Blacklisted ? Switch your Mail Server IP

Hello,

I’m pretty sure that many of us are tired of the word ‘Spam’. How about your mails being rejected from your domain when sending to Top level E-mail providers like GMail, Yahoo and MSN Hotmail ? It may be a familiar weird issue to many of you. This post is about how to tackle those situations. But if you are an End-user, please contact your System Admin. But if you are the one by that name, read on !

Case

The E-mails being rejected to the Top level providers since your server IP is blacklisted. You can check whether your server IP is blacklisted at : http://www.mxtoolbox.com/blacklists.aspx (Read xxx.xxx.xxx.xx as your server IP)

When the IP is entered and you click ‘Blacklist Check’, the resultant screen should be expected as (Assuming your server IP is on a blacklist)

There you go, your server IP is blacklisted, only thing that varies is the number of blacklists. So, what is the solution ? Most will be preferring to provide a dedicated IP to the domain which is having the issue. But when a whole Server IP is blacklisted, this will not work. But as usual, there is nothing new under the Sun !!

Solution

Switch the Mail server IP of the Server.

Work

Find a free IP, make sure its allocated to  the server, or else add it to the server. That is upto you. After this, there are a few steps, which is just a Walk in the Park

1) Access the WHM of the Server, as root. Go to Exim Configuration Editor. Find out the Category Domains and IPs, and enable this option :

Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)

Save the Changes.

2) Login to server through SSH, Switch to root

root@server[~]# vi /etc/mailips

Add this line
* : xxx.xxx.xxx.xx (Your Mail server IP)

So the following should be seen when reading the content in /etc/mailips

root@server[~]# cat /etc/mailips
*: xxx.xxx.xxx.xx

3) Add a Reverse DNS entry for the IP, you may need to contact DC for this. When you are finished this do the steps :

root@server[~]# vi /etc/mail_reverse_dns

Add this line
xxx.xxx.xxx.xx: hostname

4) Change File attributes of /etc/mailips

root@server[~]# chattr +i /etc/mailips
root@server[~]# lsattr /etc/mailips
----i-------- /etc/mailips

5) Final Steps : Build Exim Config file to reflect changes, Restart Exim Service

root@server[~]# /scripts/buildeximconf
root@server[~]# service exim restart

Case is Resolved ! Now you must be able to send E-mails everywhere. Try it.

Plesk Windows Horde This request cannot be completed because the link you followed or the form you submitted was only valid for minutes. Please try again now.

Error when trying to logout would be as below and won’t let you logout as well.

“This request cannot be completed because the link you followed or the form you submitted was only valid for minutes. Please try again now.”

Solution

Edit C:\inetpub\vhosts\webmail\horde\lib\horde.php (Drive Letter will depend on where you installed Webmail/Plesk and configured IIS to load virtual hosts from)

And search for section ” SESSION['horde_form_secrets' " in the Horde.php  and instead of

if ($_SESSION['horde_form_secrets'][$token] +  $GLOBALS['conf']['urls']['token_lifetime'] * 60 < time()) {
return PEAR::raiseError(sprintf(_(“This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes”),  $GLOBALS['conf']['urls']['token_lifetime']));
}

it should be

if (($_SESSION['horde_form_secrets'][$token] + $GLOBALS['conf']['urls']['token_lifetime']) * 60 < time()) {
return PEAR::raiseError(sprintf(_(“This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes”), $GLOBALS['conf']['urls']['token_lifetime']));
}

Note the extra braces in red + bold

How to setup Google Apps on your domain with cPanel and create upto 50 custom email accounts for FREE – Part (2)

Step V : Setting Up Your E-mail Server.

The next step is to set up the URL you want to use to access Webmail. In most cases, this is either webmail.example.com or simply mail.example.com. To make this change, click on the ‘Service Settings‘ tab in the top menu of the dashboard. Then, click ‘Email‘. From there, specify that you want to use a custom URL, and enter the appropriate subdomain for your domain.

Submit that form, and Google will then provide you with information about adding a CNAME entry for your new subdomain. You should make corresponding entries in the DNS zone to implement this. For example if the URL with which you wish to access your mail is webmail.example.com then you must give a CNAME record ‘ ghs.google.com. ‘ in the DNS zone for webmail. This is shown below :

Step VI : MX Record Changes

Once you have finished creating all of the users, you can return to the dashboard and click ‘Activate email‘  and follow the MX change instructions provided by Google. If you are lucky enough to use one of the hosts included in the dropdown menu there, you should be able to get clear, specific instructions explaining how to make the changes in your domains control panel.

