Hotmail & Blueyonder Block My Server IP.

Jul 18, 2007

All messages sent by my mail queue in cPanel are being blocked by Hotmail and the British ISP Blueyonder.

It only affects these two mail-companies.

Is there any way to clear the blocks set by them as I just got a new server and wouldn't rly nice to change IPs.

View 6 Replies


ADVERTISEMENT

Hotmail Blocked My Server

Aug 25, 2007

When my forum sends out emails to Hotmail users, I always get this message back:

Quote:

SMTP error from remote server after MAIL command:

host mx3.hotmail.com:
550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help. For e-mail delivery information, please go to [url]

How do I get off the blacklist? This is affecting all my forum users using Hotmail.

View 6 Replies View Related

Hotmail Not Accepting My Server Emails

Jun 18, 2009

I have 2 cPanel servers with normal decent setups, and until today, HOTMAIL/LIVE is not accepting my e-mails.

There is no problem with GMAIL & YAHOO, btw.

When I mentioned not accepting my e-mails means it will always appear inside the Junk box instead of Inbox (for every domains in both servers)

I've tried to contact Microsoft support many times but they keep repeating the same thing. I've tried everything including make sure that my IP reputation is clean, and having domain keys.

I need some advise from you guys out there that has this issue before and start from sketch, what do I need to do to identify what Microsoft servers actually want from me?

Here's their 'robotic' respond.

1) Make sure that you have SPF/SIDF records in place. You
can go to [url]
for more information on this.

2) Clean up your lists. Remove those who do not want to
receive the emails. Make the unsubscribe process more visible. Hotmail
also has a sender complaint feedback loop program called the Junk Email
Reporting Program (JMRP). Enrollment in this free program will benefit
you as a sender as it will keep your email lists updated and populated
with interested Windows Live Hotmail Customers. This program will help
you to remove those Windows Live Hotmail Customers who do not want to
receive emails from your company. If you are interested in joining this
program, please visit
[url
_options_form_byemail&ct=eformts

3) Ensure that there is not anything technically wrong with
your MTA. Are your DNS records updated, are you transmitting data upon
making the SMTP connection, and is the problem isolated to any specific
machines? Do your SMTP logs show any failures?

4) Segment your mailing infrastructure by IP. Marketing
email, transactional corporate email, "forward to a friend" email and
signup emails should be sent from different IP's. This will help to
identify what types of messages are being flagged by Hotmail customers.

5) Strengthen the sign up process. Confirm that you are
using a double-opt-in sign up process. This will not help in removing
existing Hotmail customers from your email lists, but it will confirm
the authenticity of those who sign-up for your email campaigns and
newsletters.

6) If you have any feedback loops setup with other ISPs,
you should look for trends to try to determine possible causes - a new
data source? New advertisement? Maybe folks signing up do not recognize
the mail?

7) Clearly mark your emails so that Hotmail customers are
able to identify quickly and easily that they requested emails from your
service.

8) Do some analysis on the data regarding complaints - look
at Hotmail customers who have never clicked, opened, responded or
bounced in any way. These poor performers could contain many bad
addresses.

9) Evaluate the frequency of your mailings. Are you making
your mailings less relevant and welcome by sending too many emails?

10) Enroll in the Sender Score program. This is the only white
list that Hotmail uses. It is owned and operated by Return Path. You can
find information about this program at
[url

11) Please visit [url]
to verify that your IP is not being listed
on any third party block lists.

12) We also recommend that you take advantage of the following
email delivery consulting companies who participate in the Messaging
Anti-Abuse Working Group [url]
), and the Authentication and Online Trust
Alliance [url]

View 7 Replies View Related

My Server Ip Address Is Blocked By Hotmail

Mar 15, 2008

I cannot send emails to name@hotmail.com from any of sites hosted on my server. No mass emails. no unusual activities. Even though they blocked it. I filled out their forms but they didn't remove the block.

View 11 Replies View Related

Hotmail Rejecting Server Mail

Mar 3, 2008

Testing out Clientexec, and every time a welcome email is supposed to be sent, it's not.

So i set up a SPF record for the domain, and it started sending that email. However, when checking the hotmail it's tagged as "phishing scam".

View 7 Replies View Related

Hotmail Refusing All Mail From Our Server...

