Wondering if any of you have experience with this.
I have two domains, wiggly.org (A) and alertferret.com (B).
A has been registered since 1994.
B was registered very recently, within 6 months.
I run email for both of these domains on the same server,
otter.wiggly.org using Exim.
I have the exact same MX and SPF records for both domains;
@ 3600 IN MX 10 mail.wiggly.org.
@ 3600 IN SPF "v=spf1 mx -all"
@ 3600 IN TXT "v=spf1 mx -all"
Sending email from domain A to gmail/hotmail appears in the main inbox.
Sending email from domain B end up in the spam folder for both.
Now, I am wondering why this would be seeing as there has been
practically no email from domain B and therefore I find it unlikely that
the domain itself has been flagged.
All I can see is that domain A is a lot older but I have only recently
added SPF and have never really had problems with my emails from domain
A being consumed by spam folders.
Checking a couple of blacklist checkers I cannot find my domain or my MX
on any of them.
Does anyone have an idea as to why domain B would be getting caught in
spam traps whilst A does not?
I have had someone suggest using mandrill or other external hosted
solution but quite frankly if the mail is being blocked because it is
being sent from domain B then that surely wouldn't give me any improvement?
Any help, ideas, thoughts or further resources would be greatly appreciated.
I have a VPS, meowc.at, which was running Ubuntu 10.04. I upgraded to
12.04, but now whenevenr I try to do anything to the filing system, it says
"Read-only file system".
However, mount seems to think it is read-write:
/dev/xvda1 on / type ext3 (rw,relatime)
proc on /proc type proc (rw,noexec,nosuid)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
as does /proc/mounts:
$ cat /proc/mounts
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,relatime,size=230128k,nr_inodes=57532,mode=755 0 0
devpts /dev/pts devpts
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,relatime,size=94732k,mode=755 0 0
/dev/disk/by-label/root / ext3
ro,relatime,errors=continue,barrier=1,data=ordered 0 0
none /sys/fs/fuse/connections fusectl rw,relatime 0 0
none /sys/kernel/debug debugfs rw,relatime 0 0
none /sys/kernel/security securityfs rw,relatime 0 0
none /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0
Does anyone have an idea what I've done wrong and how I can fix it?
Phil Hunt, <cabalamat(a)gmail.com>
As you may know, we have supported UK Direct Debit payments for
quite some time:
It works well.
At the moment it's only available to customers with a UK bank
GoCardless are trialling their SEPA Direct Debits platform at the
moment, which would allow customers in countries that use the Euro
to also use the same Direct Debit payment method.
In order to judge whether this is a priority to work on I would be
most grateful if anyone who would be interested in switching to this
payment method would:
2. Log in to it (usual BitFolk account credentials)
3. Vote it up.
http://bitfolk.com/ -- No-nonsense VPS hosting
"I'd be happy to buy all variations of sex to ensure I got what I wanted."
— Gary Coates (talking about cabling)
announce mailing list
FYI: This isn't for my Bitfolk server, but one I have hosted elsewhere.
My home server is unable to connect to my primary mail server currently:
"421 Too many concurrent SMTP connections".
This is due to spammers who are literally spamming my primary mail
server so hard I can't send mail to it (9,472 spam messages rejected by
my server so far today as at 15:10). I had similar issues towards the
end of January: http://www.solutium.net/images/jan2014_spam_rejects.png
I do have some basic rules in Exim to reject based on SMTP protocol
violations (no stats on that unfortunately), but most of my spam
rejection is based on Spamassassin processing the email. I have
increased --max-children to 10, but am still getting "prefork: server
reached --max-children setting, consider raising it" in the logs, but am
now also getting other errors, e.g.:
Feb 16 12:21:55 quartz spamd: check: exceeded time limit in Mail::SpamAssassin::Plugin::Check::_eval_tests_type11_prineg400_set3, skipping further tests
Feb 16 12:21:56 quartz spamd: rules: failed to run BAYES_99 test, skipping:
Feb 16 12:21:56 quartz spamd: rules: failed to run BAYES_99 test, skipping:
Feb 16 12:21:56 quartz spamd: (__alarm__ignore__(10480)
Feb 16 12:21:56 quartz spamd: (__alarm__ignore__(10493)
Feb 16 12:41:28 quartz spamd: Issuing rollback() due to DESTROY without explicit disconnect() of DBD::mysql::db handle sa_bayes:localhost at /usr/share/perl5/Mail/SpamAssassin/Plugin/Bayes.pm line 1516, <GEN4204> line 2.
Can any one provide some hints for IPTables rules or Exim config to rate
limit my SMTP ports without interfering too much with normal mail
operations? Alternatively, any suggestions to help Spamassassin process
On the Spamassassin side, I have shortcircuiting turned on (see below).
The server has 4GB RAM (free output below).
total used free shared buffers cached
Mem: 4127104 3537512 589592 0 161452 2253820
-/+ buffers/cache: 1122240 3004864
Swap: 3903784 143636 3760148
# Some shortcircuiting, if the plugin is enabled
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
shortcircuit USER_IN_WHITELIST on
shortcircuit USER_IN_DEF_WHITELIST on
shortcircuit USER_IN_ALL_SPAM_TO on
shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
shortcircuit USER_IN_BLACKLIST on
shortcircuit USER_IN_BLACKLIST_TO on
shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
# shortcircuit BAYES_99 spam
shortcircuit BAYES_00 ham
A fairly non-technical friend of mine is looking for Joomla hosting.
Here's what he requires:
- Ability to point three different domains at it and have three
different Joomla sites.
