Last week a spammer found an exploit on the district website which allowed them to use the server to send out spam email.  The exploit was simply an old mail php script that allows messages to be sent from vistors to staff members on the homepage.  This old script was not secure in that it could easily be sent instructions changing the from and to destination fields allowing it to email just about anyone.  I became aware of this issue once people began emailing informing me that all emails to Yahoo were being returned.

Looking at the Mail queue on our Kerio server,  35,000 messages were waiting to be delivered to Yahoo – all spam.

The Spam problem was easily addressed.  Edited the mail php script and tightened the firewall on the server – closing all forms of an open relay.

What is not so easy is to get removed off of Real time blacklists from Barracuda, Yahoo and Others.

After a few Google searches on the subject I came across a few useful websites and links that address just this problem.

http://www.mxtoolbox.com/blacklists.aspx

This website simply checks your IP against a list of real time blacklists and shows which lists consider the mail server to be spam.

Screen shot 2009-11-16 at 9.21.38 AM

Originally when I ran this tool I found 4 lists that considered our IP to be a source of spam.  Of these four Barracuda and Yahoo were the two main biggies causing email frustration in the district.

I have attached a list of links that are useful in removing oneself off of a Blacklist.  It is important to not fill out a request until you have fixed the original spam issue, these lists are usually very accurate and if you fail to fix the spam problem you will be quickly re black-listed.

AOL:
Request whitelist – http://postmaster.info.aol.com/whitelist/whitelist_guides.html
Remove from RBL – http://postmaster.info.aol.com/waters/sa_form.html

Hotmail:
Remove from RBL – http://ipremoval.sms.symantec.com/lookup/

Yahoo!:
Request whitelist – http://help.yahoo.com/l/us/yahoo/mail/postmaster/postmaster_wl.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Remove from RBL – http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html

Barracuda
Check Status and Remove from RBL: http://www.barracudacentral.org/reputation?ip=74.247.83.218

After waiting about 48-72 hours and filling out the white list and bulk mail requests – all is well.

Share