Jul 9, 2007

I'm in the process of trying to contact Hotmail. I thought it was an SPF issue but that did not fix it. I then thought rDNS, but on an old server the rDNS also pointed to the DC and not to the server hostname and it worked fine. I'm going ahead to fix the rDNS, but I'm not sure that it will fix this.

Anyway, does anyone know the solution here by chance?

Here's the error message (a 550):

xxxxxxxxxxxx@hotmail.com
SMTP error from remote mail server after MAIL FROM:<denver@higherpurposes.com> SIZE=1922:
host mx2.hotmail.com [65.54.245.40]: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to http://postmaster.msn.com.

if you are an end-user please contact your E-mail/Internet Service Provider for assistance.

View 14 Replies View Related

Mail-Server Issues With Hotmail

Dec 4, 2007

On the main mail server I run from my site I have being receiving a lot of issues when trying to send mail to hotmail. I do not receive any error messages, the mail is just never received it is filtered out(it does not even show up in the spam filter). I am not a spammer and have never been. My IP and domain check out fine when I put them through spam databases. So is there some trick to getting your mail accepted?

View 3 Replies View Related

Server Bouncing Emails To Hotmail, MSN And Others

Aug 6, 2007

I have one of our servers that is bouncing all sent emails to hotmail, MSN and some others. The emails often come back saying they are bounced as SPAM.

There were SPAM issues on this particular server at one point, but have since been corrected one we tightened it up.

Now, how can I fix this? Can I change the servers hostname? Are they rejecting by hostname, or by IP?

And do I need to just contact each provider and try to get off their blacklist?

View 5 Replies View Related

Hotmail , Yahoo And New Server Sending Problems

Feb 13, 2008

i've new server with 2 ips ,

i can't send emails to hotmail

i made spf , domainkey , rDNS

everything is ok , i contacted Hotmail to be part of SenderId program ,and told me 2 days and sending will be ok , i waited for 10 days , till now every new member can't recive ctivation email , what shall i do ??????

My server not open relays ... Not in blacklist ....

View 14 Replies View Related

My Server Not Sending Mail To Yahoo & Hotmail

Jul 1, 2009

i have problem in my server from 2 weeks ago server stop sending mail to yahoo and hotmail but to gmail send good without any problem i make SPF and add it for all domains after that mail worked Good in 1 day after that the problem come again

View 14 Replies View Related

My Server Not Send Mail To Yahoo & Hotmail

Jun 6, 2009

i have problem when send mail from my server to hotmail or yahoo server not send and all mail see it in mail Queue

i make

stop for exim and make

/scripts/eximup --force

after exim install and finished when send 1 mail the mail arrive good without any problem when send again server not send and the problem still again

View 5 Replies View Related

My New Server Dose Not Send Email To Hotmail

Nov 25, 2007

iam always having problem with Email know i have order a new server i try to use some script like phpbb.vb.ipb and some other script that have options to send email when people register etc...

if i register use hotmail there is no email will come to me in my inbox why ?

but if i send email from my hotmail email to my domian name email i get it

so i make some research on the net i find something maybe this could be the problem but as i am newbie to the server i have no idea how i can fix this problem

Quote:

set reverse DNS for your IP address and if possible an SPF record for your domain.

as you can see he is asking me to set the dns etc i dont no . is there anything i could do via WHM/CP/SSL"PuTTy" etc

View 14 Replies View Related

YAHOO/HOTMAIL/GOOGLE Flagging Emails From My Server As Spam

Mar 11, 2009

I cannot figure this out.. I have tried EVERYTHING..

I am running a php script using the mail() function and sending an email..

I have had reverse dns point to the domain
I set an SPF record
My IP is not blacklisted.. I have had the dedicated server for 2 years now also

I modified a few things in the sendmail files.. I am stuck..

I am running freeBSD.. My buddy has his server set up with all of the same sendmail settings being the same.. and his emails don't get flagged..

View 10 Replies View Related

Bought Private Domain Name Server (DNS) To Prevent Hotmail Bouncing...am I Wrong?

May 12, 2009

While I am used to reselling and domain registration stuff, I am totally new to DNS stuff..I tried many searches and readings without hope.
that's why I need your help.

We have a problem that makes both incoming and outgoing emails from our website's email server not going or received, without any failure message or error message on both sides: the sender and receiver.

We talked to our webhosting company- they do not own, but host on a dedicated provided by Iweb in Canada - and they told us a quick solution for this:

To buy a private IP address, therefore our websites with them will not get blocked as spammy IP, setting us away from the dozens of sites they have on the same server IP (as domaintools reverse IP reported: xx other sites hosted on this server).

The company I work for agreed on this solution immediately as we are loosing customers for this problem.

They charged us 8$ a month for this "private ip".

We had the same problem for another day after their solution, when I checked domaintools, I found our websites are still on the same IP of the company. I called them, and the Admin there told me: it's a hidden CNAME setting that is not shown to public because it's "private" and the delay happenned because we had to contact Hotmail staff and wait for their reply to include it in their safe list, but others as Gmail and Yahoo do not require contacting them and will go through automatically."

My question is:

- What is Private IP/ Private DNS?
- Why and how it is used to prevent false blocking/bouncing?
- Does that mean they had to sell it to every domain, while their IP is not on blacklists (I checked it).
- Is Private IP just an internal setting or it has to be bought from a large ISP
like regular/public IPs? and if just some settings, is this price fair? we pay 120$ annually for hosting one site with them.
- They told us they put our other two sites on theis same new private IP. How can this be possible?
- I cannot understand: Hotmail can prevent our emails from reaching inboxes, but can it also prevent its users emails from reaching us?? Is this issue a Private-IP related??
- What do you think the real problem is, and what advice(s) should I follow to have our emails going and coming smoothly in the future?

Note: We don't send unsolicited emails ever. We only have a 1500-member mailinglist that we send a newsletter to, once every few months.

Our daily email traffic is about 10 to 20 messages in and out.

View 14 Replies View Related

CSF Settings Block My Server ..

Sep 6, 2008

I have a problem with my csf setting dunno why now when i start csf i block my server, i come from backup before with same config and working very well dunno why not working in this time.

Code:
###############################################################################
# Copyright 2006, Way to the Web Limited
# URL: http://www.waytotheweb.com
# Email: sales@waytotheweb.com
###############################################################################
# This configuration is for use with generic Linux servers, do not change the
# following setting:
GENERIC = "1"

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = "0"

# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"

# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which
# runs once per day to see if there is an update to csf+lfd and upgrades if
# available and restarts csf and lfd. Updates do not overwrite configuration
# files or email templates. An email will be sent to the root account if an
# update is performed
AUTO_UPDATES = "1"

# By default, csf will auto-configure iptables to filter all traffic except on
# the local (lo:) device. If you only want iptables rules applied to a specific
# NIC, then list it here (e.g. eth1, or eth+)
ETH_DEVICE = "venet0"

# If you don't want iptables rules applied to specific NICs, then list them in
# a comma separated list (e.g "eth1,eth2")
ETH_DEVICE_SKIP = ""

# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Allow incoming TCP ports
TCP_IN = "21,22,25,53,80,110,143,443,993,995,3306,3784,7776:7779,8767,10000,35000:36000,14534,51234,25000:26000,9339,6969"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,953,995,9339,6969,5558,2222"

# Allow incoming UDP ports
UDP_IN = "20,21,53,953,3784,8767,1000"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,953,1000:3800,6100,6881"

# Allow incoming PING
ICMP_IN = "1"

# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to "0"
ICMP_IN_RATE = "1/s"

# Allow outgoing PING
ICMP_OUT = "1"

# Set the per IP address outgoing ICMP packet rate
# To disable rate limiting set to "0"
ICMP_OUT_RATE = "1/s"

# If this is a MONOLITHIC kernel (i.e. it has no LKM support, e.g. a VPS) then
# set this to 1. Because of the nature of monolithic kernels, it's not easy to
# determine which modules have been built-in, so some functionality may not be
# available and this firewall script may not work.
#
# One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel
# modules are not available. If this happens, FTP passive mode (PASV) won't
# work. In such circumstances you will have to open a hole in your firewall and
# configure the FTP daemon to use that same hole. For example, with pure-ftpd
# you could add the port range 30000:35000 to TCP_IN and add the following line
# to /etc/pure-ftpd.conf (without the leading #):
# PassivePortRange30000 35000
# Then restart pure-ftpd and csf and passive FTP should then work
MONOLITHIC_KERNEL = "1"

# Drop target for iptables rules. This can be set to either DROP ot REJECT.
# REJECT will send back an error packet, DROP will not respond at all. REJECT
# is more polite, however it does provide extra information to a hacker and
# lets them know that a firewall is blocking their attempts. DROP hangs their
# connection, thereby frustrating attempts to port scan the server.
DROP = "DROP"

# Enable logging of dropped connections to blocked ports to syslog, usually
# /var/log/messages. This option needs to be enabled to use Port Scan Tracking
DROP_LOGGING = "1"

# Enable logging of dropped connections to blocked IP addresses in csf.deny or
# by lfd with temporary connection tracking blocks. Do not enable this option
# if you use Port Scan Tracking
DROP_IP_LOGGING = "0"

# Only log reserved port dropped connections (0:1023). Useful since you're not
# usually bothered about ephemeral port drops
DROP_ONLYRES = "0"

# Commonly blocked ports that you do not want logging as they tend to just fill
# up the log file. These ports are specifically blocked (applied to TCP and UDP
# protocols) for incoming connections
DROP_NOLOG = "67,68,111,113,135:139,445,513,520"

# Enable packet filtering for unwanted or illegal packets
PACKET_FILTER = "1"

# Log packets dropped by the packet filtering option PACKET_FILTER. This will
# show packet drops that iptables has deemed INVALID (i.e. there is no
# established TCP connection in the state table), or if the TCP flags in the
# packet are out of sequence or illegal in the protocol exchange.
#
# If you see packets being dropped that you would rather allow then disable the
# PACKET_FILTER option above by setting it to "0"
DROP_PF_LOGGING = "0"

# Enable SYN flood protection. This option configures iptables to offer some
# protection from tcp SYN packet DOS attempts. You should set the RATE so that
# false-positives are kept to a minimum otherwise visitors may see connection
# issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables
# man page for the correct --limit rate syntax
SYNFLOOD = "0"
SYNFLOOD_RATE = "4/s"

# Enable verbose output of iptables commands
VERBOSE = "1"

# Log lfd messages to SYSLOG in addition to /var/log/lfd.log. You must have the
# perl module Sys::Syslog installed to use this feature
SYSLOG = "1"

# If you wish to allow access from dynamic DNS records (for example if your IP
# address changes whenever you connect to the internet but you have a dedicated
# dynamic DNS record from the likes of dyndns.org) then you can list the FQDN
# records in csf.dyndns and then set the following to the number of seconds to
# poll for a change in the IP address. If the IP address has changed iptables
# will be updated.
#
# A setting of 600 would check for IP updates every 10 minutes. Set the value
# to 0 to disable the feature
DYNDNS = "0"

# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be
# important as a large number of IP addresses create a large number of iptables
# rules (4 times the number of IP's) which can cause problems on some systems
# where either the the number of iptables entries has been limited (esp VPS's)
# or where resources are limited. This can result in slow network performance,
# or, in the case of iptables entry limits, can prevent your server from
# booting as not all the required iptables chain settings will be correctly
# configured. The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting
DENY_IP_LIMIT = "100"

# Limit the number of IP's kept in the temprary IP ban list. If the limit is
# reached the oldest IP's in the ban list will be removed and allowed
# regardless of the amount of time remaining for the block
# Set to 0 to disable limiting
DENY_TEMP_IP_LIMIT = "100"

# Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK = "0"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"

# Permanently block IPs by network class. The following enables this feature
# to permanently block classes of IP address where individual IP addresses
# within the same class LF_NETBLOCK_CLASS have already been blocked
# LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
# LF_NETBLOCK to "1" to enable this feature
#
# This can be an affective way of blocking DDOS attacks launched from within
# the same networ class
#
# Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
# consideration is required when blocking network classes A or B
#
# Set LF_NETBLOCK to "0" to disable this feature
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"

# The follow Global options allow you to specify a URL where csf can grab a
# centralised copy of an IP allow or deny block list of your own. You need to
# specify the full URL in the following options, i.e.:
# http://www.somelocation.com/allow.txt
#
# The actual retrieval of these IP's is controlled by lfd, so you need to set
# LF_GLOBAL to the interval (in seconds) when you want lfd to retrieve. lfd
# will perform the retrieval when it runs and then again at the specified
# interval. A sensible interval would probably be every 3600 seconds (1 hour)
#
# You do not have to specify both an allow and a deny file
#
# You can also configure a global ignore file for IP's that lfd should ignore
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
LF_GLOBAL = ""

# Enable login failure detection daemon (lfd). If set to 0 none of the other LF
# settings have any effect as the daemon won't start.
# When the trigger level of failures is reached lfd will use csf to add the IP
# to the /etc/csf/csf.deny file and block it
LF_DAEMON = "1"

