Jump to content

Blacklisted by Spamhaus SBLCSS


Recommended Posts

This might be off-topic but I would appreciate some help because I am at a loss :(

I've got a server with Linode and it comes with two IP addresses, one IPv4 and one IPv6. The server is running CentOS 7, with Apache virtualhosts that host static html pages and postfix/dovecot for my personal email. So far so good.

Now here comes the crazy thing. Spamhaus will list my IPv6 address in their SBLCSS blacklist, continuously (I delist and a few hours later its listed again).

The server is not compromised, its a vanilla CentOS 7 with SELinux enabled and running Apache for static html pages, the server cpu usage is 0% and network is also at 0%. I even shutdown the server and my IPv6 address STILL got listed by Spamhaus even tough the server was turned off. I am can only conclude that my server is not compromised, maybe Spamhaus is running some kind of net-block-wide auto-block system that also covers my own IPv6 address.

My IPv4 has never been listed, in case you are wondering, and neither of my two addresses got listed on any other blacklist that I know of. I tried to contact Spamhaus but they don't have any contact information on their website.

I would appreciate any suggestions please.

Link to comment
Share on other sites

There is no contact information on Spamhaus, they clearly state that they do not want any sort of communication.

Yes my IP is static unique and on my server only (of which I only have access for my personal domains). I've setup DKIM, SPF, DMARC and things have been running smoothly for many many years.

Link to comment
Share on other sites

  • 2 weeks later...

According to Spamhaus's FAQs about SBL CSS (https://www.spamhaus.org/faq/section/Spamhaus CSS), for IPv6 addresses their listings are not of single addresses but of ranges of addresses that are small enough that they should only cover a single customer:


CSS lists "/64" CIDR blocks in IPv6. Without such aggregation, IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs. "/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.

If your provider have only allocated a single IPv6 address rather than a full /64 for your server, and have multiple customers in the same /64 address range, then they are ignoring standard practice for IPv6 addressing in a way that could mean that you're being affected by bad behaviour by other customers of theirs.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...