• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Microsoft mail servers keep blacklisting server IP

Bjorn

Bjorn

Basic Pleskian
Hi,

Plesk Onyx Version 17.8.11 Update #38
CentOS Linux 7.6.1810
Postfix 2.10.1

Outgoing mail control is active and strict. SPF, rDNS, DKIM & DMARC are active.
Smart Network Data Service, IP status: normal
Mail-tester score 10/10

In the past, some sites on the server got hacked and this caused IP reputation and mail delivery problems.
We fixed this by maintaining ALL sites hosted on our server and we haven't gotten a hacked site for over a year now.
Email delivery to Microsoft mailservers was ok.

But now we're blacklisted again.. When I check an Office 365 exchange account I see the following mail log:

Reason: [{LED=550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP. For more information please go to Email non-delivery reports in Office 365 AS‎(8561)‎};{MSG=};{FQDN=};{IP=[IP_REMOVED]};{LRT=}]

Outgoing mail control limits weren't hit, all maillogs look ok.
Followed the steps here: Many email messages are sent from PHP scripts on a Plesk server. How to find domains on which these scripts are running if Postfix is used?
No excessive logins.

Microsoft is extremely not helpfull in providing a clear reason why the IP is blacklisted...

What are the best methods for monitoring ALL outgoing mail from our server, phpmailer included?

I'm hoping someone can guide me in the wright direction to tackle this problem.

Regards, Bjorn
 
Last edited:
Hi Mark,

Thanks for your quick reaction. I did check MX toolbox and it was clear.
When I check your link, which is very comprehensive btw, I see 2 blacklistings:
- RFC-Clueless (RFC²) Metalist RBL
- RFC-Clueless (RFC²) whois RBL

They don't give much info, I only see this notice:
domain is INDIRECTLY listed in an RFC2 list. It's added on 2012-09-27 18:07:30.. o_O

I tried their removal process but it returns: Host is not listed there.

Does it help if I share our server IP here??

I'm currently creating a wrapper script that logs mails send by phpmailer.
 
Bjorn said:
Smart Network Data Service, IP status: normal
Click to expand...
If this refers to Sign in to your Microsoft account and MS systems are showing a "green" state for the IP there, their network is not receiving spam from your server. Did you actually check SNDS with Microsoft or another service? In case MS SNDS is showing green, you can apply for a delisting here: https://support.microsoft.com/en-us...productkey=edfsmsbl3&ccsid=635648144919316674

If MS SNDS is not showing a green state and you are sure that no spam is visible in your /var/log/maillog leaving your system, check your process list for
sendmail
and
exim
processes. It is then likely that these standalone mailers have been started through a user account and are sending spam. They bypass the /var/log/maillog so it seems that the server is not sending spam while it is spamming like crazy.
 
"If this refers to Sign in to your Microsoft account and MS systems are showing a "green" state for the IP there, their network is not receiving spam from your server. Did you actually check SNDS with Microsoft or another service? In case MS SNDS is showing green, you can apply for a delisting here: https://support.microsoft.com/en-us...productkey=edfsmsbl3&ccsid=635648144919316674 "

It's not green, but the status is 'normal':
snds.JPG

I already requested a de-list yesterday and received an email from MS this morning. Strangly the mail content only holds our server IP, and 'You can find the ticket number in the email subject'.
No further info, is the de-list done, are they still working on it, no idea........!

We have an Office 365 account with an Online exchange license. Sending mail through the Office 365 SMTP from another IP is working perfectly.
When I try to send a mail from our server through the office SMTP, I see the following (365) exchange log:

Reason: [{LED=550 5.7.708 Service unavailable. Access denied, traffic not accepted from this IP. For more information please go to Email non-delivery reports in Office 365 AS‎(8561)‎};{MSG=};{FQDN=};{IP=52.134.103.155};{LRT=}]

So apparently our IP is still on their blacklist.
When I check the 5.7.708 error code, it states we have to contact MS, only errors in the 600 range mention the de-list procedure.

I hate MS..

----
I've created a PHPmail wrapper yesterday, that logs all outgoing mails from PHP mail.
After a day logging everything looks ok, I only see valid mails.
----

When I search the process list for sendmail & exim I see the following results:

sendmail.JPG


You think these may be malicious?
 
No, these are not malicious, these are only the "grep" command entries. You'd see additional lines if there were processes.

If the MS SNDS status is normal, MS should deliver the mails. It looks as if only MS support will be able to help you with this.
 
You must log in or register to reply here.

Similar threads

V
Issue Smarthost + SRS = relay?
Replies
2
Views
881
vanlier
V
M
Question Hackers are sending tons of mails
Replies
4
Views
521
MrPleskLearner
M
yabado
Issue Sending Mail Suspended after changing outgoing IP?
Replies
0
Views
877
yabado
yabado
J
Issue 421-4.7.28 error when sending mail to Google server
Replies
5
Views
15K
mow
M
B
Resolved My mail server is on a spam list
Replies
2
Views
4K
brownbag
B
Back
Top