sehh

Blacklisted by Spamhaus SBLCSS

5 posts in this topic

This might be off-topic but I would appreciate some help because I am at a loss :(

I've got a server with Linode and it comes with two IP addresses, one IPv4 and one IPv6. The server is running CentOS 7, with Apache virtualhosts that host static html pages and postfix/dovecot for my personal email. So far so good.

Now here comes the crazy thing. Spamhaus will list my IPv6 address in their SBLCSS blacklist, continuously (I delist and a few hours later its listed again).

The server is not compromised, its a vanilla CentOS 7 with SELinux enabled and running Apache for static html pages, the server cpu usage is 0% and network is also at 0%. I even shutdown the server and my IPv6 address STILL got listed by Spamhaus even tough the server was turned off. I am can only conclude that my server is not compromised, maybe Spamhaus is running some kind of net-block-wide auto-block system that also covers my own IPv6 address.

My IPv4 has never been listed, in case you are wondering, and neither of my two addresses got listed on any other blacklist that I know of. I tried to contact Spamhaus but they don't have any contact information on their website.

I would appreciate any suggestions please.

Share this post


Link to post
Share on other sites

Have you contacted Spamhaus?

Have you talked with those that connect your server to the greater internet to insure that your IP is not shared?

Of course without knowing your IP only general ideas can be offered.

Share this post


Link to post
Share on other sites

There is no contact information on Spamhaus, they clearly state that they do not want any sort of communication.

Yes my IP is static unique and on my server only (of which I only have access for my personal domains). I've setup DKIM, SPF, DMARC and things have been running smoothly for many many years.

Share this post


Link to post
Share on other sites

According to Spamhaus's FAQs about SBL CSS (https://www.spamhaus.org/faq/section/Spamhaus CSS), for IPv6 addresses their listings are not of single addresses but of ranges of addresses that are small enough that they should only cover a single customer:

Quote

CSS lists "/64" CIDR blocks in IPv6. Without such aggregation, IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs. "/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.

If your provider have only allocated a single IPv6 address rather than a full /64 for your server, and have multiple customers in the same /64 address range, then they are ignoring standard practice for IPv6 addressing in a way that could mean that you're being affected by bad behaviour by other customers of theirs.

Share this post


Link to post
Share on other sites
On 12/25/2017 at 8:27 AM, sehh said:

This might be off-topic but I would appreciate some help because I am at a loss :(

I've got a server with Linode and it comes with two IP addresses,

Removal advice here

https://www.spamhaus.org/lookup/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now