1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Qmail Advice Needed

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by arctic_ged, Nov 16, 2009.

  1. arctic_ged

    arctic_ged Guest

    0
     
    Hi All,

    I did a spam black list check on my server IP address using this link (http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:87.106.64.19) and found that my sever IP address has been listed on the Backscatter.org.

    From what I understand It appears that Qmail accepts emails without checking if the address is valid then sends out a bounce back message to the fake email address that spam was sent from. And that's what got my server listed on the Backscatter.org.

    I really want to fix this but after spending an entire day searching on the net I am completely lost.

    My server is running Plesk v9.2.3 (FedoraCore 4) and would like to know if someone can point me in the right direction of what I need to do.
     
  2. MxToolBoxS

    MxToolBoxS Guest

    0
     
    Thanks for using our Blacklist tool!

    You are on the right track, we don't know how to configure recipient checks during the SMTP conversation in Qmail + Plesk. If the spoofed domains have SPF records then enabling an SPF check would help somewhat. Any type of perimeter security appliance or service would be able to do this for you as well.

    If you figure out how to do this I am sure others would appreciate it if you could post the instructions here.
     
  3. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,547
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
    This generally means that either you have your server misconfigured, you are leaking spam, or your server is generating 'backscatter' which can get you listed as well. To check the first item, you should review 'Best Practices' documents to see if you are configured correctly. Our MagicSpam partner has a good resource for that. (http://www.linuxmagic.com/best_practices/) If you think your server is causing 'backscatter', this may be when you have your SpamAssassin or email server configured to 'bounce' spam, but they get bounced to forged addresses. You might want to consider MagicSpam for Plesk, which blocks that traffic, rather than bouncing it.

    New FAQ's

    Q. Can MagicSpam for Plesk work with the SpamAssassin Module?

    A. Yes, MagicSpam acts during the SMTP phase, and your SpamAssassin works after. MagicSpam and SA will work happily together, and SpamAssassin server loads will drop significantly.

    Q. My SpamAssassin load is going through the roof! Help!

    A. Have you considered MagicSpam for Plesk? One of the simplest and easiest add-ons for Plesk, it not only stops the majority of attacks before it hits SpamAssassin, but rejects the bulk of trojan and bot generated emails without adding to server load.

    Q. Can I use RBL's or Blacklists with Plesk?

    A. Yes, you can. But you might find it simpler and easier to use the MagicSpam Module for Plesk. This allows for simpler management, whitelisting, blacklisting and full logging of all SMPT traffic, both HAM and SPAM, and it comes with automatic subscriptions to many of your favourite RBL's

    Q. I tried to deliver a bounce message to this address, but the bounce bounced!

    A. This can happen when a spammer forges a from signature. It is called 'backscatter', and can get you on blacklists, even though you didn't send the email. Spammers try to 'bounce' emails off of your server. You need to 'reject' emails instead of bouncing them whenever possible. There is a Spam Module from one of our partners which is especially good at stopping the majority of this problem. Visit our store, or http://www.magicspam.com for more information.
     
Loading...