Steve Buehler wrote:
I had to resend this because the list software didn't like the
Subject. Anyway, here is the email.
We are running multiple RedHat boxes. Anywhere from 7.3 to RHEL ES 4.
Each server has between 1 and 300 sites on them. I am trying to find
out a solution to a problem that we are having with AOL and RBL's. We
have come to the conclusion that we will need another server just for
email. That defeats the purpose of our Ensim Control panel that we use
since it isn't set up to allow for multiple servers to separate out
the email.
To get blocked, all it seems to take is one client that has a virus on
his computer sending out through his email account and our whole
server gets blocked because all sites email always goes out from the
main servers IP address, not the IP address of there domain/account.
It would be nice if email would appear to come from the IP of the
domain and not the IP of the server itself. That way we could at least
narrow down which domain is causing the problems.
All of our servers that we have are dual processor XEON's with 2 gig
of memory and SATA or SCSI drives, usually in RAID configurations. If
we try running SpamAssassin and a Virus Scanner on the servers for the
email, it slows the servers down to a crawl at times. I know there are
providers that aren't having this kind of problems. We would like to
have ONE control panel where the customer can administer there sites
including email. That will mean that we will have to get rid of the
Ensim Control panel because it will not allow for administering sites
and email if the they are on different servers. Only two of our
servers uses the Ensim Control panel for clients. The other servers
don't have control panels but we still can't run SpamAssassin and/or a
Virus Scanner on them for the email because it just slows the he** out
of them.
We don't allow spammers on our systems and greatly hinder the ability
to have mailing lists. We allow them, but we check out to make sure
they are double opt in and we know most of our clients personally. The
latest block from AOL is from a server that doesn't even send out
email because the program for the store that is on there is not
completely written yet and the email part is not even started yet.
Apparently from what we can gather is that a spammer is using the ONLY
domain name that is on it as a return address. I have even shut off
email programs on it completely just to make sure. It has not been
hacked that we can see and all of our servers can only be SSH'd into
from 2 IP addresses. Telnet is turned off. I don't allow any client to
ever SSH into their accounts. I won't even give the bosses and owners
the root password or access to them for SSH. All IP's but 2 are
blocked at the main firewall and the firewall that is on each system.
It is not impossible that one of our servers where hacked, but it is
very very unlikely especially for the one that has the incomplete
store software on it and no other sites. I do realize that being
blocked because of a spammer that is using one of our domains for a
return address is something that we can't do anything about.
Any help and suggestions would be greatly appreciated.
Thank You and Vote for the Death Penalty at your next election for
anyone who is caught Spamming.
Steve
It sounds like most of your problems with AOL blocking you because of
spammers or viruses could be stopped by setting up a spf (TXT) dns
record for your domain or the domains that you are in charge of. AOL
pays attention to these and will drop any mail that comes from an IP
that you do not put in the record.
--
Jason Huddleston, RHCE, CCSA
Assistant Coordinator Internet Services and Security
Ozarks Technical Community College
huddlesj@xxxxxxx
417-447-7532
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
