ychaouche
Valued Member
Dear EQ,
I am running an e-mail server for a specific domain and one of our mailboxes got probably hacked. The mailbox was used to send 7000+ e-mails in bulk, resulting in what seems to be a ban from major email service providers like yahoo, live, gmail, outlook etc.
The IP address of my e-mail server isn't listed on spamhaus nor in any mxtoolbox blacklists, I think I am blacklisted locally by each email service provider.
The password for the mailbox that was sending spam was changed and now no spam is being sent, the breach has been fixed, but my poor users can't send mail to yahoo and gmail accounts. The URL given in the SMTP error message don't give any url to unlist my IP (as for spamhaus for example). What can I do ?
Here are a couple SMTP logged messages for three major email service providers :
1. Yahoo!
May 16 17:38:04 messagerie-prep postfix/error[12137]: 54B5B64010C: to=<imghour@yahoo.fr>, relay=none, delay=17397, delays=17397/0.02/0/0.03, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25: Connection timed out)
May 16 17:43:09 messagerie-prep postfix/smtp[12502]: BFC8564010F: to=<yacinechaouche@yahoo.com>, relay=mta6.am0.yahoodns.net[98.136.101.117]:25, delay=1128, delays=1123/0.08/4.5/0.23, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.136.101.117] said: 421 4.7.0 [TSS04] Messages from 197.201.1.54 temporarily deferred due to user complaints - 4.16.55.1; see Error: "421 4.7.0 [XXX] Messages from x.x.x.x temporarily deferred due to user complaints - 4.16.55.1" when sending email to Yahoo | Postmaster Help - SLN3434 (in reply to MAIL FROM command))
2. Gmail
May 13 11:07:09 messagerie-prep postfix/smtp[11924]: 4E415641FD5: to=<dcrr.daf@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.76.27]:25, delay=4.7, delays=0.06/0/0.41/4.3, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.27] said: 550-5.7.1 [197.201.1.54 19] Our system has detected that this message is 550-5.7.1 likely suspicious due to the very low reputation of the sending 550-5.7.1 domain. To best protect our users from spam, the message has been 550-5.7.1 blocked. Please visit 550 5.7.1 Why has Gmail blocked my messages? - Gmail Help for more information. 91-v6si6257010wrg.38 - gsmtp (in reply to end of DATA command))
3. Outlook
May 16 16:39:06 messagerie-prep postfix/smtp[8006]: 346B56400E6: to=<riad_fm@live.fr>, relay=none, delay=260903, delays=260840/0.01/63/0, dsn=4.4.1, status=deferred (connect to eur.olc.protection.outlook.com[104.47.6.33]:25: Connection timed out)
May 16 16:48:33 messagerie-prep postfix/smtp[8708]: connect to eur.olc.protection.outlook.com[104.47.14.33]:25: Connection timed out
May 16 16:48:33 messagerie-prep postfix/smtp[8705]: connect to eur.olc.protection.outlook.com[104.47.14.33]:25: Connection timed out
May 16 16:48:33 messagerie-prep postfix/smtp[8713]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
May 16 16:49:03 messagerie-prep postfix/smtp[8708]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
May 16 16:49:03 messagerie-prep postfix/smtp[8705]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
Thanks for any help !
I am running an e-mail server for a specific domain and one of our mailboxes got probably hacked. The mailbox was used to send 7000+ e-mails in bulk, resulting in what seems to be a ban from major email service providers like yahoo, live, gmail, outlook etc.
The IP address of my e-mail server isn't listed on spamhaus nor in any mxtoolbox blacklists, I think I am blacklisted locally by each email service provider.
The password for the mailbox that was sending spam was changed and now no spam is being sent, the breach has been fixed, but my poor users can't send mail to yahoo and gmail accounts. The URL given in the SMTP error message don't give any url to unlist my IP (as for spamhaus for example). What can I do ?
Here are a couple SMTP logged messages for three major email service providers :
1. Yahoo!
May 16 17:38:04 messagerie-prep postfix/error[12137]: 54B5B64010C: to=<imghour@yahoo.fr>, relay=none, delay=17397, delays=17397/0.02/0/0.03, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25: Connection timed out)
May 16 17:43:09 messagerie-prep postfix/smtp[12502]: BFC8564010F: to=<yacinechaouche@yahoo.com>, relay=mta6.am0.yahoodns.net[98.136.101.117]:25, delay=1128, delays=1123/0.08/4.5/0.23, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.136.101.117] said: 421 4.7.0 [TSS04] Messages from 197.201.1.54 temporarily deferred due to user complaints - 4.16.55.1; see Error: "421 4.7.0 [XXX] Messages from x.x.x.x temporarily deferred due to user complaints - 4.16.55.1" when sending email to Yahoo | Postmaster Help - SLN3434 (in reply to MAIL FROM command))
2. Gmail
May 13 11:07:09 messagerie-prep postfix/smtp[11924]: 4E415641FD5: to=<dcrr.daf@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.76.27]:25, delay=4.7, delays=0.06/0/0.41/4.3, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.27] said: 550-5.7.1 [197.201.1.54 19] Our system has detected that this message is 550-5.7.1 likely suspicious due to the very low reputation of the sending 550-5.7.1 domain. To best protect our users from spam, the message has been 550-5.7.1 blocked. Please visit 550 5.7.1 Why has Gmail blocked my messages? - Gmail Help for more information. 91-v6si6257010wrg.38 - gsmtp (in reply to end of DATA command))
3. Outlook
May 16 16:39:06 messagerie-prep postfix/smtp[8006]: 346B56400E6: to=<riad_fm@live.fr>, relay=none, delay=260903, delays=260840/0.01/63/0, dsn=4.4.1, status=deferred (connect to eur.olc.protection.outlook.com[104.47.6.33]:25: Connection timed out)
May 16 16:48:33 messagerie-prep postfix/smtp[8708]: connect to eur.olc.protection.outlook.com[104.47.14.33]:25: Connection timed out
May 16 16:48:33 messagerie-prep postfix/smtp[8705]: connect to eur.olc.protection.outlook.com[104.47.14.33]:25: Connection timed out
May 16 16:48:33 messagerie-prep postfix/smtp[8713]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
May 16 16:49:03 messagerie-prep postfix/smtp[8708]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
May 16 16:49:03 messagerie-prep postfix/smtp[8705]: connect to eur.olc.protection.outlook.com[104.47.12.33]:25: Connection timed out
Thanks for any help !