Trigger Box
New Pleskian
For the last week the server IP address is listed on the Spamhaus XBL list on a daily basis.
https://www.spamhaus.org/query/ip/196.201.6.183
We have run both chkrootkit and rkhunter and there seems to be no exploits on the server.
After delisting it takes less than 24 hours before it is listed again.
The XBL link takes us to http://www.abuseat.org/lookup.cgi?ip=196.201.6.183 with the following message:
The Plesk link takes us to: http://www.abuseat.org/PleskAvoid.html
We have changed the setting as recommended by the PleskAvoid article.
The server is details are as follows:
Operating system: Ubuntu 12.04.5 LTS
Plesk product: 12.5.30 Update #50
Installed mail server: Postfix
Installed IMAP/POP3 server: Courier-IMAP
Any help in this rather urgent matter will be greatly appreciated.
On a side note we had this issue a while back on Postfix but not when switching to Qmail. For the last week it happens on both Postfix for Qmail but we settled on Postfix - it is our understanding that it is better - and the suggested settings on http://www.abuseat.org/PleskAvoid.html is not available on Qmail.
https://www.spamhaus.org/query/ip/196.201.6.183
We have run both chkrootkit and rkhunter and there seems to be no exploits on the server.
After delisting it takes less than 24 hours before it is listed again.
The XBL link takes us to http://www.abuseat.org/lookup.cgi?ip=196.201.6.183 with the following message:
IP Address 196.201.6.183 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2016-10-19 10:00 GMT (+/- 30 minutes), approximately 3 hours ago.
It has been relisted following a previous removal at 2016-10-19 04:11 GMT (9 hours, 2 minutes ago)
Perhaps the person who previously removed it didn't actually fix the problem.
If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed. Find and remove the virus/spamware problem then use the CBL delisting link below.
In some unusual cases, IP addresses used in shared hosting (especially those using IPSwitch Imail, Plesk or Cpanel) can trigger CBL listings. If this is a shared hosting IP address, make sure that your mail server software is set up to identify _itself_ in its mail connections, not each of your customers.
If you are using Plesk, see this link.
If you are using cPanel, see this link.
It was last detected at 2016-10-19 10:00 GMT (+/- 30 minutes), approximately 3 hours ago.
It has been relisted following a previous removal at 2016-10-19 04:11 GMT (9 hours, 2 minutes ago)
Perhaps the person who previously removed it didn't actually fix the problem.
If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed. Find and remove the virus/spamware problem then use the CBL delisting link below.
In some unusual cases, IP addresses used in shared hosting (especially those using IPSwitch Imail, Plesk or Cpanel) can trigger CBL listings. If this is a shared hosting IP address, make sure that your mail server software is set up to identify _itself_ in its mail connections, not each of your customers.
If you are using Plesk, see this link.
If you are using cPanel, see this link.
The Plesk link takes us to: http://www.abuseat.org/PleskAvoid.html
We have changed the setting as recommended by the PleskAvoid article.
The server is details are as follows:
Operating system: Ubuntu 12.04.5 LTS
Plesk product: 12.5.30 Update #50
Installed mail server: Postfix
Installed IMAP/POP3 server: Courier-IMAP
Any help in this rather urgent matter will be greatly appreciated.
On a side note we had this issue a while back on Postfix but not when switching to Qmail. For the last week it happens on both Postfix for Qmail but we settled on Postfix - it is our understanding that it is better - and the suggested settings on http://www.abuseat.org/PleskAvoid.html is not available on Qmail.