1

I am quite new in server managing, and I have a vps with Centos 6.5 / Plesk 11.5.

My problem is that after having two mail accounts hacked, and used to send spam mail, I now can't send to most parts of the net. I can send to gmail, but yahoo, hotmail and many other get only a connection timed out message.

E790A1167E7     1589 Mon Sep 22 18:29:35  jbk@spotter.gr
(delivery temporarily suspended: connect to mx4.otenet.gr[62.103.147.223]:25: Connection timed out)
                                     yarntex@otenet.gr

These are some headers I can show: 

X-No-Relay: not in my network
Received: from JBKHELLASPC (adsl-217.91.140.34.tellas.gr [91.140.34.217])
    by vps74899.ovh.net (Postfix) with ESMTPSA id 1C96B1167DB
for <a.stavridis@hotmail.com>; Wed, 24 Sep 2014 08:25:01 +0200 (CEST)
From: "Jim Bantanis-Kapirnas" <jbk@spotter.gr>
To: "'Achilleas Stavridis'" <a.stavridis@hotmail.com>
References: <DUB112-W21ED700E61D3C827EDED89F5B00@phx.gbl>
In-Reply-To: <DUB112-W21ED700E61D3C827EDED89F5B00@phx.gbl>
Subject: =?iso-8859-7?B?UkU6IPP17eHt9Ofz5w==?=
Date: Wed, 24 Sep 2014 09:24:59 +0300
Message-ID: <001901cfd7c0$45141370$cf3c3a50$@spotter.gr>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_001A_01CFD7D9.6A654310"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQF7ultAGMgQh3d632JmQdcY2ZG4apy4C6Ew
Content-Language: el

The problem did not exist before the hacking.

Please, if I have missed any obvious info I should have included, please let me know.

PS: I flushed the queue.

UPDATE: I have removed the IP from any blacklister list.

peterh
  • 4,914
  • 13
  • 29
  • 44
Jim Bantanis-Kapirnas
  • 113
  • 5
  • possible duplicate of [Prevent mail being marked as spam](http://serverfault.com/questions/227242/prevent-mail-being-marked-as-spam) – Jenny D Sep 24 '14 at 07:21
  • Large email providers such as e.g. hotmail will use their own blacklists in addition to a number of public ones. – Jenny D Sep 24 '14 at 07:22
  • @JennyD, thank you for your answer, ifound your link very useful. Checking my IP it actually came up with the two accounts that were compromised. as you can see in the screenshot it has these remarks http://prntscr.com/4psrfc yet i do have an spf record in each one of these domains ( v=spf1 +a +mx -all ) ... – Jim Bantanis-Kapirnas Sep 24 '14 at 07:46
  • Can you manually run `telnet mx4.otenet.gr 25` from your VPS? I suspect that your VPS provider block the outgoing-smtp-connection from your VPS (because of your spam) *but* always allow outgoing-smtp-connection to gmail only – masegaloeh Sep 24 '14 at 15:43
  • @masegaloeh Thank you for the reply. I had already found the solution to it, it is exactly what you said. Please post it as an answer so i can accept it! – Jim Bantanis-Kapirnas Oct 02 '14 at 14:11

2 Answers2

2

This has happened to me many times as I handle many email servers. This happens when your IP address is blacklisted.

In case your IP is in a commonly used blacklist you can use mxtoolbox.com to find it and then send a whitelist request to those blacklists.

However with yahoo,hotmail and gmail if they are blocking you because you are in their blacklists you will have to wait a day or two before they allow you to connect to them.

Also make sure you delete any spams left in the mailqueue before proceeding with the whitelisting and also make sure the passwords are strong too.

eranga
  • 164
  • 1
  • 11
  • Thank you very much for the answer, but i forgot to mention that i have already removed my ip from the only list(fabel.dk) i found it on... Also its been more than a week now... any suggestions? – Jim Bantanis-Kapirnas Sep 24 '14 at 07:19
  • as jenny D has said the large providers maintain their own lists and the time they take to remove an IP depends. Also these providers now have a vers small threshold before they put you in a blacklist so check whether your users are forwarding their emails to their yahoo, hotmail accounts as it could blaklist your IP with them. Also check if there are any more compromised users gone under the radar. – eranga Sep 24 '14 at 07:30
  • its not only with the big guys.. i actually have the same response from everyone, even small personal sites except for gmail... any thoughts? – Jim Bantanis-Kapirnas Sep 24 '14 at 07:53
1

Whenever your server was compromised and starting to pump out a spam flood, then you might consider that everyone is going to blacklist you.

  • For first step, you should stopped the spam flood. Find out what causing it and ensure that this incident will be likely happened again.

  • Then, you can try to send the removal request to public DNSBL such as Barracuda. As other answer said, using mxtoolbox you can check the blacklist quickly.

  • For big provides like Yahoo, Gmail, Hotmail, they have their own private reputation system. So, for this provider you should waiting.

  • The last step is ensuring that your (VPS/ISP) provider doesn't blocking your email traffic. They may receive some abuse complaint from your 'victim' and put your IP in their blacklist.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104