My YunoHost server

Hardware: VPS bought online
YunoHost version: 11.2.8
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

new diagnosis show me this isue

=================================
Email (mail)

[ERROR] Your IP or domain XXX.XXX.XXX.XXX is blacklisted on Hostkarma

• The blacklist reason is: “Yellow listed XXX.XXX.XXX.XXX See Spam DNS Lists - Computer Tyme Support Wiki”
• After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on Hostkarma Blacklist Removal Form

on the url Hostkarma Blacklist Removal Form checking the Ip, I’ve got this

IP address XXX.XXX.XXX.XXX returned DNS result code 127.0.0.3.
XXX.XXX.XXX.XXX is Yellow listed - This is a good listing. It keeps you from being blacklisted.
Yellow means that your IP contains no information as to whether or not it is spam. Yahoo, Google, and Hotmail are Yellow Listed.

So ok it is not very important, I have read on the wiki

If the result is 127.0.0.3 then the host is yellow listed. Yellow listing means that host generates some spam and some nonspam (examples: yahoo.com, hotmail.com). What that means is that this host should never be blacklisted and that other IP based blacklists should be bypassed to prevent false positives.

I have edited the /etc/hosts like this

127.0.1.1       domain.tld
#127.0.1.1       domain domain.tld
XXX.XXX.XXX.XXX domain domain.tld
127.0.0.1	localhost

::1	localhost	ip6-localhost	ip6-loopback
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters



127.0.0.1	domain

my /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 127.0.0.1

also I have add also this specific hook for rules on emails Share your "hooks" to apply custom configurations- Partagez vos "hooks" pour appliquer des configurations personnelles - #18 by Poine

I have these results

dig short XXX.XXX.XXX.XXX.XXX.hostkarma.junkemailfilter.com

; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> short XXX.XXX.XXX.XXX.XXX.hostkarma.junkemailfilter.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23916
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;short.				IN	A

;; AUTHORITY SECTION:
.			1111	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2023121001 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 80.67.169.12#53(80.67.169.12) (UDP)
;; WHEN: Sun Dec 10 22:01:09 CET 2023
;; MSG SIZE  rcvd: 109

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19219
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;XXX.XXX.XXX.XXX.XXX.hostkarma.junkemailfilter.com. IN A

;; AUTHORITY SECTION:
hostkarma.junkemailfilter.com. 3575 IN	SOA	rbl0.junkemailfilter.com. support.junkemailfilter.com. 1702241962 3600 3600 604800 3600

;; Query time: 576 msec
;; SERVER: 80.67.169.12#53(80.67.169.12) (UDP)
;; WHEN: Sun Dec 10 22:01:10 CET 2023
;; MSG SIZE  rcvd: 127

well, does I need do something ?

I have a doubt, I suspect with the app paheko_ynh, in last upgrade (I am the guilty), we have introduced the ability to send the mails from the app. But doing this, we have to put parameters like SMTP_PORT = 25 and SMTP_SECURITY = STARTTLS.

Reading the wiki in hostkarma, I am thinking about this

 Blocking outgoing traffic on port 25

The main trick is to block outgoing port 25 traffic on all computers except for your email server. That way a virus infected computer can't send email from your IP because it is blocked. Your users will be able to talk to your email server and it will send the email for them. I recommend using port 587 (submission) for this rather than port 25. 587 is a standard port for sending email from users to servers and is less likely to be blocked by the firewalls of others in case your staff is traveling and needs to connect to your email server for outgoing email. Generally port 587 email requires authentication (a password) and a virus wouldn't know the password to send email.

On the incoming side, if you are running a Windows based email server in particular you want to block all ports except for the ports that the email server needs to work. That will protect your email server from other port attacks should your server be vulnerable. Generally ports 25, 110, 143, 587, 993, and 995 should cover everything.

These setting will allow you to surf the web without the web surfing you. The important point here is that if your firewall is set up correctly it can block the email from virus infected computers. It creates a layer so that even if you have virus problems it still won't get you black listed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.