s36. Leaving dormant mail server with open relay

We had a test CommuniGate Pro server with no activity on it, on a rented Hetzner box.

Somebody was able to use that dormant installation as open relay, and thus started sending spam messages using the IP assigned to us, as originating mail relay.

The MX records for the domain name illegally used by unknown third party to spam others was not even pointing to Hetzner’s network, but rather to Fastmail.com servers, as we use fastmail exclusively for our mail services.

We verified the server was not hacked: only the open relay was used.

After receiveing notice («Abuse Message [AbuseID:36x]: Spam by Hetzner’s Blacklist department»)

  • I immediately checked and verified the server was not compromised
  • I stopped the Communigate mail server, since it was dormant in any case
  • I added proper SPF and DKIM entries to the domain name in question, as instructed. Those entries became active by following 48 hours.
  • I removed A record from the domain name used to spam, so it did not point anymnore to Hetzner’s network.

I know how much time it takes to clean IP history, so I was very sorry about what happened.

Needless to say, we will never leave again a dormant mail server without shutting it down completely.