Google will have you add seven new MX records to your DNS zone file. Those entries will probably look like:

MX Server address                                  Priority

ASPMX.L.GOOGLE.COM.                 10
ALT1.ASPMX.L.GOOGLE.COM.       20
ALT2.ASPMX.L.GOOGLE.COM.       20
ASPMX2.GOOGLEMAIL.COM.         30
ASPMX3.GOOGLEMAIL.COM.         30
ASPMX4.GOOGLEMAIL.COM.         30
ASPMX5.GOOGLEMAIL.COM.         30

It’s important that you copy and paste those addresses exactly as they appear in the Google instructions. They all include dots at the end of the addresses, and that dots need to be included. I am attaching a screenshot below which will hopefully give you an idea on how it should be entered.

Your new entries will need to look similar to:

your-domain.com    14400    IN    MX    10    ASPMX.L.GOOGLE.COM.

Where your-domain.com is your domain name, the second spot is the TTL or Time To Live (which can be left blank if required), the word ‘IN‘ is in the third spot, the fourth spot is filled with ‘MX‘ , the fifth spot is the ‘Priority‘ and the last spot includes the address provided by Google.

Also, in most of the cases you can only add four or five entries to the zone file at a time, so you’ll have to add this first, save the file, and then add the rest.
Once you’ve made those changes, click the  ‘I’ve made these changes‘ button in the Google Apps window.
Finally you can return to dashboard and click on the ‘Activate email‘ tab which you will find right below the ‘Email‘ option. See below :

The last and most difficult Step : Waiting.

At this point, you’re pretty much done. You now simply have to wait because It can take anywhere from one hour to 48 hours before the changes are complete.

Once the changes have completed, though, you can set up your e-mail client (Outlook, Thunderbird etc.) to check your e-mail. The Gmail IMAP settings are fairly simple. They are as follows:

IMAP (incoming) mail:
Server: imap.gmail.com
Port: 993
Encryption: SSL

SMTP (outgoing) mail:
Server: smtp.gmail.com
Port: 465 or 587
Encryption: TLS

***********************************************************************************************************

How to setup 50 free Google powered email accounts for your domain with cPanel – Part (1)

This article is on how to setup Google Apps to work on your domain with 6 easy steps. When you purchase a domain (e.g. your-domain.com) for your website from any of the domain registrars such as Godaddy , you normally get a single free email account that includes limited storage space. This is where Google apps comes in for your rescue. By using this feature, provided to you by Google, you can use Google mail servers for transferring your mails and that too from your very own domains. The advantages are plenty, as we all know Gmail has proven over the years that it provides the most reliable e-mail service. How many times have you moved your domain to a new server and been frustrated by the fact that you lost all of your e-mail messages? If you switch over to Google Apps, you never have to worry about that again. Again the service and support provided by google is without doubt the best and uncomparable with your hosting companie’s or your service provider’s. Another advantage is that the server limits of your account will not affect the number of mails that you can sent or recieve if you use the Google apps. I have only mentioned a few above but the list goes on and on.

The praises can be sung without a pause but its better I stop the boasts here and get down to the original topic.  I’m going to explain, step-by-step, on how to accomplish this task. It’s actually very simple, but it might take quite some time depending on how good a techy you are. To begin with, head on over to Google and sign up for an account. I am siting the link below where you can do this :

http://www.google.com/apps/intl/en/business/index.html

In the above page click on the ‘ Apps Editions ‘ tab and you will be able to view different schemes they offer, from which you will be able to select the one which suits you the most. For most of us, the standard edition offered by Google is more than enough. However, they do offer a “Premier edition” if your needs exceed the services of the free accounts. In addition to the Standard edition and Premier edition there are  Educational schemes, Govermental schemes etc etc. Once you choose the package required you will be directed to a page with a blue colored ‘ Get started ‘ tab on the right most top corner of the page. This is your key, click on it and you are on your way to setting Google apps for your domain. I am going to list  everything step by step from here on in a detailed manner.

Step I : Tell them your registered Domain name.

In the very first step you need to provide your domain name as prompted. Obviously enough you should possess a registered domain or you can buy a new domain name through Google which automatically sets everything up for you. You also need to verify that you own the domain or if you are a member of the domain.

Step II : Tell them who you are.

Fill in all of your contact information. At least make sure that you fill in all the boxes which have an aestrics symbol (*) to the right of the label with proper and valid information. If you don’t provide the required information, you will receive an error when you submit the form.
An important thing that you should be absolutely sure of before filling up the form is that you are able to edit your server’s DNS zone files. If you cannot edit your DNS zone files, do not proceed. You will have to enter MX records pointing to the Google mail servers in your DNS configuration. Signing up for the Google Apps account is useless if you’re not going to be able to modify your server appropriately to have the e-mail go where it’s intended.

The screenshot above was limited by my monitor boundaries, but you will be able to see the ‘ Continue ‘ tab at the bottom of your screen. Click this and you are on step III.

Step III : Create your first administrator account.

Create your first e-mail account. This e-mail account will be used as the administrative account for the Google Apps services.

Below this you will be able to see the terms and conditions, which mostly contains the usual stuff but still worth a read, where you should click on the ‘ I accept. Continue with setup ‘ tab to proceed to the next step.

Step IV : Verify Domain Ownership.

The next step in the process is to prove to Google that you own and have administrative rights to the domain you chose.

Here you will have an option to do it later, but sooner the better. Once you choose the option to continue you will be prompted for the password you chose in the previous step.
You have three options to prove that you own the domain. The first option is to modify your DNS entries to add a unique CNAME record. Next option is to add a meta tag to your site’s home page.  The last option is to simply create and upload an HTML file to your Web server. Okay now there is no reason for you to panic from hearing all the complex terms, all you need to do is click on these options and viola, all the information you need on ‘How to’ gets detailed (or rather spoon fed) right on the screen.

As you can see the screenshot above you will have a drop down menu for a list of domain registrars among which you can choose yours and do as instructed. Otherwise you can simply choose the ‘ Others ‘ option from the drop down menu and follow the simple set of instructions which gets listed.
This will look somewhat like the following :

<<

A TXT record is an entry within the Domain Name System (DNS) that provides supplemental information about your domain. You can create a TXT record that proves to Google that you own the domain.

1. Add the TXT record below to the DNS configuration for your-domain.com.
google-site-verification=Zy5aERjpb4-T1S0Ig36pGuHDOE5MycRBGsVmCtVeTLY
2. Click verify below.
When Google finds this DNS TXT record, we’ll make you a verified owner of the domain. (Note: DNS changes may take some time. If we don’t find the record immediately, we’ll check for it periodically.)
Leave the TXT record in place even after verification succeeds.

>>

For adding the TXT record in the DNS zone log into your domain control panel and choose the edit DNS zone option. The name of the option might vary between control panels, but they provide the same functionalities. I am pasting yet another screenshot which might help you through this simple process.

NOTE : For the rest of the article I will be siting examples and providing screenshots only from, and in reference to, the cPanel. But it will not be difficult to figure out how it is done in other control panels once you get an idea on what we are doing here.

You can see that I simply pasted the text mentioned in the instructions. After doing this you can click on ‘Verify‘ which will, quite obviously, verify if the entry is made and thereby confirming your authority over the domain.

Prevent your mail/IP from getting marked as SPAM/Blacklisted, A few TIPS!

“SPAM“! A word familiar to all Netizens.

Emails plays a major role in today’s business, one must be keen to preserve the authenticity of mails they sent to the users and fail to do so may result in getting your mail server IP blacklisted and mails ends-up in users junk folder and they die!

This post is not a perfect guide to prevent you from getting blacklisted by the spamcops, but a few tips that could save your “Time” and “Reputation”.

1) All email is filtered against published blacklists of spam servers. Check whether your mailserver IP is already blacklisted : http://www.mxtoolbox.com/. If listed, take necessary actions to remove it. You can temporarily switch the mail server IP to get the mails moving until your regular IP is released.

2) All mails will be filtered based on certain rules. It looks for senders email address, mail subject line and words on the message content. Avoid using blank subject line and using common spammers words like “offer, discount, sale, free etc… There are a lot more..

3) Maintain a regular time intervals while sending mails to a particular sender. This could be setup on exim configuration file. (Needs admin privileges)

4) Enable SPF:
Sender Policy Framework (SPF), is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability, source address spoofing. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS for that domain. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

If SPF record is enabled for a domain, spammers and phishers are less likely to forge e-mails pretending to be from that domain. Spam filters now check for SPF records and hence eliminate the chance of forged mails, spams. Hence an SPF protected domain is less attractive to spammers and phishers and is less likely to be blacklisted by spam filters and ligitimate mails will go through.

SPF keeps the detail of the machine which is only authorized to send mails for that particular domain. This is done by adding additional a TXT record to their existing DNS records. Mail receivers that checks for SPF records check the domain DNS and finds whether the server is allowed to send mails for that domain.

(Read the rest of this entry…)