2017-01-31

Getting listed in a spam blacklist is a dreadful experience for server owners. Users end up facing email delivery failures and bounces, which can take your business reputation for a toss.

To protect their mail servers from spam, most server owners have rules configured in their mail servers to filter out mails from addresses that are listed in Spam blacklists.

For smooth mail delivery, it is vital to prevent spam mails from abusing your mail servers. Equally important task is to prevent your mail servers from getting blacklisted.

At Bobcares, we help businesses block inbound and outbound spam to avoid mail server delays, as a part of our Proactive Server Maintenance. It involves 2 activities:

24/7 server monitoring

Our expert teams monitor critical server metrics such as disk usage and server processes round the clock. When we detect an anomaly in the mail logs, we immediately check and investigate for spamming, and prevent a blacklist.

Periodic audit and preventive maintenance

But waiting for an issue to happen, and jumping in to rescue is not the best way to keep a server stable. That is why we do regular Preventive Sever Maintenance.

Every couple of weeks, or when we detect an abnormal value in server metrics, we audit the server performance and security. We check the server for security vulnerabilities, performance bottlenecks, hardware health issues, etc. and fix the issues, so that a server failure can be prevented.

[ Making your server stable doesn’t have to be hard, or costly. Click here to keep your server rock solid (plans starting at $25/month). ]

Email blacklists – How do servers get listed in email blacklists?

A spam blacklist is a database of IP addresses or hostnames of mail servers that are reported as sources of spam. If your mail server is listed in these blacklists, other mail servers will reject mails from your server.

These spam blacklists are often referred to as DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL). There are a number of Spam blacklists online, such as Spamhaus, Sorbs, Spamcop, etc.

Email blacklisting can usually occur in these scenarios.

Your mail server gets compromised due to any malware or software vulnerabilities. Attackers can then hijack your mail server and send spam mails from it.

Valid user accounts in your server send a bulk of emails to different email addresses, as a part of their business campaign or promotions or other event notifications.

Email account passwords of users getting leaked to unauthorized users, who use these account to send bulk spam emails.

Security loop holes in the mail server due to improper configuration and security patches.

Email blacklist agencies keep track of the spamming server IP addresses using spam traps. Users can also submit complaints to the blacklisting agencies about spamming servers.

Examining the mail logs for email bounces and email returning with a message such as ‘Sorry, you are sending from an IP that has been blacklisted.’

Once your server IP address get blacklisted for spamming, getting it delisted is a time consuming process. Email service disruption for days or weeks can ruin your business.

That’s why its vital to protect your mail server from getting into a blacklist in the first place, and if at all it gets listed, timely detection and removal plays an important role.

[ Are your servers being spammed? Don’t panic. Click here to secure your mail server from abusers (plans starting at $25/month). ]

Email blacklist removal – How to go about it?

Constant monitoring of the mail server IPs in blacklists can be done using custom scripts. This is vital to detect and accomplish an email blacklist removal with minimal calamities.

If the mail server is blacklisted, immediate action we take is to stop the spamming and submit delist request after changing the mail server IP address.

Identifying the source of spamming is done by examining the email logs in the server. After pinpointing the culprit, immediate actions such as account suspension, disabling spamming scripts, etc. are done.

Mail server IP change helps to ensure seamless email delivery with the new IP address, if the previous one gets blacklisted, as delisting an IP address takes time, depending on the blacklisting agency.

We’ll discuss how to change mail interface IP in 3 popular mail servers.

1. How to change interface IP in Exim

If you are using exim mail server, it is easy to change the interface IP. The exim.conf file has to be checked for the section:

and under that, add the line:

After updating the desired IP address, exim server has to be restarted:

To confirm the IP change, the exim log file and email headers should be examined.

2. How to change interface IP in SendMail

To change the mail server IP in Sendmail, the file to be edited is /etc/mail/sendmail.mc. The following entry in the file has to be edited with the desired IP address in the ‘Addr’ section:

After editing, the new configuration file is generated using the m4 macro processor:

Restart Sendmail for the new update to take effect:

It is also possible to edit the configuration file sendmail.cf directly and make this change. But this is has to be done by experts, as it can end up breaking the mail server if not done right.

3. How to change interface IP in Postfix

The default configuration in Postfix makes the mail server available on all IP addresses. This is defined by the following entry in ” /etc/postfix/main.cf ” file:

To configure the Postfix mail server to listen to only a specified IP address, change the entry as follows:

Restart the Postfix mail server and it would start sending the mails from the new IP address assigned.

Once the mail server IP is changed, the RDNS and other anti-spam lookup records have to be updated with the new IP address.

[ Use your time to build your business. We’ll keep your server stable & fast. Our Server Maintenance plans start at $25/month. ]

How to protect your mail server from getting blacklisted?

