Réseaux et Télécom » Mon joli serveur mail blacklisté
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 20:41:39,
Par zion<////@hotmail.com>: host mx4.hotmail.com[65.55.37.88] said: 550 OU-001
Mail rejected by Windows Live Hotmail for policy reasons. Reasons for
rejection may be related to content with spam-like characteristics or
IP/domain reputation problems. If you are not an email/network admin please
contact your E-mail/Internet Service Provider for help. Email/network
admins, please visit http://postmaster.live.com for email delivery
information and support (in reply to MAIL FROM command)
<*******@hotmail.com>: host mx4.hotmail.com[65.55.37.88] said: 550
OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons
for rejection may be related to content with spam-like characteristics or
IP/domain reputation problems. If you are not an email/network admin please
contact your E-mail/Internet Service Provider for help. Email/network
admins, please visit http://postmaster.live.com for email delivery
information and support (in reply to MAIL FROM command)
<****************@lajeunechambre.be>: host
mx3-cl.celeonet.fr[193.25.197.210] said: 554 5.7.1 Service unavailable;
Client host [85.234.223.210] blocked using cbl.abuseat.org; Blocked - see
http://cbl.abuseat.org/lookup.cgi?ip=85.234.223.210 (in reply to RCPT TO
command)
<*************@lajeunechambre.be>: host mx3-cl.celeonet.fr[193.25.197.210]
said: 554 5.7.1 Service unavailable; Client host [85.234.223.210] blocked
using cbl.abuseat.org; Blocked - see
http://cbl.abuseat.org/lookup.cgi?ip=85.234.223.210 (in reply to RCPT TO
command)
Ah benh oui mais du coup bon, ça va fonctionner moins bien
Bon, au secours, qqn a une idée?
Je suis en train de lire, mais je suis nase, ça tombe à un super moment quoi
Genre j'ai que ça à faire
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 20:41:50,
Par zionEn attendant, personne aura plus de mail d'info du coup
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 20:50:22,
Par zionMais enfin j'hallucine... en fait c'est parce que ils sont passé sur mon serveur, qu'ils ont testé que le HELO retournait mail.akretio.be qui lui était 85.234.223.212 alors que l'ip que eux détectent est celle du firewall qui elle est 85.234.223.210 et du coup DMC
C'est amusant
C'est amusant
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 20:53:28,
Par rfrLe lookup cpl ne donne rien, d'après l'URL tu n'es pas listé. Si tu m'envois un mail, que dit mon serveur?
It was previously listed, but was removed at 2009-03-17 19:48 GMT
Dernière édition: 17/03/2009 @ 20:55:07
It was previously listed, but was removed at 2009-03-17 19:48 GMT
Dernière édition: 17/03/2009 @ 20:55:07
To die is a time consuming activity, it often takes a lifetime (but some are faster than others ... though)
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 21:00:06,
Par zionJe viens de demander un délistage, faut pas rire.
J'ai ça de leur check
Ce qui est faux dans un sens, le serveur mail est en 85.234.223.212, pas en 210, le 210 c'est le firewall
J'ai ça de leur check
<helocheck@cbl.abuseat.org>: host mail-in.cbl.abuseat.org[82.94.216.251] said:
550 HELO for IP 85.234.223.210 was "mail.akretio.be" (in reply to RCPT TO
command)
550 HELO for IP 85.234.223.210 was "mail.akretio.be" (in reply to RCPT TO
command)
Ce qui est faux dans un sens, le serveur mail est en 85.234.223.212, pas en 210, le 210 c'est le firewall
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 17/03/2009 @ 21:07:09,
Par zionBon j'ai rien compris au pourquoi, mais je lui ai foutu un nouveau DNS avec l'IP du firewall comme étant mon nouveau myhostname, on verra bien comme ça. Mais ça n'a pas de sens
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 18/03/2009 @ 10:53:50,
Par AltarTu dois aussi avoir le reverse dns de ton ip qui pointe vers ton dns
Mon joli serveur mail blacklisté
Publié le 18/03/2009 @ 11:59:14,
Par maxoui mais bon:
telnet mail.akretio.be 25
Trying 85.234.223.212...
Connected to [b]mail.akretio.be[b].
Escape character is '^]'.
220 firewall.akretio.be ESMTP Postfix (2.5.1)
...
et
$ host firewall.akretio.be
firewall.akretio.be has address 85.234.223.210
et enfin
$ host 85.234.223.210
Host 210.223.234.85.in-addr.arpa not found: 3(NXDOMAIN)
Il semblerait que il y ai une curiosité qui soit à la base de toute cette histoire...
