qmail and plesk environment - getting listed on spamhaus
Steve Freegard
steve.freegard at fsl.com
Mon Apr 14 18:09:13 IST 2008
Johnny Stork wrote:
> I have a client running a plesk/qmail hosting service who is having some
> trouble with getting their shared ip listed on spamhaus. I am looking
> into various solutions to suggest to them, possibly including ms if it
> can be integrated into the plesk environment. For now I would like to
> try and determine why they keep getting listed on spamhaus. Can anyone
> suggest some tips or a starting point to determine why they might keep
> getting listed?
This isn't really the place to ask this - but I'll answer it anyway.
There are 3 Spamhaus lists; SBL, XBL and the PBL. If you query
zen.spamhaus.org then you will get a result from all three lists which
are determined by the returned IP.
127.0.0.2 = SBL
127.0.0.4 = XBL
127.0.0.10/11 = PBL
Most likely they are being listed on either the SBL or XBL. If they are
listed on the SBL, then this is most likely due to spam originating from
this system and was most likely a manual listing by Spamhaus. The
Spamhaus web site will give you more information on the listing and tell
you what you need to do to get de-listed.
If they are listed on the XBL, then this was most likely an automated
listing and is either caused by a hacked formmail.pl or PHP script being
used to send mail or it is caused by qmail sending a HELO as 'localhost'
or 'localhost.localdomain' or the machine has been hacked and has an
open-proxy installed on it. You can find out more about this by going
to cbl.abuseat.org (which is the actual data provider for the XBL list)
and requesting a de-list. The web site will then walk you through the
possible causes.
Regards,
Steve.
More information about the MailScanner
mailing list