Protect my server from blacklists

[nservices]

Hi,
I have some problem with some domain that mark my server as "Spam Sender"
my client domain is: http://www.pichefkes.co.il
http://awesomescreenshot.com/0af3aqlxb4
the Spam is tactically sent from [email protected] but the sender is "configured" as [email protected] (this email account is not exist and this email not sent from our server)
and inside there is link to the spammer site: http://doctornnek.cn.com/
any suggestion to avoid the Blacklist on this situation?

Best Regards,
Star Network.

 

[zEitEr]

Hello,



Are you sure, that emails do not originate from your server? Did you check exim logs? You might have malware on your server through which they send spam with random email address on your domain. I've seen that many times.

 

[nservices]

Hi,
yes am sure and also it's look like the "real" sender is other domain and other server, but sent as name of [email protected] (there is no such box on our server)
the question is how can we protect our server on this case from consider as spam sender.

 

[zEitEr]

Your server should not be considered as a spam sender while spam originates from another server, IP and email headers do not have references to your server. Nevertheless your domain is probably compromised and might be blacklisted.

If spam really originates from another server, then there is hardly anything you can do to protect your server and reputation.

p.s. Please correct me if I'm wrong here.

 

[nservices]

Hi,
1. in 100% my server ip didn't sent the spam
2. in 100% the server IP listed, for example on http://www.cyren.com/ip-reputation-check.html
after this emails

Best Regards,
Star Network.

 

[Richard G]

I must agree with zEitEr, if spam does not originates from your server there is another reason for blacklisting. Spamlists normally look at headers.

The screenshot in your first post which shows a .dk "from" address can easily be forged and is no proof that email is indeed send from there.
Next to that, there is a big possibility this spam is sended via a php script or a leak Joomla or Wordpress install or addon. This makes it a lot harder to find out where exactly it's coming from.

Did you already dive into the headers of such mail? The headers are the real proove of what's going on.
You can also try to disable sendming mail via the php mail function. This way there will be errors on scripts sending mail because they can't anymore. Maybe this will give you a clue.
However, doing this will affect all users on the system and I don't quite know by head how to do it on a DA server.