Stopping Bots From Blacklisting Your Mail Server

Most Internet facing mail servers will consult a blacklist for all incoming email, comparing the identity of the sending server to known spam sources. When you are a business you absolutely do not want to have your mail server blacklisted as your customers mail servers will simply refuse to receive email from your company.

Some of my clients run a mail server on their local network enabling them to have full control over their email system. Most Internet facing mail servers will consult a blacklist for all incoming email, comparing the identity of the sending server to known spam sources. When you are a business you absolutely do not want to have your mail server blacklisted as your customers mail servers will simply refuse to receive email from your company.

Anger Bot!
Photo From StickBus

A common cause of blacklisting, in my experience, is when client PCs are infected by malware and become part of a botnet. The owners of the botnet then use the infected machines to send out thousands of spam emails and its not long before this is noted and your connection appears on a blacklist, effectively preventing your legitimate email from getting to recipients.

To prevent blacklisting I adopt these best practices:

  1. Allow the local mail server to send email and block all other outgoing connections on port 25 at the firewall
  2. Configure the mail server to only accept connections from authenticated mail clients.

Now only legitimate users that are logged in to the mail server can send mail, any attempt by an infected machine to contact an external mail server to send email is blocked at the firewall. If PCs then become infected, the firewall logs will alert you to the outgoing connection attempts on port 25 and the infection can be dealt with.

Questioning WordPress Security – Roundup

Weaknesses in WordPress security were blamed for a rash of attacks on websites, but it turned out that problems with shared hosting setups were the problem.

Back in April news broke of a number of WordPress powered sites being compromised and redirecting visitors to malicious sites. At that time the problem seemed to be limited to Network Solutions shared hosting customers but more recently similar exploits have been encountered by GoDaddy customers. At this point it seems that not only WordPress but other PHP based software, such as ZenCart and Joomla, and static HTML websites have also been compromised.

Imprisonment
Photo From Dazzie D

I’ve been keeping an eye on this story and when I saw that the ExplictWeb Podcast were interviewing WordPress contributing developer Andrew Nacin I asked, via twitter, if they could get his comments on the issue. Sadly there was not enough time to get his response on the show, but he kindly replied to my question on his blog.

Andrew points out that Network Solutions have already owned up to the fact that it was their fault and nothing to do with WordPress, citing the problem was due to a ‘complex combination of factors‘. In a later post they explain more fully what the attackers did and I hope we also see the results of security analysts working on the problem as to what mis-configurations or weaknesses were exploited.

For those who run websites, it might be time to think about the quality of your hosting. Shared hosting solutions are cheap but it is hard to balance low-cost with security and performance.