| | I started getting messages a few days ago from people who couldn't get email replies when they requested new passwords, and then, after asking Chris Stavros of Omegabit about it, I received this:
"Hi Daniel,
I had this looked at. There are a bunch of email messages stuck in the outbound queue. I'm afraid it looks like your mail server (the outbound mail engine on your portal server), has been blacklisted and many messages are not getting routed to their destination because of reputation issues. See:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a72.29.184.157&run=toolpage
(see the excerpt from the mail logs below, as well)
There may be others not on this list - the raw mail logs also list additional listers, but once your one one of these master lists, you have to clean it up from the top. You can follow the various listers and learn more about how to petition to be removed - it is an arduous process and sometimes you just have to wait for the reputation to clear naturally.
It is most likely that there is a mail form exposed somewhere on the site - do you have the "invite" portlet or a mail form available anywhere? Some user has probably figured out how to exploit it for sending spam via the portal. It should be removed. If none exists, this could be some sort of hack - though, we've never observed one of this nature (it is usually a form or the invite portlet). It could hypothetically be some sort of exploit of the message board engine. But, I would look for portlets that generate email in the layouts, first.
The fastest way to resolve this (after the hole is plugged by removing the portlet - assuming there is one), would be to reroute email through a different mailhost that is not blacklisted - preferably, one with advanced spam filtering and reporting capabilities.
You might start by trying to route it through whatever handles your interactivebuddha.com mail (looks like Google?) - this would be a good idea for many reasons including source reputation (it will match your domain), and that they would probably catch the spam before you got blacklisted, saving you grief.
You can set the SMTP host to Google's, with your account credentials, and it <should> allow you to relay via their mail servers. You may need to enable this for your domain. See for more info:
https://support.google.com/a/answer/2956491?hl=en
The SMTP mail setting for the portal can be adjusted here:
Control Panel -> Server Administration -> Mail -> (set the Outgoing SMTP Server setting to match your relay-authorized Google account).
If you can help us to find the means that is being exploited for mail in the portal, I can offer one alternate option: a one-time remedy, which would be to reassign your outbound mail IP address to something that is not blacklisted from our network (essentially, a new public IP for mail routing). We would be assuming some risk for that action if it were determined to be a malicious attempt to hide intentional spamming by our upstream providers. So, it is important that we are diligent and beyond reproach in terms of making every effort to address the root cause before exercising that option; it is a last resort. Routing through your legitimate domain/mail provider is the "correct" approach, from a reputation perspective.
Concerning helping your users that are having issues: My recommendation is to manually reset their password to something for them, and to email them directly, at which point they should be able to login and reset it to whatever they prefer. You may have to do that for users that have locked themselves out or requested a new account until this mail reputation issue can be sorted out.
I hope this helps - let me know if you have questions or need help on how to proceed.
-Chris"
This is just one step more tricky than I likely can pull off: anyone want to help? I tried following the instructions in the support.google.com/a/answer etc link but can't find the admin console for google. I am only intermediately technical. Anyone offer to help with this?
Thanks very much,
Daniel |