Prevent your mail/IP from getting marked as SPAM/Blacklisted, A few TIPS!

“SPAM“! A word familiar to all Netizens.

Emails plays a major role in today’s business, one must be keen to preserve the authenticity of mails they sent to the users and fail to do so may result in getting your mail server IP blacklisted and mails ends-up in users junk folder and they die!

This post is not a perfect guide to prevent you from getting blacklisted by the spamcops, but a few tips that could save your “Time” and “Reputation”.

1) All email is filtered against published blacklists of spam servers. Check whether your mailserver IP is already blacklisted : http://www.mxtoolbox.com/. If listed, take necessary actions to remove it. You can temporarily switch the mail server IP to get the mails moving until your regular IP is released.

2) All mails will be filtered based on certain rules. It looks for senders email address, mail subject line and words on the message content. Avoid using blank subject line and using common spammers words like “offer, discount, sale, free etc… There are a lot more..

3) Maintain a regular time intervals while sending mails to a particular sender. This could be setup on exim configuration file. (Needs admin privileges)

4) Enable SPF:
Sender Policy Framework (SPF), is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability, source address spoofing. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS for that domain. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

If SPF record is enabled for a domain, spammers and phishers are less likely to forge e-mails pretending to be from that domain. Spam filters now check for SPF records and hence eliminate the chance of forged mails, spams. Hence an SPF protected domain is less attractive to spammers and phishers and is less likely to be blacklisted by spam filters and ligitimate mails will go through.

SPF keeps the detail of the machine which is only authorized to send mails for that particular domain. This is done by adding additional a TXT record to their existing DNS records. Mail receivers that checks for SPF records check the domain DNS and finds whether the server is allowed to send mails for that domain.

(Read the rest of this entry…)

Exim cheat sheet – Commands for troubleshoot mail issues in cPanel/DirectAdmin or any exim mail server

Below are the most common exim commands which helps an Administrator to ease his life

Print a count of the messages in the queue:

exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):

exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and total

exim -bp| exiqsumm

Print what Exim is doing right now:

exiwhat

To check if the server routes the mail properly use exim -bt

# exim -bt alias@localdomain.com
user@thishost.com
    <-- alias@localdomain.com
  router = localuser, transport = local_delivery
root@localhost# exim -bt user@thishost.com
user@thishost.com
  router = localuser, transport = local_delivery
root@localhost# exim -bt user@remotehost.com
  router = lookuphost, transport = remote_smtp
  host mail.remotehost.com [1.2.3.4] MX=0

Display all of Exim’s configuration settings:

exim -bp

exiqgrep

Its used for grepping through the  exim queue.

search the queue for messages from a specific sender :

exigrep -f  user@domainname.com

Search the queue for a specific reciepient

exigrep -r user@domainname.com

To print messages older than the specified number of seconds use -o .

For example, messages older than 1 day:

exigrep -o 86400

To print messages younger than specified number of seconds use -y

Messages younger than one day can be listed  using the command

exigrep -y 86400

Print just the message-id of the entire queue:

exiqgrep -i

Managing the queue

Start a queue run:

exim -q -v

Start a queue run for just local deliveries:

exim -ql  -v

Remove a message from the queue:

exim -Mrm <message id >

Freeze a message:

exim -Mf <message id >

Thaw a message:

exim -Mt <message id>

Deliver a message, whether it’s frozen or not, whether the retry time has been reached or not:

exim -M <message id>

Deliver a message, but only if the retry time has been reached:

exim -Mc <message_id>

Force a message to  Freeze and bounce as “Canceled by Admin”

exim -Mg <message id>

Remove all frozen mails

exigrep -z -i | xargs exim -Mrm

Remove all messages older than five days (86400 * 5 = 432000 seconds):

exigrep -o 432000 -i | xargs exim -Mrm

Freeze all queued mail from a given sender

exiqgrep -i -f user@domain.com | xargs exim -Mf

View a message’s headers:

exim -Mvh <messageid>

View a message’s body:

exim -Mvb <message id>

View a message’s logs:

exim -Mvl <message id>

Howto change the email sending IP to an IP other than the main shared IP in exim on a cPanel server

Often it happens that a mail server’s main IP gets black listed by Yahoo, Gmail, Hotmail etc, there by causing issues to the web hosting customers in the server yelling and raising lots of support tickets.

When yahoo generates a permanently deferred message, it will take approximately 4 days or 96 hours – sometimes even a week to get it start accepting the mails from the servers. Gmail and Hotmail, simply accept the mails, but it blackholes the email , means mails will simply be deleted, without any error message from the servers.

So the solution would be to identify the spam sources and remove them. However even after we remove the spam sources, customers wont start getting emails immediately. So a temporary work around is to change the IPs from which the emails are sent out.

By default emails are sent out from a mail server using it’s main shared IP. Here we are changing it. You can change it on per-account basis or for a entire server

The easiest method to see a full version of the files with proper syntax is to temporarily enable the following “automatic” option under WHM >> Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs
“Automatically send outgoing mail from the account’s IP address instead of the main IP address.”

/etc/mailips will have the following format to be followed.

domain.com: xx.xx.xx.1
sub.domain.com: xx.xx.xx.2
addondomain.com: xx.xx.xx.2
*: xx.xx.xx.xx

If you want the entire server to use an alternate IP, use the last line alone which is the wild card entry.

*: new.ip.for.smtp

Sometimes you would want to set chattr +i /etc/mailips since, a cPanel update can clear the lines in it. And once you believe the main server is unblocked, remove the chattr. Please restart the exim server as well, after you made the changes in /etc/mailips

You would need to search for

remote_smtp:
driver = smtp

and make sure that a line similar to below exists, which does literal search for the IPs in /etc/mailips. If /etc/mailips lines are not there, you can simply add interface=xx.xx.xx.xx entries.

interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{$
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value$

Ref : http://forums.cpanel.net/f43/formats-etc-mailhelo-mailips-etc-111977.html for more details and few more formats.

In cPanel, howto make exceptions in the email sending limit, per domain ?

You may have already know about the following option: Main –> Server Configuration –> Tweak Settings –> The maximum each domain can send out per hour

We recommend you to set it as low as possible. And then make per domain restrictions as below, to increase the numbers.

1. Login to your server
2. Edit /var/cPanel/maxemails
3. Add a new line saying “domain.com = increased_number” (eg: supportsages.com = 800)
4. Save the file.
5. And finally run /scripts/build_maxemails_config

And you are done!!!