• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

white list IP address

I got message from my hosting company, and my dedicated server IP address is in the black list
like the file I attached.

How can I fix it?

I have Window Server 2008 R2. The hosting company is using MS V-hyper. I am not network
administrator and hope to get easy solution from an expert.

My box has few domains.

Thanks


10-28-2011-5-15-39-PM.pdf
0
Webboy2008
Asked:
Webboy2008
  • 16
  • 6
  • 5
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
I would go check your domains here http://www.mxtoolbox.com/ before doing anything else.  Your file just shows timeouts, not spam problems.
0
 
PapertripCommented:
@Dave -- I think what that screenshot shows is that out of 106 blacklists checked, 4 of them showed his IP listed and 4 others timed out.

@Webboy -- This could very well be caused by an infected machine on your internal network.  Aside from scanning each server with potentially multiple anti-malware programs, you can do the following:

Block all internal -> internet:25 traffic except for your outgoing mail server(s), and make sure all applications are set to send mail through your mailserver and not from the local machines.  Then if the problem persists, you will have logs on the mail server which can help you pinpoint the culprit(s), at which point you can take action such as anti-virus/malware scans.
0
 
PapertripCommented:
Checking 206.125.x.x against 106 known blacklists...
Listed 0 times with 4 timeouts.

The 4 lists which failed:
CYBERLOGIC       TIMEOUT      ERROR, Reponse code=2             0
Spamhaus-ZEN       TIMEOUT                  0
SPAMRBL       TIMEOUT                  0
TECHNOVISION       TIMEOUT                  0
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Webboy2008Author Commented:
My web server only have SmartMail, and no exchange server or anything...how can i fix it?
0
 
PapertripCommented:
Which mail software you are running is irrelevant to the fix, unless SmartMail has no logging functionality (I imagine it does).

You need to block the traffic at your firewall and monitor logs for suspicious activity.

At some point you will need to de-list yourself from all the blacklists.  If you do it after making the firewall change but before finding the offending machine, then you could very well get re-listed again before being able to fix the source of the problem.  The flip side to that is, if the firewall change does fix your issue but you haven't de-listed yet, you won't really know if it's actually fixed unless you just watch the mail server logs 24x7.

Moral of the story here is don't get blacklisted in the first place, because they are a pain to get off of.
0
 
PapertripCommented:
Ah I may have overlooked an important part of the puzzle here -- is there only 1 server on your network?  If that is the case then it makes things potentially easier -- scan the hell out of it with multiple anti-virus/malware applications, and look through the mail server logs for suspicious activity.
0
 
Webboy2008Author Commented:
it is from the hosting company
http://www.accuwebhosting.com/windows-vps-server-hosting.html
It is VPS Pearl that i am using now.
It uses SmarterMail as service
0
 
PapertripCommented:
Who your hosting company is and what your mail software is has no bearing on the underlying solutions.  If you have full access to your VPS then you can do what is needed as I explained.
0
 
Webboy2008Author Commented:
I do have RDP access. but i really need step by step solution. as i mentioned, I am not network administrator and I probably don't know how to do that without completed instruction
0
 
PapertripCommented:
Just turn on logging in SmarterMail, monitor the logs for suspicious activity, scan for malware on your server, and de-list yourself from the blacklists.  Click on the links from the mxtoolbox blacklist results to see if anything links to the actual blacklist so that you can de-list yourself, or use Google to find the actual websites for the blacklists you are on.

http://www.hosting.com/support/smartermail-7/log-settings-configuration-in-smartermail-7

If you need specific help with SmarterMail and/or malware scanners, please submit new questions for that.
0
 
Webboy2008Author Commented:
1. How to scan for malware?
2. How to de-list from the blacklist?


Thanks
0
 
PapertripCommented:
1.  Please open a new ticket asking advice for malware scanning.
2.  I explained in my previous answer how to go about getting yourself de-listed.  I will paste again with a slight edit at the end.

Click on the links from the mxtoolbox blacklist results to see if anything links to the actual blacklist so that you can de-list yourself, or use Google to find the actual websites for the blacklists you are on, then de-list yourself from there.

0
 
Dave BaldwinFixer of ProblemsCommented:
The reason I suggested going http://www.mxtoolbox.com/ is because I thought the listings in the PDF looked suspicious.  And Papertrip's posting makes me think it even more.  In the text below, it shows listed 0 times.  The timeouts are not for 206.125.x.x but for contacting those 4 blacklists.

Checking 206.125.x.x against 106 known blacklists...
Listed 0 times with 4 timeouts.

The 4 lists which failed:
CYBERLOGIC       TIMEOUT      ERROR, Reponse code=2             0
Spamhaus-ZEN       TIMEOUT                  0
SPAMRBL       TIMEOUT                  0
TECHNOVISION       TIMEOUT                  0

My own domain which has no problems comes up the same on http://www.mxtoolbox.com/ with 5 timeouts and they are the same one listed above plus NOMOREFUNN.  I don't think he has a problem but I do think someone is trying to make some money fixing it.
0
 
PapertripCommented:
Woops sorry Dave, that was an example I pasted using my IP so that we could sort out why his PDF said "4 timeouts".
0
 
PapertripCommented:
I should have been more clear on that when I posted it, apologies to all.
0
 
Dave BaldwinFixer of ProblemsCommented:
Then I think he should get results directly from http://www.mxtoolbox.com/ and see what they are.   Looks like the sites in the PDF are 'complaining' about him sending from 'localhost' at 127.0.0.2 instead of from a domain name and IP.
0
 
Dave BaldwinFixer of ProblemsCommented:
I was wondering how you got his IP address...
0
 
PapertripCommented:
Actually those are just the "return codes" -- why on earth they are 127.x.x.x is beyond me, but it is not indicative of him sending from localhost.  To find out more info (hopefully) as to why he is on certain lists, you should goto the list itself and put your IP in there.

mxtoolbox is a great way to find which lists you are on, but it's best practice (sometimes just plain required) to goto the actual list as the next step.
0
 
PapertripCommented:
My he's and you/yours's are a bit mixed up in that reply, but you get the idea :)
0
 
Dave BaldwinFixer of ProblemsCommented:
I'm not sure what this is telling me: http://barracudacentral.org/rbl/how-to-use 

"For example, to check that the general DNSBL test address of 127.0.0.2 is listed in BRBL..."
0
 
Webboy2008Author Commented:
in summary, dave is right. My server has five different domains, and we use smtp in iis to send email back and forth. We also have smartermail to allow people sending email. but it is not very often.

I believe because the server use localhost to send email by smtp and now i need to know how to fix and how to take out from the blacklist.
0
 
PapertripCommented:
No offense to Dave of course, but as I said, those are just result codes given by the blacklists.  Everything I have told you so far is correct, I'm not sure why you aren't taking the corrective actions I have suggested.

These appear to be codes that are being returned by the blacklist. Some lists use these non-routing IPs as error codes. You would need to check with the specific blacklist to see what they mean. They use IP addresses due to the manner in which blacklists operate which is based on DNS systems.

 Hope this helps,

 Peter


_________________
Peter LeBlond
MxToolBox
Product Development Engineer
peter@mxtoolbox.com

http://community.mxtoolbox.com/forums/viewtopic.php?f=6&t=1278
0
 
PapertripCommented:
I believe because the server use localhost to send email by smtp and now i need to know how to fix and how to take out from the blacklist.

That will only matter if the HELO of your external sending server is set to 'localhost'.
0
 
PapertripCommented:
HELO and/or SMTP banner, depending on the wordage of your SmarterMail config.
0
 
Webboy2008Author Commented:
Like i said, I am not network administrator. I need instruction to do thing.
What Dave points out sound very close to my issue. and I never said your information is not correct.
I just need clear / step by step instruction so I know how to handle in the server.


0
 
PapertripCommented:
I have explained as much step-by-step as possible without having a SmarterMail installation to reference.

I have given a link to enable logging in SmarterMail, provided simple links from Google to the blacklists you are listed on, and explained how this needs to be fixed.

I have answered your original questions in detail.  If you need specific advice for SmarterMail (which was not part of the original question), please close this and open a new question.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 16
  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now