Somehow my server (Debian + Postfix) was used to deliver spam, so my IP appears listed in UCEPROTECT-Level1. Help please find out how was it possible and to fix it. I’ve checked my IP against http://www.spamhelp.org/shopenrelay/ and http://www.mxtoolbox.com/diagnostic.aspx and results are ok. Below is extract from mail log. Notice that ustm.co.uk is not my domain and 83.138.172.76 is not my IP and it is not in mynetworks. Code: Apr 5 19:03:17 mail amavis[25447]: (25447-11) Passed CLEAN, LOCAL [127.0.0.1] [83.138.172.76] <[email protected]> -> <[email protected]>,<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>, <[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,<[email protected]>,…. My main.cf is as follows (I’ve suppressed mydestination and myhostname) Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname relayhost = mynetworks = 212.96.26.50, 196.28.239.21, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes #smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination # # Configuração antispam # smtpd_helo_required = yes disable_vrfy_command = yes #strict_rfc821_envelopes = yes strict_rfc821_envelopes = no invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 non_fqdn_reject_code = 554 relay_domains_reject_code = 554 unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_sender_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/access_client, check_recipient_access hash:/etc/postfix/recipients permit_sasl_authenticated, permit_mynetworks, check_policy_service inet:127.0.0.1:2501, reject_unknown_recipient_domain, reject_invalid_hostname, reject_unauth_pipelining, reject_unknown_client, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.anti-spam.org.cn, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client virus.rbl.jp, reject_rbl_client virbl.bit.nl, reject_rbl_client wormrbl.imp.ch, reject_rbl_client spamrbl.imp.ch, reject_rbl_client spamlist.or.kr, permit smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings # # Configurações próprias # minimal_backoff_time = 600s queue_run_delay = 600s maximal_backoff_time = 3600s maximal_queue_lifetime = 4h bounce_queue_lifetime = 4h TIA thavaht
Thank you for using our Blacklist Tool! Once you run a lookup, you can follow the links to the Blacklist websites (via the "details" link or the Blacklist name) and request delisting directly from them. I also want to provide you with a link to a very handy article we posted on our blog - What Blacklists Are and How MxToolbox Helps! This article explains how our services eliminate the problems blacklists cause and how they are oftentimes recurring and hard to permanently fix. If you can't get resolution to the problems, don't hesitate to contact us! Thank you, @MxToolBox
