Time Nick Message 12:03 arcanine does any one know of a good place to start when your email server has been blacklisted and accused of sending out spam? 12:06 prologic contact the maintainers of the backlists 12:06 prologic and explain the situation nicely 12:07 prologic and request the IP / IP-Range to be removed 12:07 prologic Then fix your system(s) (well beforehand :P) 12:09 pdurbin arcanine: yeah, as prologic indicated, make sure you're innocent first :) 12:10 arcanine well I've already submitted the IP address for removal and now the server is back in the list, so it seems like they're detecting something the problem is I don't even know where to begin looking to ensure the server isn't inject or being spammy 12:10 arcanine their language was "It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet." 12:11 arcanine the server is an ubuntu box running a couple of websites 12:14 arcanine hmm I'll try contacting them to see if they can be more specific 12:14 prologic run a spam test suite against your server 12:14 prologic there are many such tools online 12:14 prologic that's the first thing to do 12:15 prologic in general; don't allow inbound SMTP access 12:15 prologic except for local delivery to *known* mailboxes 12:15 prologic Ubuntu you say? 12:16 prologic Is it running postfix, exim or similar? 12:16 prologic it's highly likely it's an open relay (common mistake) 12:16 prologic or (unlikely) you *could* have been r00ted 12:16 prologic and you do indeed have some macilcious software on the box sending outbound mail 12:17 prologic any open unsecured accounts on the server you aware of? :) 12:17 prologic or suspecious of 12:23 hydrajump arcanine: http://www.dnsstuff.com/ has some good tools you can use. You can register for a free 30 day trial 12:24 mhayden happy monday, folks 12:27 arcanine erm I'll try and check prologic 12:28 arcanine hm /etc/passwd doesn't seem to have anything super unusual in it though I'm not really sure what I'm looking for, tbh I don't know what we use for outbound emails on this machine I'll try and figure it out 12:28 prologic happy to (for a fee?) login to your box and do some investigative work? :P 12:31 arcanine looks like postfix, that's ok, the boss is out at the moment we do have a friend who's a linux guy but I don't like to keep bothering him 12:31 arcanine thank you for the offer though 12:39 prologic well I can take a quick looksie if you like 12:40 prologic but yeah do a spam test against it 12:40 prologic http://mxtoolbox.com/diagnostic.aspx 13:16 hydrajump mhayden: happy monday to you too :P 13:16 hydrajump mhayden: why would one want to do this "current status: 13:16 hydrajump # rm /dev/urandom; dd if=/dev/zero of=/dev/urandom bs=1M count=1 13:17 mhayden WAT 13:17 hydrajump I assume it has something to do with security? 13:17 hydrajump mhayden: https://twitter.com/whitequark/status/621486489902403584 13:17 mhayden sounds like they want to generate random numbers debian style :P 13:18 mhayden color me confused 13:18 mhayden if they have an FPGA supplying random numbers, it should be coming out through /dev/hwrandom 13:18 mhayden https://www.kernel.org/doc/menuconfig/drivers-char-hw_random-Kconfig.html 13:20 hydrajump so nothing to see here really 13:26 mhayden yeah, i'm confused