I own a small business with two servers for webhosting. When setting up the primary (CentOS 5.5 + WHM, secondary is WHM DNS Only) server I kinda messed up the firewall, so the hackers could send stuff from my server. My primary IP is x.y.29.218.
Anyway – I got blacklisted in several places, but now those blacklistings are gone. For a week or so, but Google still has my IP blacklisted.
I handling serious damages because of that. Many clients want to switch from my hosting, etc.
I've fixed the hole with CSF firewall SMTP_BLOCK option and enabled also the WHM SMTP TEAK
Currently all I see from the Main >> Email >> View Mail Statistics (Errors section) in WHM is rows and rows of the following message
removed-the-email-address-for-security R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host aspmx.l.google.com [a.b.39.27]: 550-5.7.1 [x.y.29.218 1] Our system has detected an unusual rate of\n550-5.7.1 unsolicited mail originating from your IP address. To protect our\n550-5.7.1 users from spam, mail sent from your IP address has been blocked.\n550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review\n550 5.7.1 our Bulk Email Senders Guidelines. h24si3868764fas.171
What are my options?
I have one IP free. How can I configure Exim to send mail from that IP?
My brain is like constantly blowing up because of this problem.
Please someone, who has any knowledge how to deal with the current situation, please give me some kind of help – any help, suggestions, etc.
I've tried everything I know, and I still don't know much, because this is the first time (I just started to webhost, etc) I deal with real physical servers not some kind of pre-setup VPS solution.
Many – many thanks, whoever has time to offer some help.
Best Answer
Fix your mailserver, ensure you don't make faulty setup again that will allow relaying. I advise you to check own mails for spam too to ensure some of your own users don't spam either deliberately or if their mail account gets stolen and thief uses it to legitimately tries to spam from your server.
When that is done, change the ip of your mailserver to other IP available, adjust DNS records, to reflect the IP change.
You can force that mails are sent from other IP with SNAT rule in iptables
iptables -t nat -D POSTROUTING -j SNAT -p tcp --dport 25 --to ot.her.ip.addressextra: add SPF field in zone that will confirm new IP is legit source to send mails for domain(s) Add DKIM filter to sign mails.
oh, and If I may suggest to try replacing exim with postfix