Removing Spam classification from your mail server

[wraith808]

I run my own server on a highly regarded data center's infrastructure, and have a lot of different domains, and troublingly for this issue, mailing lists for several PbEMs.  One of the sites on one of the domains hosted by a client had a wordpress vulnerability that was exploited to send spam.  I've closed that hole, and made sure that it won't happen again as I'm now aware of the wordpress site, and have made it have autoupdates.

However, I'm dealing with the fallout from the spammer's e-mails.  I've contacted yahoo, setup spfs, and contacted barracuda, but it's so bad now that I can't even send e-mail from myself to my family, as my family's e-mail forwarding is on my domain hosted by google.  A couple of those spam lists are totally automated also, so I can't even request for leniency nor a re-evaluation.  How can I facilitate getting my reputation restored?  Or is there any way?

[mouser]

This is one of those super frustrating things.. As the big players have taken over providing email services, the blacklisters have slowly but surely decided that they don't care much if they falsely label a small domain/server as being a spammer.  It just doesn't seem to be worth their time to care about the issues.  I guess they figure that as long as they make sure to keep gmail happy, why should they expend customer service time trying to figure out if a small mail server is really spamming or not..

My experience has been that very little can convince them you are not a spammer once you get on their blacklist, other than just waiting it out and they will eventually remove you from their blacklist..

[wraith808]

That's what I was afraid of.  How long does it usually take?  Not being able to send e-mail is more than a little inconvenient, especially as I have other clients on that server   I was thinking if it was going to be an extended period of time, I've needed to update my infrastructure for a while which was going to change my IP and was going to be work... but it would serve to get me off their lists.

[wraith808]

Strange... if I use the easy way at mxtoolbox.com, I'm listed on Protected Sky.  If I do a dig on my mailserver from protected sky, i.e. dig [ip address].bad.psky.me, I get back that I'm not, i.e. status: NOERROR

I don't know enough about this stuff... does anyone have any ideas?

[Shades]

Currently I am experiencing a somewhat similar problem. I also run my own mail server and rent a static IP address from the biggest telco here in Paraguay. MxToolBox site shows me that I am flagged by only one, in my case SPAM RATS Dyna.

The instructions on the MxToolBox website are quite clear, first check if there are no viruses and/or malware. Then check if all the records (MX) and proper returns (PTR) are configured correctly on your end and/or by your ISP. Once your done, most of the anti-spam organizations allow you to rid your IP from their list. They will keep an eye on you for a x amount of time, but if nothing happens again in that x amount of time, all goes back to being fine.

At least, that is how the story is supposed to go.

In my case the SPAM RATS Dyna website states that the whole C-block of IP addresses to which my IP belongs is being blocked. And because of that, no option to remove myself from that list is provided.

The telco states that there is nothing wrong at all, so it will be a long time before my IP will be removed. On previous cases the story above did work as intended.

Now, ISP servers make use of those spam list and as there are a lot of list providers, most ISPs only use 2 or 3 of these list. The SPAM RATS Dyna isn't a popular list in Europe, where most of my mail communication takes place, so the spam block hardly affects me. Mail to the US on occasion does bork.

Please take a look at the source of bounced messages, you will see a lot of error codes. Servers usually respond with the reason why a message bounced, but often also provide you with the (exact) name of the list they are using. You could then ask the owner/maintainer of the receiving mail server to make an exception for your IP, or perhaps even persuade them to use a better spam list provider. This might go easier if you can provide them with web shots from the steps you have taken to be removed from that list and the unwillingness of the spam list provider to do so.

The MxToolbox website allows you to create a free account where your IP is periodically checked against a subset of spam list providers to see if there is a problem. You'll have to upgrade to a paid account for the full set. If your server is flagged by multiple spam lists, you have a bigger problem. This would be why you look up mail server responses from bounced mail(s).

Sorry I have no better response, my problems with spam lists have been rather easily solved until now... (knocking on wood).

[Carol Haynes]

I had a similar problem ages ago - the simplest solution is to have multiple IP addresses on your server and when a problem arises and you are sure nothing bad is going on simply ask the data centre to swap to an alternative IP and presto you are clear again.

By the time the problem arises again (and it will) the old IP will be clean again so swap back.

My data centre seems pretty happy with doing this.

[wraith808]

That's actually a really good idea, as I have an unused IP.  Thanks!

[Carol Haynes]

 

[Stoic Joker]

I had a similar problem ages ago - the simplest solution is to have multiple IP addresses on your server and when a problem arises and you are sure nothing bad is going on simply ask the data centre to swap to an alternative IP and presto you are clear again.

-Carol Haynes (February 26, 2017, 11:42 AM)

I use a slightly different variation on the same theme. All of the traffic going out of our network (including various secondary web sites) is forced to one IP in our CIDR block except the primary mail server (we have 3) which stays segregated on it's own IP so it's allowed to rise (or fall...) based solely on its own reputation. The other two mail servers are a private authenticated relay server (for customers), and a hidden "Human Firewall" Phishing server (for IT access only) that we torture the staff with (both are on separate IPs).

However a few years back after running with a flawless reputation for almost a decade, an ISP swap landed us with an address that was blacklisted by one of the listers. But after a - bad Stoic moment - low grade ballistic phone call to the ISP it got sorted out in a matter of hours.

Most of the blacklist sites have an interface that - can be a bitch to find... - allows you to submit yourself or a "retest" to get delisted. First offence removals aren't usually difficult ... But second offences are intentionally treated quite harshly..

[wraith808]

I've been removed from two - Barracuda and Truncate.  Protected sky doesn't show me if I dig from the shell, but shows me if I search on MxToolbox.  I actually have two servers, so I just started using the mail server on the second server rather than going through changing the IP.