Secure mail server

Hi,

I thought my mail server is working fine, in https://www.mail-tester.com I have a 10/10 score so I user SPF and DKIM and DMARC.
However, I received a message from gmail that an e-mail could not be delivered.
When I check MX toolbox I get:

blacklist fallback.axc.eu Blacklisted by UCEPROTECTL3
blacklist mail.XXXXXX.be Blacklisted by UCEPROTECTL3
smtp fallback.axc.eu Failed To Connect
smtp mail.XXXXXX.be May be an open relay.
dns XXXXXX.be SOA Expire Value out of recommended range

Is there a way or manual about how to secure it? Someone can help me on my way to fix this?

I am also using wordpress.
Thnx.

Hello @verus,

First check whether you are an open relay:

You could check the exim stats to see if you see something strange:

eximstats /var/log/exim4/mainlog*

or to view more sources/destinations:

eximstats -t200 /var/log/exim4/mainlog*

Maybe your wordpress has been hacked and used to send spam from your server or someone has discovered the password of one of your email users and is doing bad things.

As I said, check whether you are an open relay, and then whether you can see an unusual use of your mail server checking exim logs.

Good luck,
sahsanu

I forgot to say that you are listed in UCEPROTECT Level 3 and that blacklist contains all IPs assigned to an AS number so it is possible that your server is working pretty fine but your isp neighbours are not and you are a collateral damage :frowning:

thnx for the feedback.
I upgraded everything, restarted, checked things and mx toolbox is not mentioning anymore that it is an “open relay”.
However, I didn’t change anything in the configuration.

When I apply your commands, I don’t see anything “special”. Everything looks normal.
Don’t know why the “open relay” message was there.

About the UCEPROTECT, can it help when I contact my provider?

About wordpress, I don’t think I am hacked. I use another admin url (hiddel), BBQ plugin and wordfence.
However, you don’t always know it immediately.
Verus.

1 Like

Keep in mind that it was not “Your server is an open relay”, it was “Your server may be an open relay

Use the link I post above to check whether you are an open relay, they do a few different tests.

Let me quote this info from UCEPROTECT site:

If you never sent spam, never maintained an open proxy or open relay, but the provider hosting your email server is listed as LEVEL 3, we suggest you send a strong compliant about it to your service provider, and request them to get active against abusers before listings are escalated to Level 3.
(Think about it: You pay for access / use to the Internet without problems!)

Removal requests from end customers at LEVEL 3 are futile.

Only your service provider can change your situation.

I had a server that was black listed by uceprotect, nothing to do with our specific server. Our provider did their best to appeal UCE but to no avail. I ended up just switching providers