Results 1 to 6 of 6

Thread: Blacklisted after testdriving Zimbra.

  1. #1
    rasjani is offline Junior Member
    Join Date
    Oct 2006
    Posts
    5
    Rep Power
    8

    Default Blacklisted after testdriving Zimbra.

    Hello all.

    First of all, excuse me if im posting this to wrong forum but here's my scenario:

    I have a fully patched FC5 server running in the office - all unnecessery services removed/stoped and only ssh listening to remote connections. I installed zimbra to a this server last week, added suitable MX record (IP only) to a valid dns (hostname does not have reverse name) and installed zimbra.

    Everything was working fine, i sent out few test emails, used abuse.net's relay testing and it reported the host to be fine (also checked relaying manually using telnet - just to be sure) . I also checked postfix configuration files manually as i have experience on running/maintaining it myself and all things looked nice.

    I gave my ok and passed the box to the company that is checking out zimbra and some days later they sent me email that they got email from their ISP saying that a another isp has blacklisted the ip for sending out spam.

    I checked the postfix logfiles and found this:

    Oct 4 15:19:59 localhost postfix/smtp[2804]: 06B7251C610: to=<xxx.yyy@xyz.fi>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=27780-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as D546451C611)
    Oct 4 15:19:59 localhost postfix/qmgr[27718]: 06B7251C610: removed
    Oct 4 15:20:00 localhost postfix/smtp[2831]: D546451C611: to=<xxx.yyy@xyz.fi>, relay=mta.inet.fi[81.228.11.141], delay=1, status=bounced (host mta.inet.fi[81.228.11.141] said: 550 mail not accepted from blacklisted IP address [X.Y.Z.D] (in reply to MAIL FROM command))
    Oct 4 15:20:00 localhost postfix/cleanup[2803]: 6D9C851C613: message-id=<20061004122000.6D9C851C613@localhost.localdoma in>
    Oct 4 15:20:00 localhost postfix/qmgr[27718]: 6D9C851C613: from=<>, size=3321, nrcpt=1 (queue active)
    Oct 4 15:20:00 localhost postfix/qmgr[27718]: D546451C611: removed
    So, the first email set to this Finnish/Swedish ip was bounced due to company ip being blacklisted.

    Im sure that this machine aint hacked. I've installed it some 30 minutes before installing zimbra - did the installation behind the firewall and upgraded the machine via apt-get from Funet (gpg key checks enabled ofcourse)..

    Now these two isp's are treatning the company with possible police investigation and arent cooperative when asking for information about the aclaimed spam batch.

    After receiving their threatmail, i shutdown zimbra (last saturday) - and our main isp is still not willing to give out any information. Weird. Since then i've been sniffing traffic, done checks on the machine, read the logs and alot of different things to find out why they where blacklisting that ip but found out nothing that would be considered as "spam flood"

    Allthou, there are few issues that might be the reason. The box had "localhost.localdomain" still as its hostname and zimbra installation was broadcasting that as its hostname in smtp sessions. Also, some smtp servers might check if the mta sending the message is in the zonefile of the domain (might have not been there due to dns caching) and if the servername in smtp session matches the reverse of the sender's ip..

    Anyone had similar problems ? Any suggestions ?

    *EDIT*
    Ps. People in the company have been sending emails to other isp's email boxes without getting blacklisted or banned.

  2. #2
    MarkStratmann is offline Member
    Join Date
    Sep 2006
    Posts
    10
    Rep Power
    8

    Default @localhost.localdomain

    The problem is becuase zimbra is giving its name as @localhost.localdomain. I had exactly the same problem when testing with the VMware trial version of zimbra. I was immediatly blacklisted by http://www.us.sorbs.net/ Check the web site and have yourself un-blacklisted.

  3. #3
    rasjani is offline Junior Member
    Join Date
    Oct 2006
    Posts
    5
    Rep Power
    8

    Default

    I was suspecting that, thanks for verifying.

  4. #4
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Exclamation

    I have a related question, my machine gives its name as machinename.machinename when the only domain in zimbra is not the same as the machine name, why would this be and where do I change it?

  5. #5
    tyco is offline Senior Member
    Join Date
    May 2006
    Posts
    52
    Rep Power
    9

    Default

    how did you change this?

    thanx christof

  6. #6
    rasjani is offline Junior Member
    Join Date
    Oct 2006
    Posts
    5
    Rep Power
    8

    Default

    If im not mistaken:

    zmlocalconfig --edit zimbra_server_hostname=new.host.name

    EDIT!

    I was mistaken, check the FAQ in the wiki, there's few commands how to do it the right way.
    Last edited by rasjani; 10-11-2006 at 03:15 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  2. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM
  3. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  4. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM
  5. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •