fnillc
asked on
Why is email from my domain getting rejected because of RBL policy even after I have removed the domain from all Realtime Blackhole Lists?
I'm the admin for two domains, I'll call them myoffice.com and thecustomer.com (for security reasons). myoffice.com is running Exchange Server 2007, and thecustomer.com is running Exchange Server 2003 w/SP2.
A few weeks ago we had a computer on our myoffice.com domain with a mass mailer virus. We were added to a few RBLs because of that computer sending out spam. I removed the domain from all of the lists that same day (but possibly not before sending email to thecustomer.com while still on the RBLs).
Now whenever I send email to thecustomer.com (and this has been happening for a couple weeks, ever since we got on the RBL's), the following shows up in their SMTP Server log:
2008-09-18 17:06:39 [WAN-IP-ADDR-CHANGED] mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 EHLO - +mail1.myoffice.com 250 0 317 31 0 SMTP - - - -
2008-09-18 17:06:39 WAN-IP-ADDR-CHANGED mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 MAIL - +FROM:<me@myoffice.com> 550 0 42 48 0 SMTP - - - -
2008-09-18 17:06:39 WAN-IP-ADDR-CHANGED mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 QUIT - mail1.myoffice.com 240 46 42 48 0 SMTP - - - -
I looked up the error code "550 0 42 48 0 SMTP" and it looks like thecustomer.com's rejecting the email due to some policy. When I try to telnet to their mail server from my office and do MAIL FROM:me@myoffice.com I get:
550 Message rejected because of RBL policy
They can receive email from any other domain just fine. And we can send email from myoffice.com to other domains just fine as well, without getting blocked/rejected.
I rechecked our IP address using several RBL lookup tools today and every single one shows us on 0 RBL's.... nothing blacklisted at all. So I'm guessing that thecustomer.com's server cached the RBL entry and is not re-looking it up again.
Their mail security software is Ninja Mail Security for Exchange, version 2.1.4235, by Sunbelt Software. It does antispam and antivirus. But I can't see any settings for RBL checking. And I've whitelisted the email addresses that we're sending from, but that still doesn't work. So I'm not sure if it's Ninja Mail Security that is blocking the emails. This page seems to suggest the poster is having the same problem with Ninja, but I don't see where they are configuring RBL checks: http://www.petri.co.il/forums/archive/index.php/t-20511.html
Does Exchange Server 2003 (like IMF) do RBL lookups? Also they have a Watchguard Firebox firewall, but I also don't think that this does RBL lookups... but I'm not sure. It doesn't do antispam or email filtering on port 25, so I wouldn't think it would do RBL lookups.
Any advice?? Any idea where the RBL listing is cached on their end? (if that's the case). I'm stumped on this one.
A few weeks ago we had a computer on our myoffice.com domain with a mass mailer virus. We were added to a few RBLs because of that computer sending out spam. I removed the domain from all of the lists that same day (but possibly not before sending email to thecustomer.com while still on the RBLs).
Now whenever I send email to thecustomer.com (and this has been happening for a couple weeks, ever since we got on the RBL's), the following shows up in their SMTP Server log:
2008-09-18 17:06:39 [WAN-IP-ADDR-CHANGED] mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 EHLO - +mail1.myoffice.com 250 0 317 31 0 SMTP - - - -
2008-09-18 17:06:39 WAN-IP-ADDR-CHANGED mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 MAIL - +FROM:<me@myoffice.com> 550 0 42 48 0 SMTP - - - -
2008-09-18 17:06:39 WAN-IP-ADDR-CHANGED mail1.myoffice.com SMTPSVC1 TFHEXCH 172.16.1.30 0 QUIT - mail1.myoffice.com 240 46 42 48 0 SMTP - - - -
I looked up the error code "550 0 42 48 0 SMTP" and it looks like thecustomer.com's rejecting the email due to some policy. When I try to telnet to their mail server from my office and do MAIL FROM:me@myoffice.com I get:
550 Message rejected because of RBL policy
They can receive email from any other domain just fine. And we can send email from myoffice.com to other domains just fine as well, without getting blocked/rejected.
I rechecked our IP address using several RBL lookup tools today and every single one shows us on 0 RBL's.... nothing blacklisted at all. So I'm guessing that thecustomer.com's server cached the RBL entry and is not re-looking it up again.
Their mail security software is Ninja Mail Security for Exchange, version 2.1.4235, by Sunbelt Software. It does antispam and antivirus. But I can't see any settings for RBL checking. And I've whitelisted the email addresses that we're sending from, but that still doesn't work. So I'm not sure if it's Ninja Mail Security that is blocking the emails. This page seems to suggest the poster is having the same problem with Ninja, but I don't see where they are configuring RBL checks: http://www.petri.co.il/forums/archive/index.php/t-20511.html
Does Exchange Server 2003 (like IMF) do RBL lookups? Also they have a Watchguard Firebox firewall, but I also don't think that this does RBL lookups... but I'm not sure. It doesn't do antispam or email filtering on port 25, so I wouldn't think it would do RBL lookups.
Any advice?? Any idea where the RBL listing is cached on their end? (if that's the case). I'm stumped on this one.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER