Composite blocking list에 저희 서버가 자꾸 등록이 되는데요-- 정보
Composite blocking list에 저희 서버가 자꾸 등록이 되는데요--
본문
아래와 같이 등록이 자꾸 되어서 어디 회사로 이메일을 보내기 힘드네요--;;;
전부 브록킹리스트라고 반송되어 옵니다.
화이트 도메인은 등록된 상태인데
delist시켜도 또 등록되고-_-;;; 반복해도 계속 등록이 됩니다.
영카트4 사용하고 저희는 회원들에게 메일도 잘 안보내는 사이트입니다.-_-
서버 회사에 얘기해서 ip도 바꿔봐도
또 똑같고 서버회사 옮기기전엔 이런문제는 없었는데요--
혹시 이런경험 있으신분 있으신가요?
CBL Lookup Utility
Please note: the CBL is under a distributed denial of service attack (DDOS). See our home page for further information.
Automated/scripted bulk lookups are forbidden. Upon detection, automated scripts will be denied access, and the source IP may be listed in the CBL.
Enter an IP address:
--------------------------------------------------------------------------------
IP Address 220.95.2xx.44 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2013-04-03 20:00 GMT (+/- 30 minutes), approximately 6 days, 13 hours ago.
It has been relisted following a previous removal at 2013-03-28 01:24 GMT (13 days, 7 hours, 13 minutes ago)
This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).
The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO'ing this way, all but a handful are infected and spewing junk. Even if it isn't an infection, it's a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it's best to fix it regardless of whether the CBL notices it or not.
DO NOT TELNET TO YOUR SERVER TO SEE WHAT IT SAYS. Telnet will show you the banner, not the HELO.
EVEN IF YOU TEST YOUR MAIL SERVER SOFTWARE AND IT HELOS PROPERLY, THAT DOES NOT MEAN THAT THIS LISTING IS IN ERROR - YOUR IP REALLY DID HELO AS "localhost.localdomain". Our system doesn't make mistakes about this. This just means that something OTHER than your mail server software is making the connections. In fact, finding that your mail server is NOT HELO'ing as "localhost.localdomain" essentially proves this is an infection, not a misconfiguration.
There is often confusion between the SMTP "banner" and the SMTP "HELO" (or EHLO) command. These are completely different things, and proper understanding is important.
First some terminology (somewhat simplified to aid understanding):
A "SMTP client" is a piece of software that makes SMTP connections to SMTP servers to send a piece of email to the server. Most E-mail servers consist of an "SMTP listener" (to listen for and handle connections made to them by SMTP clients), an SMTP client (to send emails to other mail servers) and a local delivery agent (LDA) to deliver email to "local" users (eg: via POP or IMAP).
Thus, SMTP clients make connections to SMTP listeners, and issue SMTP commands to the listener.
The "HELO" (or "EHLO") command (see RFC2821) is a command issued by the SMTP client to an SMTP server to identify the name of the client. "HELO mail.example.com" means, essentially, "Hi there, my name is mail.example.com".
The "SMTP banner" is what the listener says in response the initial connection or in response to the HELO command.
The CBL works in many cases by seeing what SMTP clients say (in the HELO/EHLO command) when the client connects to a CBL detector. Since the CBL NEVER does SMTP probes, it has no way of knowing how a given IP banners.
You can test SMTP banners with telnet and other similar diagnostic tools, but you CANNOT test SMTP HELO/EHLO with telnet.
For that, you can send an email to *** 개인정보보호를 위한 이메일주소 노출방지 ***. That will reject the email (as an error), and the error will show you what the HELO/EHLO was.
If this IP is a mail server: please read namingproblems to find out why your IP was listed, and ways to fix it so it doesn't relist.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
How to resolve future problems and prevent relisting
전부 브록킹리스트라고 반송되어 옵니다.
화이트 도메인은 등록된 상태인데
delist시켜도 또 등록되고-_-;;; 반복해도 계속 등록이 됩니다.
영카트4 사용하고 저희는 회원들에게 메일도 잘 안보내는 사이트입니다.-_-
서버 회사에 얘기해서 ip도 바꿔봐도
또 똑같고 서버회사 옮기기전엔 이런문제는 없었는데요--
혹시 이런경험 있으신분 있으신가요?
CBL Lookup Utility
Please note: the CBL is under a distributed denial of service attack (DDOS). See our home page for further information.
Automated/scripted bulk lookups are forbidden. Upon detection, automated scripts will be denied access, and the source IP may be listed in the CBL.
Enter an IP address:
--------------------------------------------------------------------------------
IP Address 220.95.2xx.44 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2013-04-03 20:00 GMT (+/- 30 minutes), approximately 6 days, 13 hours ago.
It has been relisted following a previous removal at 2013-03-28 01:24 GMT (13 days, 7 hours, 13 minutes ago)
This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).
The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO'ing this way, all but a handful are infected and spewing junk. Even if it isn't an infection, it's a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it's best to fix it regardless of whether the CBL notices it or not.
DO NOT TELNET TO YOUR SERVER TO SEE WHAT IT SAYS. Telnet will show you the banner, not the HELO.
EVEN IF YOU TEST YOUR MAIL SERVER SOFTWARE AND IT HELOS PROPERLY, THAT DOES NOT MEAN THAT THIS LISTING IS IN ERROR - YOUR IP REALLY DID HELO AS "localhost.localdomain". Our system doesn't make mistakes about this. This just means that something OTHER than your mail server software is making the connections. In fact, finding that your mail server is NOT HELO'ing as "localhost.localdomain" essentially proves this is an infection, not a misconfiguration.
There is often confusion between the SMTP "banner" and the SMTP "HELO" (or EHLO) command. These are completely different things, and proper understanding is important.
First some terminology (somewhat simplified to aid understanding):
A "SMTP client" is a piece of software that makes SMTP connections to SMTP servers to send a piece of email to the server. Most E-mail servers consist of an "SMTP listener" (to listen for and handle connections made to them by SMTP clients), an SMTP client (to send emails to other mail servers) and a local delivery agent (LDA) to deliver email to "local" users (eg: via POP or IMAP).
Thus, SMTP clients make connections to SMTP listeners, and issue SMTP commands to the listener.
The "HELO" (or "EHLO") command (see RFC2821) is a command issued by the SMTP client to an SMTP server to identify the name of the client. "HELO mail.example.com" means, essentially, "Hi there, my name is mail.example.com".
The "SMTP banner" is what the listener says in response the initial connection or in response to the HELO command.
The CBL works in many cases by seeing what SMTP clients say (in the HELO/EHLO command) when the client connects to a CBL detector. Since the CBL NEVER does SMTP probes, it has no way of knowing how a given IP banners.
You can test SMTP banners with telnet and other similar diagnostic tools, but you CANNOT test SMTP HELO/EHLO with telnet.
For that, you can send an email to *** 개인정보보호를 위한 이메일주소 노출방지 ***. That will reject the email (as an error), and the error will show you what the HELO/EHLO was.
If this IP is a mail server: please read namingproblems to find out why your IP was listed, and ways to fix it so it doesn't relist.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
How to resolve future problems and prevent relisting
댓글 전체
영어가 짧아서 아래쪽은 봐도 모르겠으나
회원들에게 메일도 잘 안보내는 사이트입니다<--- 그렇다면 서버가 스팸서버로 이용당하고 있을 가능성이
보입니다
먼저 서버에 텔넷접속해서 메일발송/수신 로그를 살펴보세요
아마 root계정 메일에 뭔가 엄청 쌓여있을 것 같은 추측이...
회원들에게 메일도 잘 안보내는 사이트입니다<--- 그렇다면 서버가 스팸서버로 이용당하고 있을 가능성이
보입니다
먼저 서버에 텔넷접속해서 메일발송/수신 로그를 살펴보세요
아마 root계정 메일에 뭔가 엄청 쌓여있을 것 같은 추측이...
그쪽 로그를 봐도 별 그런 증상은 보이지 않나 봅니다--
