Lunarpages Web Hosting Forum

Author Topic: Mercury Listed on Spamhaus CBL  (Read 3513 times)

Offline rclarke

  • Intergalactic Cowboy
  • *****
  • Posts: 54
Mercury Listed on Spamhaus CBL
« on: August 07, 2015, 09:14:44 AM »
Mercury is currently listed on the Spamhaus Composite Blocking List (http://cbl.abuseat.org/lookup.cgi?ip=64.50.185.12) meaning that all those hosted on Mercury will have a significant amount of their email rejected by remote mail servers due to no fault of their own. It appears that Mercury has been listed on the CBL for some time, but was relisted a couple of days ago after someone delisted without actually resolving the issue. I raised a ticket with support over 36 hours ago and got a response nearly 24 hours later stating "I have forwarded this ticket to our Spam Abuse department for review. Please note that our technical staff queue has a slightly longer turn around time for responses, as the tickets tend to require more in depth evaluation. You will be notified when more information is available." ... in other words, we will get round to it when we get round to it. In the meantime I am having to phone people because I can't email them. When will this be resolved? Why isn't there a pro-active review of all LunarPages IP addresses against the Spamhaus lists? Why aren't all servers monitored for suspiciously high levels of sendmail activity and why aren't outdated compromised installations of CMS applications (the likely source of this mess) shut down?

Rod.

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6429
Re: Mercury Listed on Spamhaus CBL
« Reply #1 on: August 07, 2015, 11:40:29 AM »
I can't answer for support's speed in working on this, but I can say that it's very difficult for a host to completely clear out spammers. It can be as simple as someone forwarding incoming mail (to an LP account) over to gmail, Yahoo, etc. The incoming spam goes along for a ride, and gets the LP server blacklisted as the source. As you note, a compromised site (often running a CMS) can pump out spam, and it doesn't take much to get blacklisted, so the owner may not even notice a slight increase in email levels (so long as they stay below 300-400 per hour). Finally, accounts for the purpose of out-and-out spamming can happen, but LP can notice those fairly easily.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline rclarke

  • Intergalactic Cowboy
  • *****
  • Posts: 54
Re: Mercury Listed on Spamhaus CBL
« Reply #2 on: August 21, 2015, 09:46:32 AM »
For all those customers hosted on Mercury wondering why their email is being bounced back, it is because the server is once again listed on the Spamhaus Composite Blocking List (http://cbl.abuseat.org/lookup.cgi?ip=64.50.185.12). Will LunarPages ever implement procedures to protect loyal customers who are having their livelihoods disrupted by the dubious practices of others? The lack of urgency by LunarPages in resolving these issues when they occur is astonishing, and not in a good way!

Rod.

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6429
Re: Mercury Listed on Spamhaus CBL
« Reply #3 on: August 21, 2015, 11:54:24 AM »
I think it would be a great improvement if LP configured its mail system so that forwarded emails first have to go through the normal spam-block process (including SpamAssassin), rather than simply being blindly forwarded, which I understand is the current process. That should cut down on spam emails being forwarded to other mail servers, resulting in blacklisting of an LP server. Of course, LP also needs to do something about monitoring SA and making sure it stays up automatically, rather than waiting for customers to complain that SA is down!
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline rclarke

  • Intergalactic Cowboy
  • *****
  • Posts: 54
Re: Mercury Listed on Spamhaus CBL
« Reply #4 on: September 05, 2015, 06:53:12 AM »
Guess what, Mercury is back on the Spamhaus CBL again! This is the third time in 4 weeks ... and guess what ... it happens every other Friday, regular as clockwork. So once again I will raise a ticket, which will probably be answered with some cut and paste response in about 48 hours from now. Meanwhile dozens, maybe even hundreds of real customers are having their email rejected because Lunarpages support can't be bothered to find the root cause of this issue and shut it down permanently :-/

Rod.

Offline rclarke

  • Intergalactic Cowboy
  • *****
  • Posts: 54
Re: Mercury Listed on Spamhaus CBL
« Reply #5 on: September 13, 2015, 06:35:20 AM »
Mercury is back on the CBL again. I wonder how many times I can post these kind of updates before LunarPages support actually do something about the problem rather than just delist the server without tackling root cause. I am sure that threads like this one will really sell well with potential new customers!

Rod.

Offline rclarke

  • Intergalactic Cowboy
  • *****
  • Posts: 54
Re: Mercury Listed on Spamhaus CBL
« Reply #6 on: September 17, 2015, 06:33:44 AM »
3 days in the clear, but now back on the CBL yet again.

Rod.

Offline km99

  • Pong! (the videogame) Master
  • *****
  • Posts: 21
Re: Mercury Listed on Spamhaus CBL
« Reply #7 on: September 17, 2015, 06:45:30 PM »
Hi Rod,

If you're having this much trouble with Mercury, my advice would be to ask to be moved to a different server.

Looking at the Spamhaus page for Mercury, I see this:


Quote
IP Address 64.50.185.12 is not listed in the CBL.

It was previously listed, but was removed at 2015-09-17 18:26 GMT (8 hours, 1 minutes ago)

At the time of removal, this was the explanation for this listing:

IMPORTANT

We have detected that this IP is NATting for, or is infected itself, with a Trojan spam mailer script. The infected machine is almost certainly a web server.

This is no joke. This infection is extremely dangerous for it can download anything it wishes, and needs to be removed ASAP - the contents of the entire web server are at risk.

We do not know how the malware got installed onto the machine, but we know a lot of what it does. The main thing we've seen it doing is sending staggering large volumes of email spam. But it can do a lot more than that, and that is the real danger.

I would be more worried about sharing a compromised machine than just not being able to send email.

All the best.