• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Mailserver does not work "out of the box"

bruno911

bruno911

New Pleskian
I've a new VPS, and since then I haven't been able to send email notifications. At first the port 25 for outbound traffic was blocked, now it is ok. But my ip was added to a black list, with this reason:

CBL Lookup Utility
IP Address xx.xx.xx.xx is listed in the CBL. It shows signs of being
infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2016-11-08 03:00 GMT (+/- 30 minutes), approximately 10
hours ago.
This IP address is HELO'ing as "localhost.localdomain"
which violates the relevant standards (specifically: RFC5321).
The CBL does not list for RFC violations per-se. This _particular_ behaviour,
however, correlates strongly to spambot infections.
In other words, out of thousands upon thousands of IP
addresses HELO'ing this way, all but a handful are infected
and spewing junk. Even if it isn't an infection, it's a misconfiguration that
should be fixed, because many spam filtering mechanisms
operate with the same rules, and it's best to fix it
regardless of whether the CBL notices it or not.
DO NOT TELNET TO YOUR SERVER TO SEE WHAT IT SAYS.
Telnet will show you the banner, not the HELO."

So in the maillog I have something like this:

(mxeue002) Nemesis ESMTP Service not available 554-No SMTP service 554-IP
address is black listed. 554 For explanation visit

When I telnet the server, I get:

Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
 
I don't think this is a Plesk issue, it's your server's hostname that's not setup. I had this before too, you get CBL blacklisted because the server's name is localhost.localdomain. Spammers often don't change this, either because they're in a hurry or because they don't want to give away their identity. I've written an article about how to check what your server HELO's as: http://wpguru.co.uk/2015/11/how-to-remove-an-ip-from-the-cbl-composite-blocking-list/

Set the hostname to something else, like your main domain, then try the HELO check again. When it's OK, de-blacklist yourself from the CBL. Good luck!
 
You should also ensure that ReverseDNS (aka PTR) is set for your IP address(es). Failure to do this will get you blacklisted.
You may need to get your server provider to set this for you.

For the Microsoft services - Hotmail etc - you may need to register with their SNDS service as they run their own block lists and can be a bit fussy.



Jay: I guess that's in your guide, but that link isn't working.
 
You must log in or register to reply here.

Similar threads

T
Issue Server listed on Spamhaus XBL on a daily basis
Replies
12
Views
3K
UFHH01
U
Back
Top