Technology at Geneseo Community School District 228
Last week a spammer found an exploit on the district website which allowed them to use the server to send out spam email.¬† The exploit was simply an old mail php script that allows messages to be sent from vistors to staff members on the homepage.¬† This old script was not secure in that it could easily be sent instructions changing the from and to destination fields allowing it to email just about anyone.¬† I became aware of this issue once people began emailing informing me that all emails to Yahoo were being returned.
Looking at the Mail queue on our Kerio server,¬† 35,000 messages were waiting to be delivered to Yahoo – all spam.
The Spam problem was easily addressed.¬† Edited the mail php script and tightened the firewall on the server – closing all forms of an open relay.
What is not so easy is to get removed off of Real time blacklists from Barracuda, Yahoo and Others.
After a few Google searches on the subject I came across a few useful websites and links that address just this problem.
This website simply checks your IP against a list of real time blacklists and shows which lists consider the mail server to be spam.
Originally when I ran this tool I found 4 lists that considered our IP to be a source of spam.¬† Of these four Barracuda and Yahoo were the two main biggies causing email frustration in the district.
I have attached a list of links that are useful in removing oneself off of a Blacklist.¬† It is important to not fill out a request until you have fixed the original spam issue, these lists are usually very accurate and if you fail to fix the spam problem you will be quickly re black-listed.
Request whitelist ‚Äì http://postmaster.info.aol.com/whitelist/whitelist_guides.html
Remove from RBL ‚Äì http://postmaster.info.aol.com/waters/sa_form.html
Remove from RBL ‚Äì http://ipremoval.sms.symantec.com/lookup/
Request whitelist ‚Äì http://help.yahoo.com/l/us/yahoo/mail/postmaster/postmaster_wl.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Remove from RBL ‚Äì http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Check Status and Remove from RBL: http://www.barracudacentral.org/reputation?ip=126.96.36.199
After waiting about 48-72 hours and filling out the white list and bulk mail requests – all is well.