Question

IP Reputation Issue - Barracuda Firewall blocking our emails

Asked by: Shawn-in-VA

Apparently Barracuda just added us to their spam list because this week, for the first time, I received this email error message:

==============================
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  timpet1@premier-md.com
    SMTP error from remote mail server after RCPT TO:<timpet1@premier-md.com>:
    host mf01.zabco.net [208.123.210.22]: 554 Service unavailable; Client host [host2.healingcrystals.com] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=72.52.222.231
==============================

We do send out a monthly newsletter to 8000 subscribers, but these are all opt-in subscribers with a 1-click opt-out option and we maintain a list of all unsubscribed users so once unsubsribed we never send an email to that address again.  

I have several questions:

1. How can we get removed from the barracuda "poor" list.   I looked on mxtools.com and barracuda is the ONLY company that is listing us as spammers.  

2. Does anyone recommend spending $20 to register with barracuda to get on their whitelist?   This method of maintaining a whitelist does not sound ethical to me and so I am reluctant to pay the fee.

3. What can I do on our end and with our email server to configure it properly so that it has all the correct settings to minimize any reputation issues.   We use phplist now to send out our emails.

Thanks for your help!

Shawn Adler

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-10-23 at 10:33:16ID24838711
Tags

barracuda firewall email server smtp ip address

Topics

Email Servers

,

Anti-Spam White Lists

,

Anti-Spam Email Software

Participating Experts
2
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. barracuda
    hi i ahve a static ip from isp where all emails are processing using smtp solution,and now i got a barracuda firewall spam filter,and this has an ip that i filled in,i spoke to the barracuda support and they told me to speak to your isp to point to this ip instead of the sta...
  2. Exchange server and spammer
    Hi, out Server is not open relay. still there is any way to find out if my server has been compromised by spammer or not ?? because today, i have received an email from Shawbiz.ca, the guy saying someone at 9.48 pm sent him email from our company email address which is ac...
  3. Spam getting through Barracuda
    Hello there, my boss keeps receiving spam emails. We have a Barracuda system setup to stop spam, it does a reasonable job; however, this particular spammer keeps getting through with the same email (Viagra!) I'm not sure what to do really (rather new to Barracuda + Anti-spa...
  4. Exchange Reputation
    Exchange Server 2003: I have a dedicated server at a data center that I terminal services into. I recently installed Exchange Server 2003 Standard from my licensing. When the hosting company setup the server the name of the server was "sls-ce10p12" and they had a...
  5. Barracuda reputation repeatedly blacklists our IP address, …
    We manage a small network for a local real estate company. The network has a Microsoft Small Business Server 2003 with Exchange 2003 email server. We also use the Google/Postini message filtering/security service for both inbound and outbound. Port 25 is locked down so tha...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: bjornlundePosted on 2009-10-23 at 16:08:40ID: 25649591

1. To get your IP adjusted in the Barracuda Reputation System submit a removal request at http://www.barracudacentral.org/rbl/removal-request

2. I agree that paying to be whitelisted sounds dubious, but if it solves your problems, well it could be argued that this is $20 well spent. On the other hand emailreg.org is not an actual whitelist, but rather a sevice to tie IP addresses to domain names. You will not be automatically whitelisted by registering your IP and domain name. So, one might say that the de-listing is free of charge, and the $20 charge to identify your IP and tie it to your organization and domain name is a reasonable fee.

Take a look at this: http://www.emailreg.org/index.cgi?p=news&id=4

3. Any self respecting block list operator should have some serious routines in place to do proper checks before blacklisting an IP address. Barracuda claims to use a honeypot/spam-trap scheme to add/remove ip addresses from their BRBL.

http://www.barracudacentral.org/rbl/listing-methodology

If this is the actual methodology used, your main focus should be to prevent unauthorized sending of e-mail from your network. One infected / zombied host behind your public IP could be enough to get your IP blacklisted. I would investigate if unauthorized SMTP traffic goes out through your firewall, and if this is the reason why you are blacklisted. Opt-out mass-mail should not get you on the list if this is the actual methodology. If not already done, then port 25 should be blocked in the firewall for all outgoing traffic except the actual mail server(s). If port 25 is already blocked, then I would start looking at outgoing mail logs to look for an account that has been compromised and subsequently used to send authenticated spam through your e-mail server.

Hope this helps you solve the situation. It's pretty annoying when you find yourself on a blacklist, as I'm sure many of us have experienced at some point.

Cheers,

Bjorn

 

by: alanhardistyPosted on 2009-10-23 at 16:53:33ID: 25649905

From Barracuda's website:

We are sorry you have reached this page because an email was blocked based on its originating IP address having a "poor" reputation. The "poor" reputation may have been caused by one of the following reasons:

  • Your email server contains a virus and has been sending out spam. 
  • Your email server may be misconfigured. 
  • Your PC may be infected with a virus or botnet software program. 
  • Someone in your organization may have a PC infected with a virus or botnet program. 
  • You may be utilizing a dynamic IP address which was previously utilized by a known spammer. 
  • Your marketing department may be sending out bulk emails that do not comply with the CAN-SPAM Act. 
  • You may have an insecure wireless network which is allowing unknown users to use your network to send spam. In some rare cases, your recipient's Barracuda Spam Firewall may be misconfigured. 

There are several problems with the setup of your domain:

  1. Your MX record has a priority of 0 - some mail servers have a problem with this and it is recommended that you change it to 10. 
  2. Your MX record points to healingcrystals.com whereas your mail server responds as host2.healingcrystals.com 
  3. host2.healingcrystals.com points to IP 72.52.222.233 whereas healingcrystals.com points to 72.52.222.231 
  4. You also don't have an SPF record setup for your domain. 

Please read my FAQ on problems sending mail to a specific domain which will help with this problem:

http://www.it-eye.co.uk/faqs/readQuestion.php?qid=2

 

by: Shawn-in-VAPosted on 2009-10-24 at 22:02:58ID: 25655595

Alan,

Thank you for your suggestions.   I have been working today on this issue and we have made some progress.   Below are my comments to each of your suggestions.   If you can do this for us, please check our information again and let me know if any of this still needs work or if you have any other suggestions.

Thanks again!

Shawn

There are several problems with the setup of your domain:

   1. Your MX record has a priority of 0 - some mail servers have a problem with this and it is recommended that you change it to 10.

I contacted our hosting company. liquid web and they said that they changed it.

   2. Your MX record points to healingcrystals.com whereas your mail server responds as host2.healingcrystals.com
   3. host2.healingcrystals.com points to IP 72.52.222.233 whereas healingcrystals.com points to 72.52.222.231

Liquidweb changed our mail server to now send mail from 72.52.222.233 and healingcrystals.com is now located at 72.52.222.233, so now I think that this fixes the issues in #2 and #3 above.

   4. You also don't have an SPF record setup for your domain.

Liquidweb said that they have now set this up.  

 

by: alanhardistyPosted on 2009-10-25 at 01:28:39ID: 25655970

Hi Shawn,

  1. MX record is now showing a priority of 10 
  2. Still the same.  Either change the MX record to be host2.healingcrystals.com and change the IP for host2.healingcrystals.com to be 72.52.222.233 or change the FQDN on your server to respond as healingcrystals.com not host2.healingcrystals.com. 
  3. host2.healingcrystals.com still responds with IP 72.52.222.231 
  4. SPF record setup now and looks fine. 

Your 1 MX record is:

10 healingcrystals.com. [TTL=300] IP=72.52.222.233 [TTL=300] [US]

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

healingcrystals.com claims to be host host2.healingcrystals.com [but that host is at 72.52.222.231 (may be cached), not 72.52.222.233].

See image below for IP of host2.healingcrystals.com

 

by: Shawn-in-VAPosted on 2009-10-28 at 20:07:28ID: 25690361

Thanks for your help with this.   I've worked with our host a bit more and we've made the following changes.   Our email from healingcrystals.com is now sent from 72.52.222.233 and host2.healingcrystals.com and healingcrystals.com resolve to the same IP 72.52.222.233.

This means that we are now sending emails from the same IP as our domain.  Our mail server used to send emails from 72.52.222.231, but we've now had that changed so that our emails from healingcrystals.com are now sent from 72.52.222.233 (the same IP as healingcrystals.com and host2.healingcrystals).

If you don't mind, please check on this and confirm how it is looking to you now.

Thanks again for your help!

Shawn

 

by: alanhardistyPosted on 2009-10-29 at 01:29:48ID: 25691532

Still getting this:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

healingcrystals.com claims to be host host2.healingcrystals.com [but that host is at 72.52.222.231 (may be cached), not 72.52.222.233]. <br />

Reverse DNS:

OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the 'Reverse DNS Tool' for the current data). The reverse DNS entries are:

233.222.52.72.in-addr.arpa host2.healingcrystals.com. [TTL=300]

So your serer is still respondng as host2.healingcrystals.com but the IP for the is still .231  You need to change the IP address in your domain's DNS to set this to be .233

 

by: Shawn-in-VAPosted on 2009-10-29 at 08:54:36ID: 25695052

Alan,

I really appreciate your reply, but I am a bit confused.   We have a dedicated server at Liquid Web hosting and I find their support to be excellent.   They have responded well to each of my requests and have now confirmed the following:

host2.healingcrystals.com responds as 72.52.222.233
all mail from healingcrystals.com is sent from 72.52.222.233
and
I can see myself in WHM, that www.healingcrystals.com is hosted at 72.52.222.233.

Please let me know if you can confirm if any of this information is incorrect.   Assuming that this information is correct, is there anything else that we need to do?

Thanks for your continued support!  :-)

Shawn

 

by: alanhardistyPosted on 2009-10-29 at 09:06:02ID: 25695156

Anytime - happy to be helping!

It could just be a case of waiting 24-48 hours.  I am still seeing the same info re host2 and .231 - but it states it could be cached!

I do see though that host2 IP has been changed to .233 when checking with another test - so lets wait 24 hours (worst case 48) and see what comes out in the wash - so to speak.

Hopefully this should make life better for you - checking both IP's on Barracuda comes back as NOT poor reputation, which can only be good news.  They are also not listed on numerous other blacklist sites - so the problem seems to have gone away.

 

by: Shawn-in-VAPosted on 2009-10-29 at 09:54:15ID: 31645138

Thanks again for your help!  I think that these changes will really help us stay off their blacklist.  

I did end up paying the $20 to register our domain on the barracuda whitelist, but I think that the changes that you helped us make will ensure that we dont go back on the blacklist again.

FYI, a bonus of signing up for the barracuda whitelist was that i can now see specific spam complaints that they receive for us.  This will be useful information if there are users out there who are receiving emails from us that they do not want.  

Thanks again for your help!

Shawn

 

by: alanhardistyPosted on 2009-10-29 at 10:00:17ID: 25695744

I guess every cloud has a silver lining!

Glad you are sorted (well hopefully) and thanks for the points.

Alan

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...