Email Server (exim4) - Help needed

We need help from volunteers with skills on:

• Exim4 / Postfix
• DNS (mx records, spf, etc)
• SMTP configurations

If you are good with spam issues and exim configurations HELP is needed, actually:

search ways to know "what is sending" to the world (I have grep all the subjects sent from the server and everything looks correct)
verify the quality of the emailing settings to not be marked as spam (guidelines, etc)
improve the security of the email system and / or the server to avoid possible hacks
improve the dns records to not allow emails from other places that are not elive related

UPDATE: Seems like the Elive server is sending spam and it is starting to be blacklisted, due to this I cannot even announce a release (all emails goes to spam, bad!)

bump, help is needed on this area:

This is a huge issue, so it's being pinned.

It looks like only elivecd.org is blacklisted by spamhous ..... the forum is OK.

Could be a lot of reasons that that happened...you'd have to look into the logs as to what the server is doing and maybe contact spamhaus as to what they have as a reason.

It might have to do with the email problems that seem to have been there lately when people donated and didn't get a link sent to them.
Maybe double check the donations and the outgoing e-mails whether they're in line with each other.

damn, it is getting worse....

where you see that? I just tried but doesn't shows like it

There's nothing strange on the exim4 MTA service, but could be another hack that is using the server to send emails (without using the email service)

Mmh, I really think that the server is used to send spam (not emails related to elive), but in fact I cannot know that I don't see a way to see what is sending from it except from the MTA logs on which there's nothing

I checked on/with:

Which showed me that IP (139.59.157.208) was blacklisted on zen.spamhaus.org but now that I've entered it a second time it isn't anymore.....which actually worries me.

So either it just got removed or that site is kinky.

https://www.dnsbl.info/dnsbl-database-check.php
Gives us an all-green too, so all seems to be allright.

As does spamhaus itself.

What happened to make you think that we were being blacklisted in the first place?

Just did one of those delayed stable download thingies to test ... checking to see if I got a confirmation email.

It's an Outlook address so all the better.

Offtopic

love my slow internet

image1316×621 17.4 KB

UPDATE: Ok haven't received them yet ...

image972×89 8.16 KB

image964×185 13.7 KB

(it's 5:23 here)

1. The last announced release of Elive had too much hardbounces, I needed to stop the sending of emails of this release announcement, then I found that the cause was some "bad spam ranking"
2. Using https://postmaster.google.com/ as a checker for the elive email status (or more like gmail reports), seems like people are marking the elivecd.org emails as spam, apparently a 0.02% rate is considered good, and a few days ago it was reached a 16%, like we can see here:

image1250×490 57.9 KB

3. there's some bans in tiscali.it, MS email services (hotmail, outlook, etc) never worked for elivecd.org, probably yahoo too, etc... a few logs like:

2020-12-26 19:10:07.620 [10597] 1ktE10-0002ku-Bx ** **@shaw.ca F=**@elivecd.org P=**@elivecd.org R=dnslookup_users T=remote_smtp H=smtp.glb.shawcable.net [64.59.136.136]:25 I=[139.59.157.208]36053: SMTP error from remote mail server after initial connection: 554 mi08.dcs.int.inet cmsmtp Connection refused. 139.59.157.208 has a poor reputation on Cloudmark Sender Intelligence (CSI). Please visit http://csi.cloudmark.com/reset/xxx.... to request a delisting.

2020-12-26 22:12:03.153 [28620] 1ktGr4-0007Rb-GR ** **@outlook.com F=***@elivecd.org P=**@elivecd.org R=dnslookup_users T=remote_smtp H=outlook-com.olc.protection.outlook.com > [104.47.32.33]:25 I=[139.59.157.208]40543: SMTP error from remote mail server after pipelined sending data block: 550 5.7.1 Unfortunately, messages from [139.59.157.208] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [SN1NAM01FT013.eop-nam01.prod.protection.outlook.com]

BTW do not mark the email as "this is not spam" and other things, just be neutral... which is needed to know how the email* service manages it by default

ok

does that mean its not necessarily elive's fault? dreamhost or digitalocean?

Logging off now - won't be checking for a while.

That's not a few people .... to get to 16% would require a lot of reporting or some sort of bot.

yeah exactly, is a very big amount, also, the emails now are only used to give the downloads to the users (not even a release notification), so they are not meant to be marked as spam at all

btw emails from elive had always a good value (30-35 % of emails opened, etc...) by default in email newsletters are less than this

Now I'm confused .... I thought you were talking about release notifications.

How many download links are delivered on a daily basis, that wouldn't be that enormous at all, would it?

so... the email server has an exim4 server configured, which used mostly for the website

the website sends emails as:

• release announcements
• download notifications
• other similar notifications (download in progress, etc...)

what I meant is that the users can found the "release announcements" emails a little annoying (should be not much), but not the ones with "your download is ready! get elive from this link bla bla"... they are more important and wanted for them, and what I meant is that actually only these last ones are sent (there's no release announcements since the last one, and no other since the previous one, etc... which happens after 2-3 months now?)

not enourmemous, maybe 40 per day, but stills not an issue since its counted in "percentages", so doesn't matter if they are 10 or 10000 (in fact is even better more, since its a more reliable percentage number)

Just made a donation (with zeelandnet.nl) and got a thank you reply instantaneously, so that's working fine on my side.

Thanks a lot for the donation!

BTW if you see anything to improve and/or wording from the user-experience of those emails (also the delayed download ones, subscription, etc...) just tell me (i have been improving them a bit recently too)

I have some checkers in my computer or the server itself to verify if everything is working correctly, but of course not all is enough

Yeah the email seems to work good, but seems like there's some bad spam ranking and I don't know the reason, it has a few blacklists aparently (like in the logs shown before) and there's also absolutely nothing receive on MS emails (outlook / hotmail / msn / live / mscrap), I assume @TheTechRobo didn't received any too (not even in the Junk folder i mean!)

exactly .... that would "only" require 6-7 reports to get to 16% and those numbers very probably would/could be M$ crap getting in the way.

I just did a free download request of the stable release with protonmail and that one is instantaneous too.

yeah, I was thinking that maybe the issue is simply the LOW amount of emails, but im not fully convinced that the server is not compromised and the problem is that I cannot know what people are receiving , maybe i can sniff the outgoing port 25 of the server to see if is sending something (without necessarily use the MTA exim server), hum...

BTW note that these reports are not related to MS emails but only from gmail accounts, since its a google service (yeah there's some gmail that hardbounces elive emails, strange!)

BTW the dmarc results shows somewhat good/bad:

image595×581 40.4 KB

make a special look in the last numbers, but maybe thats just a bad configuration in CLI emails or similar

you won't, in MS email services it is entirely blacklisted, not even marked as Junk, you will receive nothing until the IP is removed from the blacklist

and on that case, they will be only receive into Junk (not your inbox), hotmail has always been that way for elive emails (and yeah, this is an important issue)

BTW, status from them is: