[KLUG Members] smtp & blacklisted IP

Manu C S members@kalamazoolinux.org
Mon, 19 Apr 2004 10:10:47 +0530 (IST)

Previous message: [KLUG Members] Mail from PHP
Next message: [KLUG Members] Re: smtp & blacklisted IP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

    We recently installed postfix + clamav + spamassassin + amavis
    on our email server.

    Everything works fine but we've noticed one problem - whenever
    someone sends an email to a yahoo/rediff address using our smtp server,
    the email is either delivered into bulk mail folders or rejected citing njabl.org.

    When we looked up our IP (203.145.183.157) on njabl.org, we saw these results:
    -----------------------------------------------------------------------------------------------------------------------
    203.145.183.157:s4:28745: >> \4\1\0\31\321\320\0\20\0
    203.145.183.157:s4:28745: << \0Z\0\0\0\0\0\0
    203.145.183.157:s4:28745: request granted (v=0 c=90)
    203.145.183.157:s4:28745: >> help njablproxytest\r\n
    203.145.183.157:s4:28745: << 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Wed, 18 Feb 2004 03:52:11 -0500\r\n
    203.145.183.157:s4:28745: << 214-2.0.0 njabl.org proxytest response to 203.145.183.157\r\n
    203.145.183.157:s4:28745: << 214 2.0.0 End of HELP info\r\n
    203.145.183.157 s4:28745 open
    203.145.183.157:hc:28745: >> CONNECT 209.208.0.16:25 HTTP/1.0\r\n
    203.145.183.157:hc:28745: >> \r\n
    203.145.183.157:hc:28745: >> help njablproxytest\r\n
    203.145.183.157:hc:28745: << HTTP/1.0 200 Connection established\r\n
    203.145.183.157:hc:28745: << Proxy-Agent: AnalX Proxy\r\n
    203.145.183.157:hc:28745: << \r\n
    203.145.183.157:hc:28745: Proxy-agent: AnalX Proxy
    203.145.183.157:hc:28745: HTTP request successeful (200)
    203.145.183.157:hc:28745: << 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Wed, 18 Feb 2004 03:52:11 -0500\r\n
    203.145.183.157:hc:28745: << 500 5.5.1 Command unrecognized: ""\r\n
    203.145.183.157:hc:28745: << 214-2.0.0 njabl.org proxytest response to 203.145.183.157\r\n
    203.145.183.157:hc:28745: << 214 2.0.0 End of HELP info\r\n
    203.145.183.157 hc:28745 open
    -----------------------------------------------------------------------------------------------------------------------
    According to njabl.org, our IP has open relays for Socks4 & HTTP Connect.

    We realized that our IP was blacklisted sometime in Feb 2004 whereas our email server
    was only installed in April 2004. We also use squid as our http proxy.

    How does one go about resolving the issues shown above - we're not using any
    socks4 proxy. Does it have to be fixed by our ISP or is there something we can
    do at our end? Any help/advice is appreciated.



Clueless,
Manu

Previous message: [KLUG Members] Mail from PHP
Next message: [KLUG Members] Re: smtp & blacklisted IP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]