I recently created a new MailInABox server on Digital Ocean.
I immediately got badly rated by CSI (Cloudmark). I contacted them and they said the following:
Please contact your hosting provider, there are recent reports of spam passing through this server. Let us know when the source of this spam has been stopped and we can consider remediation. Below is a sample header that you can forward:
Received: from dtysd5k60b.emoong.live ([188.8.131.52]) From: =?utf-8?q?=53=6d=c3=a4=72=74=61=20=6b=6c=61=67=6f=6d=c3=a5=6c?= 7Z0IX988@dtysd5k60b.emoong.live.728.732 Subject: Ta bort dina ledproblemen inom 7 dagar!
I don’t understand how I can block that.
What I did is use the firewall to block more and not allow port 25 SMTP at all and only allowed some of my server to send email through 587 (SMTP submission) through my new email server.
But blocking 25 seems to also block any incoming email to my MailInABox. This would be blocking the above “emoong.live” from using my server to send emails, but it also blocks everything else…
CSI said I should contact my Host to report abuse, which I did but there must be a way to block this within my MailInABox?
Respond to Cloudmark and tell them that you are the current user of the IP address since x day and were not responsible for behaviour before you were assigned that IP address. It is more than likely that the spam reports were from before you were assigned the IP. Mail-in-a-Box does not do relaying so there is no way it happened since you installed MiaB unless you have modified it, or used very weak passwords that were compromised.
Or change your IP by making a snapshot of your server and restoring it to a new VPS (thus receiving a new IP) and destroying the original.
This is exactly what I said to them.
This IP address is new to me since July 21, 2020, so they reset my rating.
Then 3-4 days later my rating went bad again, so I requested again what was going on.
They said we keep seeing those this is the message:
This is from 7/22 and we are still receiving dozens of reports a day. -------------------------- Received: from dtysd5k60b.emoong.live ([184.108.40.206]) From: =?utf-8?q?=53=6d=c3=a4=72=74=61=20=6b=6c=61=67=6f=6d=c3=a5=6c?= 67M73P6N@dtysd5k60b.emoong.live.453.601 Subject: Ta bort dina ledproblemen inom 7 dagar! --------------------------
I have reset the reputation of your IP, but with this many reports flowing in, they may exceed all our thresholds and make your IP address spammy again.
The MailInABox config is default I didn’t change anything.
One thing that I noticed running that tool on your current IP is that one of the blacklists that your IP is a block against DO’s entire AS range - meaning against ALL DO IP’s. Perhaps it would be a good idea to use a better provider?
I did a few trial of IP address and each time a re span a new droplet, and check if the IP is blocked they are actually more blocked then the one I already have.
So I will keep my current ip.
Something I don’t quite understand is why when I block the port 25, the incoming email are also blocked?
If I try to email from gmail to my box email they cannot be reached, if I unblock the port 25 then they start coming in again.
When trying to delist request with https://spfbl.net/en/delist while my port 25 is blocked I get this error message: The delist key can not be sent because the destination MX is unreachable.
Turns out that they now confirmed that the traffic was BEFORE 2020-07-22, this is the day we obtained the IP.
Now they said they are getting reports on Hold emails that were sent before that date and for that reason they are making our IP as spammy.
But at least once reported they clean the status pretty often which should clean that IP reputation.
I’m still confused what that port 25, it’s outgoing why does MX record resolve on that??