The server administrator is fully responsible for the state of a server (virtual, dedicated or private).Therefore the admin should handle any problems with operations on the server - including regular check of the server for possible abuse attempts i.e. spamming or server attacks. This includes for example regular check of the mail server logs and system log (in the standard location). On the Linux VPS, in the Plesk module – you can use the rkhunter integrated in the WatchDog module. You can run it from Modules > WatchDog > Security > Start.
If a server is listed on a blocklist/blacklist (most often e.g. SpamHaus, SpamCop… it is not possible to list all of them), the administrator must take prompt action, otherwise it might cause blocking of the whole IP address range – an extreme situation our company cannot allow. The status and details can be usually found in each blocklist´s interface.
Instead of XXXX type the IP address of your server. If the address shows in the blocklist, it usually includes a link for its removal. The removal from the blocklist is usually done by the IP address range administrator (in our case it is Forpsi – who receives the abuse report), but not before the server admin is contacted. It is the server admin´s duty and responsibility to identify the problem, resolve it and prevent its repeat. If the spamming repeats and the server admin does not take necessary action to prevent it, our company can block the email ports for outgoing mail permanently – i.e. port 25. Our company blocks the adequate port (according to the type of abuse) after the 3rd warning with no adequate reaction. The blocking is irreversible.
Often, a server will be listed on the so called CBL blocklist - http://cbl.abuseat.org/lookup.cgi?ip=XXXX . This happens for the following reason: the mail server (qmail) is identified with the name HELO localhost.localdomain. This signifies a wrong configuration of the mail server – for this reason the address is being blocked. What caused this? During the first login to Plesk, the server admin has ignored the recommendation to change the hostname and left it as the default localhost.localdomain. As the result, this has been saved in /var/qmail/control/me. As all these data are generated from the Plesk database, you must do this to change it:
- Log in the Plesk with your admin account
- Go to the section Server > Server preferences, here set up the field Full hostname. It is appropriate to use the name of the domain hosted on the VPS, or the subdomain which has the same DNS A record as the server´s IP address. E. g. when you set the hostname as vps.domain.cz it is appropriate to add to the DNS record
vps.domain.cz A serveraddressIP.
Provided this is NOT a domain with functioning email service, you will have to enable accepting the error messages…. This can be done by adding the domain (subdomain) on the domain list in Plesk (in exactly the same form as in Full hostname – www is not ticked), by this, you don´t create its webhosting, but your incoming emails will be forwarded to another email account – e.g. the administrator´s email (Plesk >> Domains >> domain name >>mail >> Preferences >> Mail to nonexistent user: choose Forward to address: firstname.lastname@example.org).
- The best option is to have a reverse record set for the IP address provided with the VPS – it must have the same form as the one chosen for the hostname. For this, you must submit an authorized ticket.
Once you have done these changes, you can ask for removal of your address from the blocklist in the SpamHaus interface.