- Joomla side of things managed, so no need for him to worry about
upgrades or anything else aside from styling it and putting
content in it.
- Fairly cheap.
Does anything like that exist that anyone could personally
Is the managed bit at low cost (like Wordpress) even possible with
If not then I would be tempted to install Joomla for him and host it
myself, but it is for business purposes so that doesn't seem
appropriate or cost effective for me.
He is willing to pay, but not a large amount, and I do think it
shouldn't be much more expensive than a Wordpress blog with custom
URL per site.
http://bitfolk.com/ -- No-nonsense VPS hosting
I use a managed email filtering service (Symantec.cloud - formerly MessageLabs) which obviates the need for checking quite so much. My exim server only accepts SMTP connections from designated IP addresses and runs spamassassin to pick up some of the false negatives that they let through but all of the RBL stuff is done upstream. It works very well.
<div>-------- Original message --------</div><div>From: Keith Williams <keithwilliamsnp(a)gmail.com> </div><div>Date:17/02/2014 07:46 (GMT+00:00) </div><div>To: BitFolk Users <users(a)lists.bitfolk.com> </div><div>Subject: Re: [bitfolk] Spam overwhelming my mail server </div><div>
</div>I use SpamCop and SpamHaus RBLs
I am using Postfix so am not 100% about Exim, but I use a range of checks and reject mail from non existent domains and unauthorised pipelining. Possibly more but sitting here eating breakfast I can't remember LOL. As for fail2ban look here http://www.zaphinath.com/custom-filter-for-exim-through-fail2ban/
On 17 February 2014 00:05, Gavin Westwood <bitfolk-lists(a)gavinwestwood.me.uk> wrote:
Thanks everyone for your suggestions. As at 23:15 it's reached 24,648
rejected spam emails.
On 16/02/2014 15:28, Andy Bennett wrote:
> Just firewall everything for 12 hours. If that's not enough to encourage
> the spammers to give up then you can probably extend it a little more
> without having any remote mailservers bounce messages.
> During this time, legitimate mail should queue on the sending host and
> be retried for anywhere between 24 and 72 hours.
Unfortunately this wouldn't be satisfactory for my clients and, as this
is the second time in 3 weeks that it's been hit by this level of
inbound spam (it's not relay attempts - my server gives that short
shrift), doing that once a month would be both a pain and cause me to
get phone calls. As long as my clients get their messages in a
reasonably timely manner they are generally happy (mail does appear to
be getting through despite my home mail server's issues connecting).
On 16/02/2014 20:52, ed wrote:
> Not for SpamAssassin, but have you thought about using one of the
> RBLs? Then you'd block potential junk before you start spending CPU
> time on bayes filtering.
Currently I only use RBLs as part of the Spamassassin checks and
scoring. I'm worried about applying stricter RBL checks due to various
issues such as the lag or difficulty in removing entries and the poor
configuration of some of my clients' regular contact's mail systems and
lack of understanding on both sides when mail is rejected.
> Alternatively, you could try greylising, 4xx the sending mail server
> IP for thirty minutes on the first mail seen from it, then allow it.
> Often this helps as most exploited spam sources don't queue.
(Thanks to Ian for your reply on this too)
I will have a look at greylisting, but I recall from when lug.org.uk
implemented it that there was significant impact and delay with emails
coming through and again this will lead to issues with clients calling
me about emails that they were expecting.
On 16/02/2014 21:53, Keith Williams wrote:
> I think the only answer is a good multilayered approach. Use a couple
> of good RBLs.
Ed, Keith (and anyone else) - what RBLs do you consider "good" (taking
into account my previously mentioned concerns)?
> Then make sure you are doing all the checks on headers etc.
I've got several checks, but am always open to additional suggestions.
> Then into spamassassin. The next step is to use fail2ban, so that any
> particular IP can only be used by them a couple of times before being
> blocked at the firewall. This has limited usefulness tbh, because they
> are not using their own machines. What I have done is to research
> addresses and found that there are certain ISPs that keep appearing in
> spam but not ham. I then log and block them.
I have Fail2ban installed, but I don't have it checking Exim logs. I've
not found a config to do that (my regex foo is not strong), but I do
block IPs that are regular offenders within my IPTables , however as you
note, spammers use many different compromised IPs so that is of limited
value. I've blocked one or two ranges (e.g. Proxad's IPs), but again as
my initial point, banning whole IP ranges could impact on some of my
clients getting legitimate emails.
An interesting thing I have just found from analysing todays logs is
that almost all are being sent to email addresses (mostly rubbish names,
e.g. message IDs) at a single client's domain name. Is there a quick
way in Exim to apply additional rules just to one domain (such as
greylisting or strict application of RBLs)?
users mailing list
Keith's Place www.keiths-place.co.uk
Tailor Made English www.tmenglish.org
West Norfolk RSPCA www.westnorfolkrspca.org.uk
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
I'm stuck on the old disk layout which is hiding 0.5GB of disk away from
me, and I think I'm going to buy a 5GB upgrade, so I wondered about
fixing all this in one go.
I don't want to reinstall the OS though, so my plan is request/get the
disk upgrade, then to boot into the rescue environment and as root,
tar -c . | ssh somewhereelse "cat > filesystem.tar"
Then do the Xen disk reset, allocate the new space, then boot to rescue
again, mkfs with label "root", then:
ssh somewhereelse "cat filesystem.tar" | tar -x
I've thought about the disk block ID being different after this, but
it's not in fstab or anywhere else I can find.
As I understand it pyGrub will also just work.
The question is, am I heading for any pitfalls?
Thanks for any opinions.