Quick tip, don’t run a public facing SMTP server if you can help it

In between the Gingerbread engineering and Lego building and as part of my usual round of Christmas time IT support I ran into a new issue for me.

Towards the end of last year my dad acquired a small engineering business, as usual I got roped in to help sort out the IT side of things. I had a quick look round at what they had already over a weekend and worked out how to set up a quick off site backup system similar to the one I’ve mentioned before. The system was all Windows based so I stuck a Raspberry Pi in the wiring cupboard to give a remote access jumping off point to be able to poke at things from a far and to host a OpenVPN server to allow proper remote access.

The previous owners had set up a email system using a Windows based SMTP/POP/IMAP server app called MDaemon. It all seamed to work and I didn’t have time to swap it out for something I’m familiar with (Postfix/Dovecot on Linux) so I left it alone when I had my first look round. It turns out that the server was setup to not only accept incoming email on it’s internet facing side of things but also forward mail for signed in users. Normally I would set a mail server to only forward from users on the private internal LAN side of things, but if properly secured this arrangement should be OK. In this case things were not properly secured, lets just say that some people will be getting into the office in the new year to polite notes about selecting secure password and probably a link to this.

So one of the account had their password compromised and the server was used to send a bunch of SPAM. Once this was spotted the offending account was removed and the sever config tweaked to be a bit more sensible. This stopped the flow of SPAM and things seamed to be OK for a while until a couple of people that the business interacts with started to mention that they had not been receiving some of the email that had been sent. It turns out the IP address for the mail server had been added to a number of blacklists.

There is a site called mxtoolbox which hosts a tool for checking IP addresses against a number of the more popular blacklists. In our case we had ended up on 3 of them. The tool provides links to the sites which manage the lists and have forms to submit requests to be removed from the list once what ever has been sending the SPAM has been fixed. I have managed to successfully submit removal requests to 2 out of the 3 lists, but the Barracuda form is currently terminating the connection when ever I submit the form. As it’s the holiday period it looks like I’m going to wait until these guys are back in the office to get this fixed and hopefully get everybody accepting email.

I also found a very well hidden link to a form to get Google gmail to accept mail from us again as well, the pretty much say they you will never hear anything back from them and it could take weeks to get actioned or not…. I’ve sent this off but I’m hoping getting cleared from the other lists will help with this as well.

The other option I considered was to see if I could get the static IP assigned to the ASDL changed, but the ISP didn’t really want to entertain that so it looks like we’ll be changing ISP if I can’t get that list fixed.

So the moral of this story is find somebody to host your email for you.