Topic: how to stop email spam

[savolkis]

Have you ran full virus scans on your 5 LAN PC's ? / Yes

Are your PC email clients configured to send mail via the sme servers smtp server or are they sending directly to your ISPs smtp server ? / Yes

Is anonymous@kompiuteriai.eu associated with your sme server ? / Yes

Is that a valid user, is that your domain name ? / No and yes its my domain name (kompiuteriai.eu)

Also you said you enabled spam control, exactly what did you enable & where ? / Configuration -> Email -> email filtering settings -> enabled (virus scan, spam filtering, spam sensitivity, sens. level 4)

Why do you say that there was "silence", how do you know that. / Because i dont see any emails going out from the server

What makes you believe that enabling spam control caused that blacklisting situation to change. / Because atm we r out of blacklist, also i can think my server could send junk emails because of another infected computer which im repairing and connecting to my lan to get drivers and other stuff. My job is computer engineering, and ive got alot infected computers, that could be a reason of black list too.

Also what blacklist was your server on, how do you know that ? / Ive got email message from "senderscore.org" about my email spam, and they add my server to the blacklist, after i made changes also updated my sme server, i write a message to remove me from the list, and they did, so for now im out of the list, i cant say its fine 100% but at this time, i dont see any spam messages.

[janet]

savolkis

What makes you believe that enabling spam control caused that blacklisting situation to change. / Because atm we r out of blacklist, also i can think my server could send junk emails because of another infected computer which im repairing and connecting to my lan to get drivers and other stuff. My job is computer engineering, and ive got alot infected computers, that could be a reason of black list too.

You should have secure SSL only connections for email enabled in server manager, to prevent virus engines from accessing your sme server smtp server. I notice you did not answer that question.

You really need to take more care if connecting virus infected computers to your LAN, it's NOT  a good idea. You should scan for viruses & remove them from any PC BEFORE  connecting to your LAN. Update them via USB. At least temporarily disable the sme server smtp server and qpsmtpd & sqsmtpd when connecting new "unknown" computers.

You are really wasting our time troubleshooting your own self created problems.

Please think more wisely before connecting any client computer.

[Xavier.A]

@savolkis
ok, what i understood by reading this post is that you are not an IT security engineer

To start a forensic search you can :

Code: [Select]

whois kompiuteriai.eu
Domain: kompiuteriai

Registrant:
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.

Reseller:

Technical:
Name: IV Hostmaster
Organisation: UAB "Interneto vizija"
Language: lt
Phone: +370.52324444
Fax: +370.52077944
Email: hostmaster@iv.lt

Registrar:
Name: UAB "Interneto vizija"
Website: www.iv.lt

Name servers:
ns1.serveriai.lt
ns2.serveriai.lt
ns3.serveriai.lt
ns4.serveriai.lt



Code: [Select]

dig kompiuteriai.eu
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> kompiuteriai.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51235
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;kompiuteriai.eu. IN A

;; ANSWER SECTION:
kompiuteriai.eu. 1783 IN A 62.80.233.104

;; Query time: 1075 msec


Code: [Select]

host 62.80.233.104
104.233.80.62.in-addr.arpa domain name pointer hst-233-104.splius.lt.

And after, you check if you are really blacklisted and why:

MXtoolbox : http://mxtoolbox.com/domain/kompiuteriai.eu/?source=findmonitors
https    kompiuteriai.eu    The Certificate is invalid
spf    kompiuteriai.eu    A Valid TXT Record was not found
spf    kompiuteriai.eu    A Valid SPF Record was not found
dns    kompiuteriai.eu    SOA Expire Value out of recommended range
smtp    aspmx.l.google.com    Warning - Reverse DNS does not match SMTP Banner
smtp    aspmx.l.google.com    5.508 seconds - Warning on Transaction Time

DNSWatch : http://www.dnswatch.info/dns/rbl-lookup?host=kompiuteriai.eu&submit=RBL+Lookup
Checked 62.80.233.104 against 142/142 RBLs.
IP 62.80.233.104 is listed in 0 Realtime Blacklist(s).

Spamhaus : http://www.spamhaus.org/lookup/
62.80.233.104 is not listed in the SBL
62.80.233.104 is not listed in the PBL
62.80.233.104 is not listed in the XBL
and
kompiuteriai.eu is not listed in the DBL
splius.lt is not listed in the DBL
hst-233-104.splius.lt is not listed in the DBL

TrendMicro : https://ers.trendmicro.com/reputations
IP:    62.80.233.104
Reputation:    Unlisted in the spam sender list
Listed in:    None

It seems your domain or your IP are not blacklisted !!!!

--/--

[Stefano]

It seems your domain or your IP are not blacklisted !!!!

so it seems to me but

Reverse DNS does not match SMTP Banner

could be a reason for mail to be blocked..

[Xavier.A]

could be a reason for mail to be blocked..

may be, but it is not because of infection, it's because of a misconfiguration and a low level in server administration knowledge 

==/==

[janet]

kid_of_leognan

Further analysis is irrelevant.

savolkis stated already that he fixed his server by implementing spam control measures & successfully requested his server be removed from the black list mentioned, so of course he no longer has the problem.
He also mentioned he deliberately connected infected workstations to his LAN, so the spamming from his server was as a result of his own unwise actions.

[savolkis]

Thank you guys for your advice and your time, for now it works fine and dont have any problems.

best regards.