Recurrent email blacklisting is something no server owner can afford. Changing mail interface IP is not practical everytime a blacklist occurs.

That’s why its important to stay safe from email blacklisting. At Bobcares, we protect our customers’ mail servers from getting blacklisted, with these proactive measures.

1. Prevent users from sending out spam

Many websites hosts mailing lists and newsletters for their business purposes. If not monitored and controlled, these mailing lists can end up being sources of spam and get your mail server IP blacklisted.

Monitoring the outgoing mails from the server using custom scripts helps to keep an eye on the count of emails sent from the server, and to prevent a blacklist.

Enforcing a strict password policy with strong passwords and periodic resets help to minimize the chance of user accounts getting hijacked by spammers.

There are several Anti-spam mail queue scanner products available, but they are expensive and license-bound. Moreover, scanning every mail is highly resource consuming.

At Bobcares, we monitor the outgoing and incoming mail logs and the mail queue for spam mails, using anti-spam and virus scanners such as Qmail-Scanner, SpamAssassin, ClamAV, etc.

We optimize and tweak the settings of the mail scanners to minimize the resource usage. Another easier and low-resource preventive measure is to limit the outbound mails.

By setting limit on the number of emails each mail account can send per hour by default, we prevent users from sending out huge volumes and getting the mail server blacklisted.

The default server outbound mail limit is increased for certain valid senders, based on their plan and business requirements. But this is usually only a very less %, and hence easier to monitor.

2. Secure mail server to prevent open relays

Most mail servers have a default configuration to prevent an open relay, nowadays. Open relaying is no longer a safe feature as it enables any spammer to send mail through your mail server.

But custom mail server configuration or updates may end up causing open relays. Mail server security can be tested using ‘telnet’ sessions.

We have our 24/7 security expert team that monitors the mail server security and secure mail servers to prevent open relays. This helps to ensure that no user would be able to send mails without proper authentication.

[ Making your server stable doesn’t have to be hard, or costly. Click here to keep your server rock solid (plans starting at $25/month). ]

3. Scan and disable malicious scripts

While preventing open relay secures the server from spammers who connect to mail server, there are other group of hackers who upload malicious scripts to your server and send mails using them.

These scripts can use remote mail servers to send mails, but can lead to your mail server IP being blacklisted. To avoid that, we configure firewall rules to prevent users from connecting to outgoing SMTP port.

Access to port 25 (mail server port) is restricted only to root user and mail server user, which prevents other scripts from sending mails from your server using remote mail servers.

PHP scripts allow mails to be sent from the server as user nobody. If these scripts include spamming ones, your mail server gets blacklisted. To combat this, we disable mails being sent from server as ‘nobody’ and switch to SuPHP.

4. Block spam script uploads to websites

Each website vary from another based on its business purpose. As a result, the web applications installed by different users can range from a simple CMS to a custom gaming application.

Over time, these web application software versions can get outdated or vulnerable, if not maintained properly. Attackers may exploit this vulnerability and upload malicious scripts.

Hackers can also exploit the weak security in users’ PC or laptop or hijack their account details. This enables them to upload malicious scripts to the server via these user accounts.

The problem is cumbersome in a shared hosting server where there are multiple users and applications. It is rather impossible for server owners to maintain and update all these software.

To combat the security issues related to malicious uploads, we configure web application firewalls such as Mod security in Apache, IIS and NginX. Using our server hardening service, we set custom rules to prevent hack and spam uploads to the webserver.

5. Configuring anti-spam records

Finally, we configure anti-spam records which are helpful in preventing email spoofing. The commonly configured anti-spam records are:

SPF (Sender Policy Framework) – SPF records are added for domains. It is an entry in its DNS record, that validates that the domain is not a spoofed one.

RDNS (Reverse DNS) – The reverse DNS record is setup for the hostname of the mail server to map to its IP address. RDNS helps other mail servers to look up the IP and validate your server.

DKIM (Domainkeys Identified Mail) – Domain key is an email authentication system to verify the domain of the email sender and to make sure that the message is not spam.

To summarize..

Open relays, account hacks, malicious scripts, all of these can end up trapping your mail server IP in blacklists. Once blacklisted, its hard to get delisted and to maintain the reputation.

At Bobcares, we help server owners ensure seamless email delivery in their mail servers using proactive security measures for their mail server and web server.

Bobcares helps online businesses of all sizes achieve world-class security and uptime, using tried and tested solutions. If you’d like to know how to make your mail servers secure and efficient, we’d be happy to talk to you.

The post Email blacklist removal – How to stay off blacklists for uninterrupted mail service appeared first on Bobcares.

Show more