filter is set up to "notify sender" that the message has met a particular criteria of a filter and the senders address is forged, then the message sent from the server could be again notifying the original forged senders address.
  • Having quotas set up on the mailboxes on a server will send out notifications to senders where a mailbox has exceeded its quota limit.  This sent reply could be to a forged email sender which after a period of time can result in blacklisting.
  • The reply message from a disabled mailbox or domain could be sending its rejection messages to a forged sender address.

Another way that your server could be blacklisted is through blacklisting of a range by a DNSBL.  Here is a returned warning from the web site of a DNSBL after a server range has been blacklisted;

WARNING!!!! This entire Class C, /24 network is listed!!!

2 or more /32 server entries in any /24 network will get the entire /24 network listed on ricn.dnsbl.net.au and rmst.dnsbl.net.au

If the server is not secured from unauthorized relay, it will end up on an Open Relay Blacklist. Once the server is on a black list, the removal process is very time consuming.  The removal process is as follows:

1. First ensure that your server is no longer open relay. Make sure that the server is configured as suggested in the article Article ME020001
2. Next, determine which open relay black lists the server is listed on using the tools at www.dnsstuff.com.
3. Finally, go to the web sites of each Blacklist provider and use their web site to submit your site for testing.
4. Blacklist providers usually process removal requests within 24 hours. They will send a mail message to indicate the status of the removal.

MORE INFORMATION

How to configure DNS blacklisting: Article ME020162

Blacklisting mechanisms:: Article ME020084


Product:MailEnable (All Versions)
Category:Operation
Module:SMTP
Keywords:blacklisted Blocked IP Reject blacklist removal black list blacklisted open
Class:HOWTO: Product Instructions
Created:1/07/2003 6:04:00 PM
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable