I need help to fix this issue
This IP address is HELO'ing as "localhost.localdomain" which violates the relevant standards (specifically: RFC5321).
The CBL does not list for RFC violations per-se. This particular behaviour, however, correlates strongly to spambot infections, and it is listed for that reason. Even if it isn't an infection, it's a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it's best to fix it regardless of whether the CBL notices it or not.
There is often confusion between the SMTP "banner" and the SMTP "HELO" (or EHLO) command. These are completely different things, and proper understanding is important.
First some terminology (somewhat simplified to aid understanding):
A "SMTP client" is a piece of software that makes SMTP connections to SMTP servers to send a piece of email to the server. Most E-mail servers consist of an "SMTP listener" (to listen for and handle connections made to them by SMTP clients), an SMTP client (to send emails to other mail servers) and a local delivery agent (LDA) to deliver email to "local" users (eg: via POP or IMAP).
Thus, SMTP clients make connections to SMTP listeners, and issue SMTP commands to the listener.
The "HELO" (or "EHLO") command (see RFC2821) is a command issued by the SMTP client to an SMTP server to identify the name of the client. "HELO mail.example.com" means, essentially, "Hi there, my name is mail.example.com".
The "SMTP banner" is what the listener says in response the initial connection or in response to the HELO command.
The CBL works in many cases by seeing what SMTP clients say (in the HELO/EHLO command) when the client connects to a CBL detector. Since the CBL NEVER does SMTP probes, it has no way of knowing how a given IP banners.
You can test SMTP banners with telnet and other similar diagnostic tools, but you CANNOT test SMTP HELO/EHLO with telnet.
For that, you can send an email to helocheck@cbl.abuseat.org. That will reject the email (as an error), and the error will show you what the HELO/EHLO was.
If this IP is a mail server: please read namingproblems to find out why your IP was listed, and ways to fix it so it doesn't relist.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
Comments
Submitted by andreychek on Fri, 01/06/2012 - 22:11 Comment #1
Howdy -- what output do you get if you run the command "hostname" on your server?
Submitted by paulfromsurrey on Fri, 01/06/2012 - 22:46 Pro Licensee Comment #2
localhost.localdomain
Submitted by andreychek on Fri, 01/06/2012 - 22:57 Comment #3
Ah, it looks like you don't have an FQDN setup for your server.
You can set that up by going into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client.
You'd want to setup a name in the format "host.domain.tld" -- and whatever name you setup should also have a DNS record setup for it so that it'll resolve.
Submitted by paulfromsurrey on Fri, 01/06/2012 - 23:06 Pro Licensee Comment #4
so in the hostname i will change to >>>>host.domain.tld
resulution order =hostfile dns
dns server 192.168.0.1 127.0.0.1
search domain
under listed
localdomain
when i run hostname on the server now i get out put
host.domain.tld
please let me know if this is ok
Submitted by andreychek on Fri, 01/06/2012 - 23:15 Comment #5
The only thing I'd recommend changing is your hostname. If you're seeing "host.domain.tld" now when you run "hostname", then that should be good!
Submitted by paulfromsurrey on Fri, 01/06/2012 - 23:20 Pro Licensee Comment #6
ok thanks
Submitted by paulfromsurrey on Mon, 02/06/2012 - 02:12 Pro Licensee Comment #7
Hello Sir,
can you please log in and check why i have ongoing issue with my email
ip was blocked bcz of bad setting in the email so we fix those setting as per your advice but we still have the issue
we also changed the ip of this server but we still have the same issue
i am not getting email
i send jammie the email with root access to find out what is happening
plzzz
Submitted by helpmin on Mon, 02/06/2012 - 08:26 Comment #8
You could also check whether you have a corresponding reverse dns entry for your ip address?
Submitted by andreychek on Mon, 02/06/2012 - 08:38 Comment #9
If you could also send an email to eric@virtualmin.com containing that login info, I could take a look at your system now, and see if any obvious problems stand out. Thanks!
Submitted by paulfromsurrey on Mon, 02/06/2012 - 11:39 Pro Licensee Comment #10
Email sent
Submitted by andreychek on Mon, 02/06/2012 - 11:50 Comment #11
It looks like your server's hostname is literally set to "host.domain.tld".
The name "host.domain.tld" is just an example -- that should be set to your actual FQDN hostname.
What should your server's hostname actually be? It should include a domain that you own.
Submitted by paulfromsurrey on Mon, 02/06/2012 - 12:38 Pro Licensee Comment #12
Planetgrouprealty.com. Is the domain
Submitted by paulfromsurrey on Mon, 02/06/2012 - 12:40 Pro Licensee Comment #13
Plz let me know ASAP
Submitted by paulfromsurrey on Mon, 02/06/2012 - 12:42 Pro Licensee Comment #14
Host.planetrealty.com.tld
Submitted by andreychek on Mon, 02/06/2012 - 12:56 Comment #15
Hmm, you don't seem to have a domain named "planetrealty.com".
But, we can make it "FOO.planetgrouprealty.com" if you want.
The name "FOO" can be anything -- something use "web1" if they can't think of a better name -- but it's just a name for your server.
Whatever name it is you want to go with -- you'd need to go into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client, and set your hostname in there.
Once you do that, you can then go back into Virtualmin, select planetgrouprealty.com, and then go into Server Configuration -> DNS Records, and add a DNS 'A' record for "FOO.planetgrouprealty.com" (using whatever name you choose in place of the word "FOO").
Submitted by paulfromsurrey on Mon, 02/06/2012 - 13:18 Pro Licensee Comment #16
Can you plz set up this for me as I just do not wanna make a mistake our. Office no is getting email let's setup. Ns1.planetgrouprealty.com
Submitted by andreychek on Mon, 02/06/2012 - 13:26 Comment #17
It looks like you already have the DNS for "ns1.planetgrouprealty.com" setup. That's good! So the only step then is to change your hostname to that.
While we don't mind logging into your server to assist with problems, we'd prefer to teach you how to make changes such as this, rather than doing it ourselves :-)
We'll verify it after you perform the changes.
To change your server's hostname, all you have to do is go into Webmin -> Networking -> Network Configuration -> Hostname and DNS Client, and where it says "Hostname" at the top of that screen, change your hostname to be "ns1.planetgrouprealty.com", and then click "Save".
Once you do that, let us know and we'll verify your hostname and email settings.
Submitted by paulfromsurrey on Mon, 02/06/2012 - 13:57 Pro Licensee Comment #18
We can not send or receive email
Plz help me to fix the issue
Submitted by andreychek on Mon, 02/06/2012 - 14:02 Comment #19
We're happy to help!
In comment #17 above, we said the following:
change your hostname to be "ns1.planetgrouprealty.com", and then click "Save".However, as I look at your server's hostname now, it's set to this:
ns1.planetgrouprealty.com.tldYou want to use a name that exists, and a name that will resolve. The name you actually want to use is the one we mentioned above:
ns1.planetgrouprealty.comTry changing it to that (without the .tld at the end), save that, and then after that, try sending your email again.
If it doesn't work -- what error are you getting when trying to send or receive an email?
Submitted by paulfromsurrey on Mon, 02/06/2012 - 14:37 Pro Licensee Comment #20
so far still have email issue
when i try to create new user to test the email i am getting error
Failed to save mailbox
: Failed to write to /home/planetgrouprealty/etc/dav.digest.passwd : Disk quota exceeded
Submitted by andreychek on Mon, 02/06/2012 - 14:49 Comment #21
That "Disk quota exceeded" error is the key there -- it means that account is out of disk space.
You would need to add additional disk space to that Virtual Server before you would be able to send and receive email, or add new accounts.
Submitted by paulfromsurrey on Mon, 02/06/2012 - 14:59 Pro Licensee Comment #22
ok seems like emails are now working
thanks