NEW SERVER
Check that the HELO name is the domain name
cat /var/log/smtp/current | grep relay
1. Identify the problem user by getting the UID from an email in the queue
2. Clear mail queue
3. Remove hack script by checking /var/log/phpmail.log for multiple entries.
4. If not hack script - Upgrade Wordpress and all plugins, Install Wordfence and Run the scan
5. If Wordfence is installed - Phone client to choose a new email address password and to install an antivirus on all computers.
6. Remove from block list - http://www.dnsbl.info/dnsbl-database-check.php
7. Check Microsoft IP Status - https://postmaster.live.com/snds/ipStatus.aspx and remove using https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3&locale=en-us&wa=wsignin1.0&ccsid=635922729318558770
IF QUEUE IS STUCK
This will delete all messages in the queue, spam and good mail.
service smtp stop
cd /var/qmail
rm queue.bad -Rf
mv queue queue.bad
yum reinstall qmail -y
service smtp start
update permissions on files to 750
Run the scan and fix the problems.
cat /var/log/smtp/* | tai64nlocal | awk '{ if ($1=="2016-01-18" && substr($2,1,2)~"21") print $0 }'
cat /var/log/send/* | tai64nlocal | awk '{ if ($1=="2016-01-18" && substr($2,1,2)~"21") print $0 }' | grep -C 3 'deferral'
Run maldet to identify the domain
NEW SERVER SETUP
Set in sshd_config - AllowTCPForwarding no
Disable Mail Relay On Linux
nano /etc/tcprules.d/tcp.smtp
Remove all lines except the one with simscan.
Rebuild the tcp.smtp.cdb with ~vpopmail/bin/clearopensmtp
service smtp restart
https://qmail.jms1.net/tls-auth.shtml
http://www.qmailwiki.org/Simscan/README#SpamAssassin_options?
https://qmail.jms1.net/tls-auth.shtml
nano /service/smtp/run
IF THE IP IS PERMANENTLY BLOCKED BY MICROSOFT, ETC
1. At 5PM - Change the IP of all sites on the server to the servers extra IP. It will take 3 hours to take effect.
2. Once done remove the blocked IP from the server and add another spare IP.
3. Request Hetzner to create update the PTR Record for th