2
My server is on the server blacklist
Question asked by Montague WebWorks - 9/13/2021 at 8:25 AM
Unanswered
Hey all, has anyone ever had this happen to them? My own server IP appeared on the Server Blacklist. I found this page:


So, I guess one of my user account have been hacked?


I looked at the SMTP Out Sessions report and see that there were a bunch of blocked connections a couple weeks ago. This would be a good to know. How would I send myself a text if I appeared on any RBLs?

Mik MullerMontague WebWorks

9 Replies

Reply to Thread
0
Montague WebWorks Replied
I used to be able to see reports of domain usage (in/out etc) as well as individual users to see if there were any spikes in sending. Seems that's gone, now? Do I need to find and install a third-party solution?

Really would love to see some super-robust reporting in SM. Incorporate DMARC and other tools / technologies to easily get to the root of delivery problems.
Mik MullerMontague WebWorks
0
Kyle Kerst Replied
Employee Post
@Mik: This page displays when internet blacklists are blocking your IP. So, this is not SmarterMail blocking itself, rather alerting you to blacklistings that exist out there on the internet for your IP. As to alerting, there is a event category for this within Settings>Events at the system level:
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
John C. Reid Replied
Also, UCE Protect Levels 2 and 3 mean the network your IP belongs to is listed, not that your individual IP is listed. Unfortunately it is still going to cause you delivery issues with the likes of Yahoo and Microsoft. Your network provider, AKA the ones whos ASN is the owner of that IP needs to deal with this for you.

https://www.uceprotect.net/

As for knowing when you are on a RBL or a URIRBL, I use and highly recommend this:
https://rbltracker.com/
John C. Reid  / Technology Director
John@prime42.net  / (530) 691-0042
1300 West Street, Suite 206, Redding, CA 96001

0
Kyle Kerst Replied
Employee Post
Thanks for your feedback on this as well John, this is very helpful. One additional bit I wanted to offer on this is that MXToolbox.com offers automated monitoring and problem identification services through their website that might also be helpful in detecting issues ahead of time. Just in case anyone finds this thread in the future and has similar questions. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Michael Muller Replied
The IP numbers listed are both my IPs. How would I be able to see which account I host has suddenly started sending out more emails than usual? One of my accounts may have been hacked.
---
Montague WebWorks
Powered by RocketFusion
1
John C. Reid Replied
To restate - UCE 2 and 3 both are about the network your IP is a part of. If it was your IP it would have been UCE Protect level 1. So there was nothing sent from your server. Your network provider has others on that network who are sending spam. The network provider needs to fix this.

Also, as Kyle pointed out MX Toolbox does have a monitoring service. However it is much more expensive and not nearly as comprehensive as the service provided by rbltracker.com. For comparison you will need to spend a minimum of $149/mo to monitor more than a single IP. Also they don't have a huge list they check against.  Currently at RBL Tracker I pay $173 a year to monitor 10 IP addresses, with a much larger and more comprehensive list that monitors URIRBL in addition to standard IP RBL, and I can add custom options to the list.  This being said, RBL Tracker only monitors Realtime Blacklists, and it looks like MX Toolbox has additional tools. 


John C. Reid  / Technology Director
John@prime42.net  / (530) 691-0042
1300 West Street, Suite 206, Redding, CA 96001

0
Kyle Kerst Replied
Employee Post
If this is being caused by a compromised account you can use this KB to track it down:


Beyond that though theres a couple of other possibilities here. The biggest possibility is that your authentication settings might need adjustment. Make sure the domains themselves have the Require SMTP Authentication toggle enabled, and that the authentication related toggles are enabled under Settings>Protocols>SMTP In

Lastly, Automated Forwarding can also appear to third-party providers as volume worth temporary delays or blacklisting, so this could be a concern as well. If you need help tracking it down (if the couple possibilities above don't help) please submit a ticket and we'd be happy to help get to the bottom of it for you. Have a good one!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
John C. Reid Replied
Yes, let me stress the importance of that last paragraph from Kyle. If you are letting people forward email to a Microsoft account, a Yahoo account, or a gmail or Google Suites account, and they mark any forwarded messages as spam, that counts against your server, not the original sender.
John C. Reid  / Technology Director
John@prime42.net  / (530) 691-0042
1300 West Street, Suite 206, Redding, CA 96001

1
Emily Ward Replied
Employee Post
@Mik,

To answer your question about reports to see incoming/outgoing emails per domain and user, you will find this as the system admin in Reports > Message Traffic. When you first click on the report it will be set to "Trend" mode. You can change this to "Domains", click on the domain you want to view, then change the mode to "Users".
Emily Ward
Customer Relations and Partner Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread