Last week a spammer found an exploit on the district website which allowed them to use the server to send out spam email.  The exploit was simply an old mail php script that allows messages to be sent from vistors to staff members on the homepage.  This old script was not secure in that it could easily be sent instructions changing the from and to destination fields allowing it to email just about anyone.  I became aware of this issue once people began emailing informing me that all emails to Yahoo were being returned.
Looking at the Mail queue on our Kerio server,¬¨‚Ć 35,000 messages were waiting to be delivered to Yahoo – all spam.
The Spam problem was easily addressed.¬¨‚Ć Edited the mail php script and tightened the firewall on the server – closing all forms of an open relay.
What is not so easy is to get removed off of Real time blacklists from Barracuda, Yahoo and Others.
After a few Google searches on the subject I came across a few useful websites and links that address just this problem.
http://www.mxtoolbox.com/blacklists.aspx
This website simply checks your IP against a list of real time blacklists and shows which lists consider the mail server to be spam.
Originally when I ran this tool I found 4 lists that considered our IP to be a source of spam.  Of these four Barracuda and Yahoo were the two main biggies causing email frustration in the district.
I have attached a list of links that are useful in removing oneself off of a Blacklist.  It is important to not fill out a request until you have fixed the original spam issue, these lists are usually very accurate and if you fail to fix the spam problem you will be quickly re black-listed.
AOL:
Request whitelist – http://postmaster.info.aol.com/whitelist/whitelist_guides.html
Remove from RBL – http://postmaster.info.aol.com/waters/sa_form.html
Hotmail:
Remove from RBL – http://ipremoval.sms.symantec.com/lookup/
Yahoo!:
Request whitelist – http://help.yahoo.com/l/us/yahoo/mail/postmaster/postmaster_wl.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Remove from RBL – http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Barracuda
Check Status and Remove from RBL: http://www.barracudacentral.org/reputation?ip=74.247.83.218
After waiting about 48-72 hours and filling out the white list and bulk mail requests – all is well.
Recently I upgraded the schools Kerio Mail Server to Version 6.6.  Although for most end users this upgrade will not really mean any functional difference there are some differences from the administrative perspective.
With the newer version I am in the process of enabling the archiving feature – rather than just maintaining a backup of the email system a full archival system will make it easy to retrieve or review email. ¬¨‚ĆWith recent legislative action taken in Illinois it looks like schools are going to be required to archive email systems – with this update and feature enabled the school district will begin archiving.
Kerio continues to deliver a quality product as the installation / upgrade went flawless, lasting only 15 minutes with zero errors.
M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 | 31 |