qmail and plesk environment - getting listed on spamhaus

Steve Freegard steve.freegard at fsl.com
Mon Apr 14 18:09:13 IST 2008

Johnny Stork wrote:
> I have a client running a plesk/qmail hosting service who is having some 
> trouble with getting their shared ip listed on spamhaus. I am looking 
> into various solutions to suggest to them, possibly including ms if it 
> can be integrated into the plesk environment. For now I would like to 
> try and determine why they keep getting listed on spamhaus. Can anyone 
> suggest some tips or a starting point to determine why they might keep 
> getting listed?

This isn't really the place to ask this - but I'll answer it anyway.

There are 3 Spamhaus lists; SBL, XBL and the PBL.  If you query 
zen.spamhaus.org then you will get a result from all three lists which 
are determined by the returned IP. = SBL = XBL = PBL

Most likely they are being listed on either the SBL or XBL.  If they are 
listed on the SBL, then this is most likely due to spam originating from 
this system and was most likely a manual listing by Spamhaus.  The 
Spamhaus web site will give you more information on the listing and tell 
you what you need to do to get de-listed.

If they are listed on the XBL, then this was most likely an automated 
listing and is either caused by a hacked formmail.pl or PHP script being 
used to send mail or it is caused by qmail sending a HELO as 'localhost' 
or 'localhost.localdomain' or the machine has been hacked and has an 
open-proxy installed on it.  You can find out more about this by going 
to cbl.abuseat.org (which is the actual data provider for the XBL list) 
and requesting a de-list.  The web site will then walk you through the 
possible causes.


More information about the MailScanner mailing list