MailSite Knowledge Base

• MailSite 7.x, 8.x

Hijacked Email Accounts

Hijacked accounts within MailSite is the number one reported reason as to why a mailserver ends up on a blacklist. Often accounts such as 'test', 'root', 'abuse' and 'sales' will have simple, or in the worst case no passwords set. There are many spam bots on the Internet that actively probe mailservers in an attempt to authenticate by trying to guess the username and password of an account. Once an account is identified, the spammer will spam at will potentailly sending millions of spam messages from your server.

You should ensure that ALL your accounts have passwords assigned, and that the passwords are as complicated as possible.

If you believe you have hijacked accounts on your server, you can examine your log files and spool folders to verify. Customers with valid support contracts can contact MailSite Support for assistance in tracking down these accounts.

Hijacked Client Machines

Another common situation where a server can be blacklisted is if client machines on your network NAT to the same IP as the MailServer. Often it is not the MailServer that gets compromised but rather client machines on the network. The machines become infected with virus/bots that begin to send out email directly to the Internet. Because the client machines NAT to the same IP as the MailSite server, that IP becomes blacklisted and so genuine email sent from MailSite is rejected by remote servers.

You should ensure all network machines are adequately protected against virus/spyware. You should also consider locking down your network to prevent client machines from making connections on port 25 to the Internet. They should only be permitted to connect to your MailServer on port 25.

AutoReplies

Many Blacklist servers often complain about Auto Reply enabled email accounts. These blacklist servers send out probing messages searching for accounts with auto-reply enabled. When the blacklist server receives multiple auto-replies, it will then blacklist the IP of the mailserver hosting the account.

Within MailSite Console you can set AutoReply to ‘reply just once’. You can set this on the MailBoxTemplate account so that this will be reflected on all other accounts within MailSite which haven’t already explicitly set this property.

In any situation where you are blacklisted, you should contact the blacklist server and request a copy of the message headers that caused you to be blacklisted. You can then trace these back to your logs and pinpoint what IP or account is involved and resolve the problem.

• 10470:Setting Reply Just Once for Auto Reply on All Accounts