Dernière édition: 18/03/2009 @ 12:03:11
telnet mail.akretio.be 25
Trying 85.234.223.212...
Connected to [b]mail.akretio.be[b].
Escape character is '^]'.
220 firewall.akretio.be ESMTP Postfix (2.5.1)
...
et
$ host firewall.akretio.be
firewall.akretio.be has address 85.234.223.210
et enfin
$ host 85.234.223.210
Host 210.223.234.85.in-addr.arpa not found: 3(NXDOMAIN)
Il semblerait que il y ai une curiosité qui soit à la base de toute cette histoire...
Dernière édition: 18/03/2009 @ 12:03:11
Trololo
Mon joli serveur mail blacklisté
Publié le 18/03/2009 @ 13:06:41,
Par zionMax> Justement c'était pas ça réponse avant, c'était mail.akretio.be qui avait comme ip 85.234.223.212 et qui a un reverse, j'ai été obligé hier de changer en 85.234.223.210 qui est l'ip du firewall parce que sinon ils blacklistent mon SMTP
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 05/04/2009 @ 21:39:18,
Par zionBordel ils ont recommencé ...
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 05/04/2009 @ 23:03:52,
Par Altaril faut arrêter le spam
Mon joli serveur mail blacklisté
Publié le 05/04/2009 @ 23:15:31,
Par antpouais mais qu'est-ce qui va payer le serveur alors ?
mes programmes ·· les voitures dans les films ·· champion des excuses bidons
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 07:20:49,
Par gizmoBah, ils ont déjà blacklisté au moins deux fois les serveurs mail de Scarlet, donc bon
Concept vivant.
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 09:21:02,
Par zionJ'adore leur réponse automatique:
Il y a quelques phrases qui me font bondir... et dire qu'on se base sur ces gens pour qualifier ou non un serveur de vilain spammeur
The IP 85.234.223.210 was detected most recently at:
2009:04:05 ~07:30 UTC+/- 15 minutes (approximately 13 hours ago)
sending email in such a way as to strongly indicate that the IP itself
was operating an open http or socks proxy, or a trojan spam package.
You will need to examine the machine for a spam trojan or open
proxy. Up-to-date anti-virus tools are essential.
If the IP is a NAT firewall, we strongly recommend configuring the
firewall to prevent machines on your network connecting to the Internet
on port 25, except for machines that are supposed to be mail servers.
Note: 85.234.223.210 was found to be using the following name as the HELO/EHLO
parameter during connections:
localhost.localdomain
Which is an illegal name according to the RFC2821 SMTP mail
protocol standards. RFC2821 requires that the machines claim names
that are a fully qualified domain names or IP addresses enclosed
in square brackets.
You will need to investigate why this is happening, and stop it from
doing that.
This is usually a spamware/trojan infection. In the off chance
that it isn't, we recommend you examine your mail server configuration
and ensure that your mail server is using an appropriate domain name.
One way of testing whether your mail server is misconfigured
is to send an email through it to helocheck@cbl.abuseat.org. You will
get a virtually immediate rejection. Examine the error message,
and you should see something like:
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "smtp"
It should be the fully qualified domain name for your mail server.
Like "mail.example.com". If it's localhost.domain, or things without
".", this is what you need to fix. If the test DOES NOT show an
invalid HELO, that means that something else on your computer is
emitting it, and you'll need to identify what it is and fix or
remove it.
Variations on "localhost" at best suggest that you're running
relatively old mail server software that hasn't been configured.
Some old versions of sendmail (particularly those on Linux),
and several Perl mail modules (eg: Net::SMTP, "SendEmail"
and "CheckUser" programs/modules) default to these values, and need
to be configured properly.
Information on configuring sendmail can be found here:
http://cbl.abuseat.org/sendmailhelp.html
More information on these detections in general (including
specifics on several Perl modules) can be found here:
http://cbl.abuseat.org/lh.html
Apparently the "MXLookup" plugin for SpamPal helos as localhost.
Turn it off until you can get a fixed version. It is unknown
as yet whether a fixed version is available.
If you're using fetchmail: older versions of fetchmail almost always
use "localhost". The latest version (as of 2006/02/22 is 6.3.2) will
use "localhost" if the gethostname() function fails. You should upgrade
to the latest version, and make sure that gethostname() returns the
fully qualified domain name of your machine - which will probably
involve mucking about with /etc/hosts and sethostname/setdomainname.
If all else fails, hack the source.