# The following[*] triggers are application specific. If you set LF_TRIGGER to
# "0" the value of each trigger is the number of failures against that
# application that will trigger lfd to block the IP address
#
# If you set LF_TRIGGER to a value greater than "0" then the following[*]
# application triggers are simply on or off ("0" or "1") and the value of
# LF_TRIGGER is the total cumulative number of failures that will trigger lfd
# to block the IP address
#
# Setting the application trigger to "0" disables it
LF_TRIGGER = "0"

# If LF_TRIGGER is > 1 then the following can be set to "1" to permanently
# block the IP address, or if set to a value greater than "1" then the IP
# address will be blocked temporarily for the value in seconds. For example:
# LF_TRIGGER = "1" => the IP is blocked permanently
# LF_TRIGGER = "3600" => the IP is blocked temporarily for 1 hour
#
# If LF_TRIGGER is 0, then the application LF_[application]_PERM value works in
# the same way as above
LF_TRIGGER_PERM = "1"

# To only block access to the failed application instead of a complete block
# for an ip address, you can set the following to "1", but LF_TRIGGER must be
# set to "0" with specific application[*] trigger levels also set
LF_SELECT = "0"

#[*]Enable login failure detection of sshd connections
LF_SSHD = "5"
LF_SSHD_PERM = "1"

#[*]Enable login failure detection of pure-ftpd connections
LF_FTPD = "10"
LF_FTPD_PERM = "1"

#[*]Enable login failure detection of SMTP AUTH connections
LF_SMTPAUTH = "5"
LF_SMTPAUTH_PERM = "1"

#[*]Enable login failure detection of courier pop3 connections. This will not
# trap the older cppop daemon
LF_POP3D = "10"
LF_POP3D_PERM = "1"

#[*]Enable login failure detection of courier imap connections. This will not
# trap the older cpimap (uwimap) daemon
LF_IMAPD = "10"
LF_IMAPD_PERM = "1"

#[*]Enable login failure detection of Apache .htpasswd connections
# Due to the often high logging rate in the Apache error log, you might want to
# enable this option only if you know you are suffering from attacks against
# password protected directories
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "1"

#[*]Enable failure detection of Apache mod_security connections
# Due to the often high logging rate in the Apache error log, you might want to
# enable this option only if you know you are suffering from attacks against
# web scripts
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"

#[*]Enable detection of suhosin triggers and blocking of attackers
# Example: LF_SUHOSIN = "5"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"

# Check that csf appears to have been stopped. This checks the status of the
# iptables INPUT chain. If it's not set to DROP, LF will run csf. This will not
# happen if TESTING is enabled above. The check is done every 300 seconds
LF_CSF = "1"

# Send an email alert if anyone logs in successfully using SSH
LF_SSH_EMAIL_ALERT = "1"

# Send an email alert if anyone uses su to access another account. This will
# send an email alert whether the attempt to use su was successful or not
LF_SU_EMAIL_ALERT = "1"

# Enable Directory Watching. This enables lfd to check /tmp and /dev/shm
# directories for suspicious files, i.e. script exploits. If a suspicious
# file is found an email alert is sent. Only one alert per file is sent until
# lfd is restarted, so if you remove a suspicious file, remember to restart lfd
#
# To enable this feature set the following to the checking interval in seconds.
# Set to disable set to "0"
LF_DIRWATCH = "60"

# To remove any suspicious files found during directory watching, enable the
# following. These files will be appended to a tarball in
# /etc/csf/suspicious.tar
LF_DIRWATCH_DISABLE = "0"

# This option allows you to have lfd watch a particular file or directory for
# changes and should they change and email alert using watchalert.txt is sent
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 60 would seem sensible) and add your entries to csf.dirwatch
#
# Set to disable set to "0"
LF_DIRWATCH_FILE = "0"

# This is the interval that is used to flush reports of usernames, files and
# pids so that persistent problems continue to be reported, in seconds.
# A value of 3600 seems sensible
LF_FLUSH = "3600"

# System Integrity Checking. This enables lfd to compare md5sums of the
# servers OS binary application files from the time when lfd starts. If the
# md5sum of a monitored file changes an alert is sent. This option is intended
# as an IDS (Intrusion Detection System) and is the last line of detection for
# a possible root compromise.
#
# There will be constant false-positives as the servers OS is updated or
# monitored application binaries are updated. However, unexpected changes
# should be carefully inspected.
#
# Modified files will only be reported via email once.
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 3600 would seem sensible). This option may pur an increased I/O
# load onto the server as it checks system binaries.
#
# To disable set to "0"
LF_INTEGRITY = "3600"

# System Exploit Checking. This enables lfd to check for the Random JS Toolkit
# and may check for others in the future:
# http://www.cpanel.net/security/notes/random_js_toolkit.html
# It compares md5sums of the binaries listed in the exploit above for changes
# and also attempts to create and remove a number directory
#
# Modified files will only be reported via email once, though will be reset
# after an hour
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 300 would seem sensible).
#
# To disable set to "0"
LF_EXPLOIT = "300"

# This comma separated list allows you to (de)select which tests LF_EXPLOIT
# performs
#
# For the SUPERUSER check, you can list usernames in csf.suignore to have them
# ignored for that test
#
# Valid tests are:
# JS,SUPERUSER
LF_EXPLOIT_CHECK = "JS,SUPERUSER"

# Set the time interval to track login failures within (seconds), i.e.
# LF_TRIGGER failures within the last LF_INTERVAL seconds
LF_INTERVAL = "300"

# Set the log file parsing interval (seconds). This is how long the daemon
# sleeps before processing the log file entries since the last scan finished
LF_PARSE = "5"

# Send an email alert if an IP address is blocked
LF_EMAIL_ALERT = "1"

# Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour
# per IP
LT_EMAIL_ALERT = "1"

# Block POP3 logins if greater than LT_POP3D times per hour per account per IP
# address (0=disabled)
LT_POP3D = "15"

# Block IMAP logins if greater than LT_IMAPD times per hour per account per IP
# address (0=disabled) - not recommended for IMAP logins due to the ethos
# within which IMAP works. If you want to use this, setting it quite high is
# probably a good idea
LT_IMAPD = "0"

# Enable IP range blocking using the DShield Block List at
# http://www.dshield.org/block_list_info.php
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
LF_DSHIELD = "86400"

# The DShield block list URL. If you change this to something else be sure it
# is in the same format as the block list
LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"

# Enable IP range blocking using the Spamhaus DROP List at
# http://www.spamhaus.org/drop/index.lasso
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
LF_SPAMHAUS = "86400"

# The Spamhaus DROP List URL. If you change this to something else be sure it
# is in the same format as the drop list
LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"

# Enable IP range blocking using the BOGON List at
# http://www.cymru.com/Bogons/
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the length
# of a day, so it would be appropriate to only update once every 24 hours, so
# a value of "86400" is recommended
#
# Do NOT use this option if your server uses IP's on the bogon list (e.g. this
# is often the case with servers behind a NAT firewall using ip routing)
LF_BOGON = "0"

# The BOGON List URL. If you change this to something else be sure it
# is in the same format as the drop list
LF_BOGON_URL = "http://www.cymru.com/Documents/bogon-bn-agg.txt"

# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be arround 200.
#
# To disable this feature, set this to 0
CT_LIMIT = "200"

# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans. Don't set this too low or you will affect server
# performance as lfd runs netstat each time to determine the connections
CT_INTERVAL = "60"

# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = "1"

# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared periodically or whenever the firewall
# is restarted
CT_PERMANENT = "0"

# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = "3200"

# If you don't want to count the TIME_WAIT state against the connection count
# then set the following to "1"
CT_SKIP_TIME_WAIT = "0"

# If you only want to ount specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. "SYN_RECV,TIME_WAIT"
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES = ""

# Process Tracking. This option enables tracking of user and nobody processes
# and examines them for suspicious executables or open network ports. Its
# purpose is to identify potential exploit processes that are running on the
# server, even if they are obfuscated to appear as system services. If a
# suspicious process is found an alert email is sent with relevant information.
# It is then the responsibility of the recipient to investigate the process
# further as the script takes no further action. Processes (PIDs) are only
# reported once unless lfd is restarted.
#
# The following is the number of seconds a process has to be active before it
# is inspected. If you set this time too low, then you will likely trigger
# false-positives with CGI or PHP scripts.
# Set the value to 0 to disable this feature
PT_LIMIT = "60"

# How frequently processes are checked in seconds
PT_INTERVAL = "60"

# If you want process tracking to highlight php or perl scripts that are run
# through apache for greater than PT_LIMIT seconds then disable the following,
# i.e. set it to 0
#
# While enabling this setting will reduce false-positives, having it set to 0
# does provide better checking for exploits running on the server
PT_SKIP_HTTP = "1"

# User Process Tracking. This option enables the tracking of the number of
# process any given linux account is running at one time. If the number of
# processes exceeds the value of the following setting an email alert is sent
# with details of those processes. A user is only reported once, so lfd must be
# restarted to reinstate checking of all users. If you specify a user in
# csf.pignore it will be ignored
#
# Set to 0 to disable this feature
PT_USERPROC = "10"

# This User Process Tracking option sends an alert if any linux user process
# exceeds the memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set PT_USERKILL to have lfd kill off the process
#
# Set to 0 to disable this feature
PT_USERMEM = "100"

# This User Process Tracking option sends an alert if any linux user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set PT_USERKILL to have lfd kill off the process
#
# Set to 0 to disable this feature
PT_USERTIME = "3200"

# If this option is set then processes detected by PT_USERMEM or PT_USERTIME
# or PT_USERPROC are killed
PT_USERKILL = "0"

# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and
# defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the
# load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
# sent. lfd then does not report subsequent high load until PT_LOAD_SKIP
# seconds has passed to prevent email floods.
#
# Set PT_LOAD to "0" to disable this feature
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"

# If a PT_LOAD event is triggered, then if the following contains the path to
# a script, it will be run in a child process. For example, the script could
# contain commands to terminate and restart httpd, php, exim, etc incase of
# looping processes
PT_LOAD_ACTION = ""

# Port Scan Tracking. This feature tracks port blocks logged by iptables to
# syslog. If an IP address generates a port block that is logged more than
# PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked.
#
# This feature could, for example, be useful for blocking hackers attempting
# to access the standard SSH port if you have moved it to a port other than 22
# and have removed 22 from the TCP_IN list so that connection attempts to the
# old port are being logged
#
# This feature blocks all iptables blocks from the iptables logs, including
# repeated attempts to one port or SYN flood blocks, etc
#
# Note: This feature will only track iptables blocks from the log file set in
# IPTABLES_LOG below and if you have DROP_LOGGING enabled. However, it will
# cause redundant blocking with DROP_IP_LOGGING enabled
#
# Warning: It's possible that an elaborate DDOS (i.e. from multiple IP's)
# could very quickly fill the iptables rule chains and cause a DOS in itself.
# The DENY_IP_LIMIT should help to mitigate such problems with permanent blocks
# and the DENY_TEMP_IP_LIMIT with temporary blocks
#
# Set PS_INTERVAL to "0" to disable this feature. A value of between 60 and 300
# would be sensible to enable this feature
PS_INTERVAL = "0"
PS_LIMIT = "10"

# You can specify the ports and/or port ranges that should be tracked by the
# Port Scan Tracking feature. The following setting is a comma separated list
# of those ports and uses the same format as TCP_IN. The default setting of
# 0:65535 covers all ports
PS_PORTS = "0:65535"

# You can select whether IP blocks for Port Scan Tracking should be temporary
# or permanent. Set PS_PERMANENT to "0" for temporary and "1" for permanent
# blocking. If set to "0" PS_BLOCK_TIME is the amount of time in seconds to
# temporarily block the IP address for
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"

# Set the following to "1" to enable Port Scan Tracking email alerts, set to
# "0" to disable them
PS_EMAIL_ALERT = "1"

View 9 Replies View Related

SMTP Server > ISP's Block

Feb 22, 2008

As some of you might already know, many ISP's have been blocking outbound traffic via port 25 to try to lower the amount of spam sent from thier clients.

I am looking for a free smtp server for windows. (This is just for me to use, personal) I would rather run it on my windows server than my linux. I have tried over 7 free ones already including "Free SMTP Server" and after time they have all failed/not worked well/gave errors/and whatnot. Could anyone recommend me a simple smtp server I could run on my windows dedi that also has the function/option to change the incoming/outgoing port from 25 to another #?

View 9 Replies View Related

How To Block A Mail Server

Dec 12, 2008

Our server is currently getting flooded with a lot of emails..

How do I block all emails originating from a server? we are using procmail

Here is a sample email from the mqueue.site directory

[root@turtle mqueue.site]# cat qfmBD3dg4o022410
V6
T1229139582
K1229139582
N1
P332901
I8/3/9422258
Mbos... mime8to7: multipart nesting boundary too deep
Fbs
$_root@localhost
$rESMTP
$sturtle.domain.org ......

