Blacklisted ? Switch your Mail Server IP

Hello,

I’m pretty sure that many of us are tired of the word ‘Spam’. How about your mails being rejected from your domain when sending to Top level E-mail providers like GMail, Yahoo and MSN Hotmail ? It may be a familiar weird issue to many of you. This post is about how to tackle those situations. But if you are an End-user, please contact your System Admin. But if you are the one by that name, read on !

Case

The E-mails being rejected to the Top level providers since your server IP is blacklisted. You can check whether your server IP is blacklisted at : http://www.mxtoolbox.com/blacklists.aspx (Read xxx.xxx.xxx.xx as your server IP)

When the IP is entered and you click ‘Blacklist Check’, the resultant screen should be expected as (Assuming your server IP is on a blacklist)

There you go, your server IP is blacklisted, only thing that varies is the number of blacklists. So, what is the solution ? Most will be preferring to provide a dedicated IP to the domain which is having the issue. But when a whole Server IP is blacklisted, this will not work. But as usual, there is nothing new under the Sun !!

Solution

Switch the Mail server IP of the Server.

Work

Find a free IP, make sure its allocated to  the server, or else add it to the server. That is upto you. After this, there are a few steps, which is just a Walk in the Park

1) Access the WHM of the Server, as root. Go to Exim Configuration Editor. Find out the Category Domains and IPs, and enable this option :

Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)

Save the Changes.

2) Login to server through SSH, Switch to root

root@server[~]# vi /etc/mailips

Add this line
* : xxx.xxx.xxx.xx (Your Mail server IP)

So the following should be seen when reading the content in /etc/mailips

root@server[~]# cat /etc/mailips
*: xxx.xxx.xxx.xx

3) Add a Reverse DNS entry for the IP, you may need to contact DC for this. When you are finished this do the steps :

root@server[~]# vi /etc/mail_reverse_dns

Add this line
xxx.xxx.xxx.xx: hostname

4) Change File attributes of /etc/mailips

root@server[~]# chattr +i /etc/mailips
root@server[~]# lsattr /etc/mailips
----i-------- /etc/mailips

5) Final Steps : Build Exim Config file to reflect changes, Restart Exim Service

root@server[~]# /scripts/buildeximconf
root@server[~]# service exim restart

Case is Resolved ! Now you must be able to send E-mails everywhere. Try it.

Prevent your mail/IP from getting marked as SPAM/Blacklisted, A few TIPS!

“SPAM“! A word familiar to all Netizens.

Emails plays a major role in today’s business, one must be keen to preserve the authenticity of mails they sent to the users and fail to do so may result in getting your mail server IP blacklisted and mails ends-up in users junk folder and they die!

This post is not a perfect guide to prevent you from getting blacklisted by the spamcops, but a few tips that could save your “Time” and “Reputation”.

1) All email is filtered against published blacklists of spam servers. Check whether your mailserver IP is already blacklisted : http://www.mxtoolbox.com/. If listed, take necessary actions to remove it. You can temporarily switch the mail server IP to get the mails moving until your regular IP is released.

2) All mails will be filtered based on certain rules. It looks for senders email address, mail subject line and words on the message content. Avoid using blank subject line and using common spammers words like “offer, discount, sale, free etc… There are a lot more..

3) Maintain a regular time intervals while sending mails to a particular sender. This could be setup on exim configuration file. (Needs admin privileges)

4) Enable SPF:
Sender Policy Framework (SPF), is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability, source address spoofing. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS for that domain. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

If SPF record is enabled for a domain, spammers and phishers are less likely to forge e-mails pretending to be from that domain. Spam filters now check for SPF records and hence eliminate the chance of forged mails, spams. Hence an SPF protected domain is less attractive to spammers and phishers and is less likely to be blacklisted by spam filters and ligitimate mails will go through.

SPF keeps the detail of the machine which is only authorized to send mails for that particular domain. This is done by adding additional a TXT record to their existing DNS records. Mail receivers that checks for SPF records check the domain DNS and finds whether the server is allowed to send mails for that domain.

(Read the rest of this entry…)

Howto change the email sending IP to an IP other than the main shared IP in exim on a cPanel server

Often it happens that a mail server’s main IP gets black listed by Yahoo, Gmail, Hotmail etc, there by causing issues to the web hosting customers in the server yelling and raising lots of support tickets.

When yahoo generates a permanently deferred message, it will take approximately 4 days or 96 hours – sometimes even a week to get it start accepting the mails from the servers. Gmail and Hotmail, simply accept the mails, but it blackholes the email , means mails will simply be deleted, without any error message from the servers.

So the solution would be to identify the spam sources and remove them. However even after we remove the spam sources, customers wont start getting emails immediately. So a temporary work around is to change the IPs from which the emails are sent out.

By default emails are sent out from a mail server using it’s main shared IP. Here we are changing it. You can change it on per-account basis or for a entire server

The easiest method to see a full version of the files with proper syntax is to temporarily enable the following “automatic” option under WHM >> Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs
“Automatically send outgoing mail from the account’s IP address instead of the main IP address.”

/etc/mailips will have the following format to be followed.

domain.com: xx.xx.xx.1
sub.domain.com: xx.xx.xx.2
addondomain.com: xx.xx.xx.2
*: xx.xx.xx.xx

If you want the entire server to use an alternate IP, use the last line alone which is the wild card entry.

*: new.ip.for.smtp

Sometimes you would want to set chattr +i /etc/mailips since, a cPanel update can clear the lines in it. And once you believe the main server is unblocked, remove the chattr. Please restart the exim server as well, after you made the changes in /etc/mailips

You would need to search for

remote_smtp:
driver = smtp

and make sure that a line similar to below exists, which does literal search for the IPs in /etc/mailips. If /etc/mailips lines are not there, you can simply add interface=xx.xx.xx.xx entries.

interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{$
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value$

Ref : http://forums.cpanel.net/f43/formats-etc-mailhelo-mailips-etc-111977.html for more details and few more formats.