If you're running Smartmax Mailmax, please apply the changes documented
here: http://support.sightmax.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=- 229&nav=0,8,27
Useful links:
http://www.ftc.gov/secureyourserver/
http://spamlinks.net (see "Securing your System" and "proxies")
http://www.fr2.cyberabuse.org/?page=abuse-proxy
For more information on securing NAT firewalls/gateways, please
see http://cbl.abuseat.org/nat.html
This entry has already been delisted from the CBL. Unless otherwise
stated, the CBL will relist this IP if the underlying issues are not
resolved, and the CBL detects the same thing again.
-- Jay, CBL Team
2009:04:05 ~07:30 UTC+/- 15 minutes (approximately 13 hours ago)
sending email in such a way as to strongly indicate that the IP itself
was operating an open http or socks proxy, or a trojan spam package.
You will need to examine the machine for a spam trojan or open
proxy. Up-to-date anti-virus tools are essential.
If the IP is a NAT firewall, we strongly recommend configuring the
firewall to prevent machines on your network connecting to the Internet
on port 25, except for machines that are supposed to be mail servers.
Note: 85.234.223.210 was found to be using the following name as the HELO/EHLO
parameter during connections:
localhost.localdomain
Which is an illegal name according to the RFC2821 SMTP mail
protocol standards. RFC2821 requires that the machines claim names
that are a fully qualified domain names or IP addresses enclosed
in square brackets.
You will need to investigate why this is happening, and stop it from
doing that.
This is usually a spamware/trojan infection. In the off chance
that it isn't, we recommend you examine your mail server configuration
and ensure that your mail server is using an appropriate domain name.
One way of testing whether your mail server is misconfigured
is to send an email through it to helocheck@cbl.abuseat.org. You will
get a virtually immediate rejection. Examine the error message,
and you should see something like:
#5.1.1 SMTP; 550 Your HELO name for IP address 1.2.4.6 was "smtp"
It should be the fully qualified domain name for your mail server.
Like "mail.example.com". If it's localhost.domain, or things without
".", this is what you need to fix. If the test DOES NOT show an
invalid HELO, that means that something else on your computer is
emitting it, and you'll need to identify what it is and fix or
remove it.
Variations on "localhost" at best suggest that you're running
relatively old mail server software that hasn't been configured.
Some old versions of sendmail (particularly those on Linux),
and several Perl mail modules (eg: Net::SMTP, "SendEmail"
and "CheckUser" programs/modules) default to these values, and need
to be configured properly.
Information on configuring sendmail can be found here:
http://cbl.abuseat.org/sendmailhelp.html
More information on these detections in general (including
specifics on several Perl modules) can be found here:
http://cbl.abuseat.org/lh.html
Apparently the "MXLookup" plugin for SpamPal helos as localhost.
Turn it off until you can get a fixed version. It is unknown
as yet whether a fixed version is available.
If you're using fetchmail: older versions of fetchmail almost always
use "localhost". The latest version (as of 2006/02/22 is 6.3.2) will
use "localhost" if the gethostname() function fails. You should upgrade
to the latest version, and make sure that gethostname() returns the
fully qualified domain name of your machine - which will probably
involve mucking about with /etc/hosts and sethostname/setdomainname.
If all else fails, hack the source.
If you're running Smartmax Mailmax, please apply the changes documented
here: http://support.sightmax.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=- 229&nav=0,8,27
Useful links:
http://www.ftc.gov/secureyourserver/
http://spamlinks.net (see "Securing your System" and "proxies")
http://www.fr2.cyberabuse.org/?page=abuse-proxy
For more information on securing NAT firewalls/gateways, please
see http://cbl.abuseat.org/nat.html
This entry has already been delisted from the CBL. Unless otherwise
stated, the CBL will relist this IP if the underlying issues are not
resolved, and the CBL detects the same thing again.
-- Jay, CBL Team
Il y a quelques phrases qui me font bondir... et dire qu'on se base sur ces gens pour qualifier ou non un serveur de vilain spammeur
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 10:22:10,
Par AltarJ'adore leur réponse automatique:
Il y a quelques phrases qui me font bondir... et dire qu'on se base sur ces gens pour qualifier ou non un serveur de vilain spammeur
Il y a quelques phrases qui me font bondir... et dire qu'on se base sur ces gens pour qualifier ou non un serveur de vilain spammeur
Comme ?
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 10:51:04,
Par zionSome old versions of sendmail (particularly those on Linux),
Parce que bon, sendmail sous Windows
Je suis le Roy
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 11:25:49,
Par Dr_DanParce que, sendmail tourne sur les plateformes unix autres que linux..
Se tromper est humain ; Vraiment foutre la merde necessite le mot de passe de root.
Mon joli serveur mail blacklisté
Publié le 06/04/2009 @ 11:32:39,
Par zionOui enfin bon hein
Je suis le Roy