View 2 Replies View Related

DDOS Deflate Block Server IP

Aug 4, 2009

i have problem when using ddos deflate for ddos protection in my server,

i get this message,

Quote:

Banned the following ip addresses on Tue Aug 4 13:12:37 WIT 2009
67.21.44.60 with 4011 connections

ddos deflate is blocking my server ip, what's wrong?

: 67.21.44.60 not real my server ip just for sample

View 8 Replies View Related

Block A Website Using Microsoft DNS Server

Jan 7, 2008

on an internal network is it possible to stop a user browing to a web page using microsoft DNS server?

I just want to point java.com to 127.0.0.1 or somthing to stop people/machines automatically downloading the latest version

View 0 Replies View Related

Block All IP Addresses Except One From Accessing Server.

Jan 28, 2007

The subject pretty much says it all. A simple implementation / reversal is what we are looking for.

View 1 Replies View Related

Plesk 12.x / Linux :: How To Block IPs From Server

Sep 13, 2014

I am currently running a virtual server, and over the past couple days have had a number of brute attacks from Chinese and Indian based IP's which have been marked in my logs and trying to break in, this has pulled my websites down with the server load.

I am trying to, in the Firewall settings, add the IP's to a block list, however am unable to see where this can be configured.

View 1 Replies View Related

How Do You Block Multiple Ips In Windows 2003 Server

Oct 30, 2008

I found out the ips that were being used to attack my server, but I don't know how to block them. My provider (Limestonenetworks) will not block them from the main router because they don't believe in blocking traffic. Is there a way I can run a firewall that could block the ips? The windows firewall does not have an option to block ips. Last question, if I was to install a 3rd party firewall, it won't lock me out of the server right?

View 4 Replies View Related

How To Block IP Addresses In Windows 2003 Server - Software Firewall

Jun 18, 2007

I am running windows 2003 server.

Recently, there have been brute force attacks to try and compromise my sa password (MSSQL) and root password (MYSQL).

I would like to block certain ip addresses, but looking in the built in firewall in windows I don't see a way to do this. Is this possible with the built in tools/firewall that comes with windows 2003?

If not, can anybody recommend a simple firewall solution that will allow me to block ip addresses? I don't want something that is bloated and blocks popups, viruses, adware, etc. I just want a solution that will allow me to block ip addresses and prevent brute force attacks.

View 10 Replies View Related

Separate Mail Server- Deliver Mail To Hotmail

Oct 12, 2007

i'm thinking about building a separate mail server away from my cpanel/whm machine. that mail server will be located on a different IP address with "clean" record so that business email won't get deleted my strict rules of hotmail.

can you please tell me, generally, about this "buidling separate mail server", i.e. what MTA, software, web-mail software, will it be worth? ,etc. Pointing me in the right direction will allow me to complete the project in the shortest time.

View 2 Replies View Related

Exim Hotmail

Feb 16, 2008

I have a big problem with Hotmail and exim conf

My Customers sent many wrong emails to Hotmail and That's made my server as spam source and blocked by Hotmail

is there any conf at exim to check if email exist before sending

View 2 Replies View Related

Since Moved To Vps Hotmail

Oct 9, 2007

Since I moved to vps emails are some how being blocked by hotmail.

I have a forum which needs email activation but those registering with hotmail do not receive emails

View 14 Replies View Related

Blocked By Hotmail

Apr 23, 2007

My IP in clean from any blacklist/RBL databases but hotmail is blocking with the error message below:-

Remote host said: 550 Your e-mail was rejected for policy reasons on this gateway.

Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to [url]. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.

View 14 Replies View Related

Mail With Hotmail

Oct 27, 2007

i have a very strange problem with hotmail service i can't send any email from my domains to any hotmail account and i can't send any email from hotmail account to any domain use my IP

when i send email using my mail server i got this reply

SMTP error from remote mail server after MAIL FROM:<myemail@mydomain.com> SIZE=2402:
host mx1.hotmail.com [65.54.244.136]: 550 DY-002 Mail rejected by Windows Live Hotmail for policy reasons. The likely cause is a compromised or virus infected server/personal computer. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit [url]for email delivery information and support

i contact hotmail and they only reply my with AUTOMATIC EMAIL Asking my if i can update my MSN SOFTWARE

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved