Amazon claims to have a system to white-list all their IP addresses at Spamhaus regularly. But we still see Amazon EC2 users reporting mail issues due to IP blacklists by Spamhaus.
IP blacklisting occur when your mail server gets compromised due to any malware or open vulnerabilities. Attackers can hijack your mail server and send spam mails from it.
Once the IP address is blacklisted for spamming by Spamhaus and other anti-spam lists, getting it delisted is a time consuming process. Having no email service for days or weeks can badly affect your business.
In such cases, the immediate action required is to stop the spamming and change the mail server IP address to a new Elastic IP. Here we’ll discuss how to change mail interface IP in 3 popular mail servers.
Read: Blocking spoofed mails going out of your cPanel/WHM web hosting server
How to change interface IP in Exim
If you are using exim mail server, it is easy to change the interface IP. The exim.conf file has to be checked for the section:
remote_smtp:
driver = smtpand under that, add the line:
interface = ip addressAfter updating the desired IP address, exim server has to be restarted:
service exim restartTo confirm the IP change, the exim log file and email headers should be examined.
Read: How we fixed a massive “open relay” spamming in Exim mail server
How to change interface IP in SendMail
To change the mail server IP in Sendmail, the file to be edited is /etc/mail/sendmail.mc.
The following entry in the file has to be edited with the desired IP address in the ‘Addr’ section:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')After editing, the new configuration file is generated using the m4 macro processor:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Restart Sendmail for the new update to take effect:
service sendmail restartIt is also possible to edit the configuration file sendmail.cf directly and make this change. But this is has to be done by experts, as it can end up breaking the mail server if not done right.
Read: AWS Port 25 block – Why does it happen and how to fix it?
How to change interface IP in Postfix
Postfix is a commonly installed custom mail server for Amazon EC2 instances. The default configuration in Postfix makes the mail server available on all IP addresses.
This is defined by the following entry in ” /etc/postfix/main.cf ” file:
inet_interfaces = allTo configure the Postfix mail server to listen to only a specified IP address, change the entry as follows:
inet_interfaces = IP_addressRestart the Postfix mail server and it would start sending the mails from the new IP address assigned.
systemctl restart postfixThe same option can be used to change the IP address of mail server when existing IP gets blacklisted.
This snippet of two email headers shows the different IPs we configured for the email server.
Headers showing two different mail server IPs in the same Amazon EC2 instance
Read: How to resolve “Sender verify failed” SMTP mail error in ISPConfig Postfix servers
A few points to note..
Here we’ve covered how to change the interface IP in 3 common mail servers of Amazon EC2 in case of blacklisting. However, there are a few points to take care of, which we’ll see here.
1. Before changing interface IP it is important to check the IP availability. You may have to add new Elastic IPs with good reputation.
2. Proper backup of the mail server configuration file has to be taken to roll back the settings in case of errors.
3. RDNS would have to be setup for the newly assigned IP address to avoid further blacklisting.
4. After the changes, restart the mail server and confirm its working, as a slight mistake can mess up the mail servers.
5. Most importantly, it is recommended to audit the EC2 instance and pro-actively secure it to avoid any spamming or other exploits.
Read: How to secure a server
0 Comments