What to do when VPS IP block gets added to SpamHaus?

[rupe]

I have a Postfix/Dovecot mail server setup on m WeLoveServers VPS. The setup has 4 rarely used email accounts on it, and is secured against relay and other common mail server abuse exploits. I don't send much email from the accounts, and really just use them for collecting and processing (sieve) all my server admin reports or signing up for the occasional web service (like github).

Today I decided to check the logs and noticed that a few entries (about a dozen over a few months) mention being on the SpamHaus blacklist. After following the link provided to SpamHaus, I tracked down an SBL entry for my IP (actuall a n.n.0.0/16 block that included my IP) noting "Spammer hosting (escalation)", and see that it belongs velocity-servers.net 

What should I do, besides switching providers?

 

[MannDude]

Send an abuse report to Colocrossing since they're the upstream for WLS. Wait and see if they take action.

If not, go find a new provider. The majority of Colocrossing's IP space will be blacklisted as it's an attractive network for spammers, fraud and other malicious type. I see Jon on WHT from time to time claiming the network is cleaner now, perhaps it is. I'd send an abuse report regardless and see how quickly they take care of it for you.

 

[DomainBop]

What should I do, besides switching providers?

There is nothing you as an end user can do but switch providers because the problem isn't going to get fixed anytime soon.  WeLoveServers has chosen to knowingly rent servers and dirty IP space from a data center provider called Velocity Servers (d/b/a ColoCrossing) who is very friendly to both email spammers and web based attackers/criminals (like comment spammers. botnets, hacker bots, etc).  .  Do a search here, on WebHostingTalk, or Google for "colocrossing spam" and you'll find dozens of complaints.

http://www.spamhaus.org/sbl/listings/velocity-servers.net

https://cleantalk.org/blacklists/AS36352

Send an abuse report to Colocrossing since they're the upstream for WLS. Wait and see if they take action.

That /16 has been blacklisted for the majority of the past 6 months, with the exception of a couple of very brief 1-3 day periods when Spamhaus lifted the SBL only to reinstate it almost immediately.  The daycare crew are fully aware it is blacklisted so an abuse report would just be a waste of the OP's time.

 

[drmike]

@rupe 

This is what happens when you buy from sketchy folks who involve themselves in facilitating and hosting companies engaged in mass spamming and other unsavory endeavors.

Short answer is you are screwed.

I doubt you soiled the IPs, but do check your IP in common places to make sure nothing came from you machine (lots of hack compromises that end up spam uses).

Honestly, ask WeLoveServers (which is owned by a ripoff artist literally) to issue you clean IPs.

Start shopping for other providers... cause even if clean, no guarantee new IPs won't be labeled as spam originating from other users on CC's network.

 

[zionvps]

Last time i heard spamhaus decided to block all the ip's originating from colocrossing because of their continued indifference towards spam reports. I doubt spamhaus will delist just 1 IP. The only way for you is to switch to a provider who does not use colocrossing as a datacenter!

 

[X3host]

I Face a problems like that because of some bad clients registered through us and spam our server with bad emails

 

[fixidixi]

-

 

[AlphaNine_Vini]

Best is to limit the users to send email per hour. You can send a request to spamhaus for delist or ask your provider to delist the IP. 

 

[rupe]

I am actually in the process of moving my Dovecot/Postfix setup to RamNode. I installed it on WLS about a year ago just as a test (because at the time I had absolutely no experience with mail servers). I have a few WLS VPSes, and this is the first time I've had a problem - then again, I really only used them for testing the occasional Ruby app. Anything semi-important is on RamNode and BuyVM Anything really important is on a dedi

Is there a list of VPSes that use ColoCrossing? I also use INIZ and Wable, without any problems so far.

[SIZE=14.2857141494751px]Thanks for your input.[/SIZE]

 

[DomainBop]

Is there a list of VPSes that use ColoCrossing? I also use INIZ and Wable, without any problems so far.

If a provider doesn't own their own IP space, ask them for a test IP and then go to bgp.he.net and you'll be able to tell who they're using.  It's always a good idea when you first get a VPS to check to make sure the IP isn't blacklisted (mxtoolbox.com and multirbl.valli.org are two good places to check)

RamNode and INIZ: good reliable choices.  I've used both for a long time.

BuyVM: aside from the pony thing (and the towel dance thing), another good choice.

Wable/Incero  another good choice, and I believe the shiny silver star Spamhaus has awarded them for being a "proactive no-spam tolerance network" speaks for itself.

 

[rupe]

@DomainBop thanks for the links and re-assurance about my other choices. I will probably just stick to those, and not renew my WLS VPSes - I've already got more than enough as it is

 

[VPSCorey]

Use a external mail sending service such as mandrill especially if you depend on mail delivery.  There's a free tier and the cost per email is insanely low.

 

[William]

Won't help however if the source IP is in the Mailheader.

 

[robbyhicks]

You could try an SMTP service. We use sendgrid for our transactional and outbound emails.  Another option would be to get a 3rd party mailbox.  Unfortunately there's not much you can do unless your provider takes care of that blacklisted /16.