1 (edited by mithu 2015-09-06 05:07:15)

Topic: Server IP blacklisted and Undelivered Mail Returned to Sender

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.6.0
- Linux/BSD distribution name and version: iRedAdmin-Pro    v1.4.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: yes, as attached
====

Our Server IP has blacklisted due to send spam mail and we are unable to send mail to gmail.
There is attached a bounce mail.
1) How can we identify the spam mail sender? or from which log we can detect the bulk mail sender?
2) How can we protect against spam mail?
3) How can we delist  our Server IP from blacklist?

We are now in great problem for the above issue.
Can you please suggest us to release the problem?

Post's attachments

bounce mail.txt 2.29 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Server IP blacklisted and Undelivered Mail Returned to Sender

mithu wrote:

1) How can we identify the spam mail sender? or from which log we can detect the bulk mail sender?

Check Postfix log file (/var/log/maillog or mail.log).
Postfix is MTA, it's required to send out emails. So it will log info of outbound spams, you need to figure it out yourself.

mithu wrote:

2) How can we protect against spam mail?

Force all users to use a strong password. Weak password is the weakest part of a mail server.
Spammer doesn't want your ssh access or steal sensitive info stored on your server, they just want to use your mail server to send spam emails.

mithu wrote:

3) How can we delist  our Server IP from blacklist?

Check your IP address with http://mxtoolbox.com

3

Re: Server IP blacklisted and Undelivered Mail Returned to Sender

== UPDATE ==

I just committed two small scripts to help find the sasl username used by spammer -- if they sent out email by cracking some user's password. You can find them here:
https://bitbucket.org/zhb/iredmail/src/ … at=default

File names:

*) tools/find_top_sasl_usernames.sh: Find and sort usernames used for smtp authentication in Postfix log file.
*) tools/find_sasl_login_ip.sh: Find login IP address of specified username which is used for smtp authentication.