Keeping Your Server Off Black Lists

From Computer Tyme Support Wiki

Revision as of 17:37, 28 August 2009 by Marc (Talk | contribs)
Jump to: navigation, search

Contents

Preventing your email server from being blacklisted

Most spam filtering companies do the best they can to pass good email. Often there are problems where good email gets blocked. One of the factors that contributes to good email getting blocked are email servers that aren't properly configured. Doing it right makes a big difference and many easy steps can keep you from getting blacklisted. And it makes your server a candidate for white listing which will get you through some spam filters faster. We at Junk Email Filter encourage you to follow these guidelines to help us and our competitors deliver your good email.

Getting your Reverse DNS correct

One of the biggest things you can do is you get your reverse DNS correct. And to really do it right you need to have Forward Confirmed Reverse DNS set correctly. This is a very big step towards getting your email delivered correctly so it's worth putting out the effort to get it right.

Reverse DNS (RDNS) is a host name that is returned when looking up an IP address. For example, lets say that your domain is called mydomain.com and your IP address is 1.2.3.4. The first step is to set a PTR record for 1.2.3.4 that returns mail.mydomain.com. Often you won't have control over this directly but your hosting provider does. Ask them to set your RDNS for your IP address.

But setting the RNDS for your IP is just half of the job. The RDNS returns a host name for your IP address. But to do it right that host name that is returned has to point back to the original IP. This is what is called Forward Confirmed RDNS or FcRDNS. The host name is an A record and more likely under your control.

1.2.3.4 -> mail.mydomain.com - PTR Record
mail.mydomain.com -> 1.2.3.4 - A record

Once your FcRDNS is correct then you can be white listed by host name in addition to by IP address. So spam filters block IPs with no RDNS and some even block you if FcRNDS isn't correct. But even if you aren't blocked then bad or missing RDNS counts against you and makes it more likely that your email will me mistakenly listed as spam.

Setting up your office email server

One problem that gets servers black listed is that small offices use the same IP address for their email server and the web traffic for the office computers. Small businesses often use a DSL service and just has one IP address and uses a small router to share that IP for several office computers.

The problem occurs when someone gets a virus that starts sending spam. The virus spam comes from the same external IP as your email server and your whole office is black listed. And it takes a lot of effort to clean yourself off everyone's black list even after you get rid of the virus. In fact - if this should happen to you it might be easier to ask your provider for a new IP rather than to try to get delisted from all the lists.

But - if you can avoid being listed in the first place that's even better. And setting up a firewall correctly can prevent you from being black listed even if someone gets a virus. Here's some tips to do that.

First - if you have more than one IP address make sure the email server has a different IP than the office IP. That way the polluted IP will be different than your email server.

If you are considering buying a DSL router or wireless router you might want to buy something a little more expensive than the cheapest thing out there. However a lot of inexpensive routers have powerful features so what's important is the features. What you need is the ability to set what ports are allowed to access what computers. The important port that email is sent on is port 25. That's the one to pay attention to.

Blocking outgoing traffic on port 25

The main trick is to block outgoing port 25 traffic on all computers except for your email server. That way a virus infected computer can't send email from your IP because it is blocked. Your users will be able to talk to your email server and it will send the email for them. I recommend using port 587 (submission) for this rather than port 25. 587 is a standard port for sending email from users to servers and is less likely to be blocked by the firewalls of others in case your staff is traveling and needs to connect to your email server for outgoing email. Generally port 587 email requires authentication (a password) and a virus wouldn't know the password to send email.

On the incoming side, if you are running a Windows based email server in particular you want to block all ports except for the ports that the email server needs to work. That will protect your email server from other port attacks should your server be vulnerable. Generally ports 25, 110, 143, 587, 993, and 995 should cover everything.

These setting will allow you to surf the web without the web surfing you. The important point here is that if your firewall is set up correctly it can block the email from virus infected computers. It creates a layer so that even if you have virus problems it still won't get you black listed.

Keep computers updated

Often vulnerabilities are found and fixed and if you download and install these updates you will be reasonably protected. However if you don't do the updates then the bad guys will find you and you'll get hit. So do the updates and hope for the best.

Server configuration Settings and Practices

Setting up your server can be done in a variety of ways. many of these ways don't follows the SMTP rules. Some do follow the rules but are not the best way to do things so that your server doesn't look like a spam source.

Setting your HELO string correctly

If you have a HELO setting set the helo name to some legitimate host name that actually exists. If your HELO is "sparky" you're likely to be rejected as spam. But if your HELO string is "mail.mydomain.com" then that would be a good HELO string. The best practice is for the HELO to match the RDNS of the sending IP. The HELO should never be anything that ends in .local because those are local IP addresses.

Personal tools