bizcrown101
asked on
Getting blocked by Unknown RBL (realtime spam black/block list) - 88.blacklist.zap
Some users of our Exchange server have been unable to send to a few different domains this week. They received the following message:
user@domain.com on 10/20/2006 9:36 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.ourdomain.com #5.5.0 smtp;550 Service unavailable; Client host [208.178.XXX.117] blocked using 88.blacklist.zap; Mail From IP Banned>
(I have changed the email addresses and IP addresses in the message above except for 88.blacklist.zap)
I am familiar with RBLs and have run our mail server's IP through several multi-rbl lists checkers such as http://www.robtex.com/rbls.html and http://shopping.declude.com/Articles.asp?ID=97. We're only listed in BLARSBL (http://www.blars.org/errors/block.html) which appears to be a list that nobody actually uses.
I've googled for 88.blacklist.zap and found NOTHING. I've also searched for blacklist.zap and found other people reporting bounced emails similar to mine, but resulting from a list called ip.blacklist.zap. Thus far I haven't found any information about any real rbl named 88.blacklist.zap or ip.blacklist.zap.
The server also passed the open relay test at http://email-test.com/cgi-bin/webtestmail?cmd=show_openrelay.
So my question is, what is actually causing these emails to be returned with this particular message? Can anyone identify this blacklist.zap and help me take actions to stop emails from bouncing back?
Thanks in advance!
user@domain.com on 10/20/2006 9:36 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.ourdomain.com #5.5.0 smtp;550 Service unavailable; Client host [208.178.XXX.117] blocked using 88.blacklist.zap; Mail From IP Banned>
(I have changed the email addresses and IP addresses in the message above except for 88.blacklist.zap)
I am familiar with RBLs and have run our mail server's IP through several multi-rbl lists checkers such as http://www.robtex.com/rbls.html and http://shopping.declude.com/Articles.asp?ID=97. We're only listed in BLARSBL (http://www.blars.org/errors/block.html) which appears to be a list that nobody actually uses.
I've googled for 88.blacklist.zap and found NOTHING. I've also searched for blacklist.zap and found other people reporting bounced emails similar to mine, but resulting from a list called ip.blacklist.zap. Thus far I haven't found any information about any real rbl named 88.blacklist.zap or ip.blacklist.zap.
The server also passed the open relay test at http://email-test.com/cgi-bin/webtestmail?cmd=show_openrelay.
So my question is, what is actually causing these emails to be returned with this particular message? Can anyone identify this blacklist.zap and help me take actions to stop emails from bouncing back?
Thanks in advance!
blacklist.zap is a name sometimes used for an internal blacklist
Google blacklist.zap and you get many more results.
That IP address range belongs to Global Crossing, so there is a good chance you have got caught in someone's subnet blacklist.
You need to speak to the recipient to find out why you are listed.
Simon.
That IP address range belongs to Global Crossing, so there is a good chance you have got caught in someone's subnet blacklist.
You need to speak to the recipient to find out why you are listed.
Simon.
ASKER
Could there possibly be a private blacklist sitting somewhere between our mail server and several different mail recipient mail servers? I find it quite peculiar that two completely different mail servers would blacklist our IP and give us the exact same 88.blacklist.zap blacklist response.
Also, what is the significance of the IP address belonging to Global Crossing? Are they well known for letting spam originate from their IP range?
Also, what is the significance of the IP address belonging to Global Crossing? Are they well known for letting spam originate from their IP range?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My company is going through this right now. I did a little investigation worked and found out that my client uses Frontbridge (hosted Exchange Service). I called Frontbridge and they confirmed the error with "88.blacklist.zap." They also explained that they have implemented a new SPAM filter. You should give them a call. Your recipient may not know that they use Frontbridge because their service is resold by ATT, Sprint, etc. You can get their support number from www.frontbridge.com.
-Michael
-Michael
Frontbridge is a Microsoft service.
Simon.
Simon.
I was gettin the same error "88.blacklist.zap" to discover that the client is using ATT (and presumably frontbridge). I found a e-mail address of false_positive@frontbridge
Thanks for the tips above, it's helped me narrow down where the problem is much quicker.
Thanks for the tips above, it's helped me narrow down where the problem is much quicker.
I tried the email last Friday and I have not heard back yet. So I called yesterday and was on hold for 20 minutes. The tech support rep. said they are open 24/7 so you can call any time.
So did you get the issue resolved for your network? Did they say what the 88.blacklist.zap was? Whether it was an internal only list or based off some obsure RBL?
What was the final result after 20 minutes?
What was the final result after 20 minutes?
They gave me a ticket number and said it would be fixed within 24 hours. I am going to call them today to make sure that the process of removing my server from their block is moving.
-m
-m
ASKER
AndrewDuey & cambria_is:
Thank you MUCH for the responses! I ended up calling the Exchange Hosted Service Support line at (866) 291-7726. After about 15 minutes on hold, and some funky french "please hold" messages, I was able to request my IP removed from the frontbridge blacklists. I recieved no ticket number or anything, so I'll just have to periodically send some test emails to the problem recipients in order to find out if we're still on the blacklist.
I would give the two of you points if I hadn't already accepted an answer.
Thanks again!
Thank you MUCH for the responses! I ended up calling the Exchange Hosted Service Support line at (866) 291-7726. After about 15 minutes on hold, and some funky french "please hold" messages, I was able to request my IP removed from the frontbridge blacklists. I recieved no ticket number or anything, so I'll just have to periodically send some test emails to the problem recipients in order to find out if we're still on the blacklist.
I would give the two of you points if I hadn't already accepted an answer.
Thanks again!
As of noon (PST) yesterday, I was off the list. Yeah their hold music is funny.
ASKER
Update: I was contacted by the bridgehead support team and notified that our exchange server's IP address is now on their safelist.
Hello,
I appreciate your patience. We have Safelisted IP 208.178.XXX.117 and the change will be in production within the hour.
I believe this issue is now resolved and I will now be closing this case. If you would like this case reopened please reply to this email for further troubleshooting and the case will reopen automatically.
Please let us know if you have any further questions.
Regards,
Jason
Technical Support
Hello,
I appreciate your patience. We have Safelisted IP 208.178.XXX.117 and the change will be in production within the hour.
I believe this issue is now resolved and I will now be closing this case. If you would like this case reopened please reply to this email for further troubleshooting and the case will reopen automatically.
Please let us know if you have any further questions.
Regards,
Jason
Technical Support
I got the same response from bridgehead support. They declined to remove our entire IP subnet but did add our exchange server to their while list which was what we really needed.
cambria_is: Thanks for the tips, they really helped us out.
--Andrew
cambria_is: Thanks for the tips, they really helped us out.
--Andrew
Frontbridge spam support/delisting email if anyone needs it is: delist@frontbridge.com
Hello Sampath Namberi,
This IP [195.229.241.56] has been reviewed and was removed from the block list. Note that there is a small period of 1-2 hours after delisting is granted until all of our servers propagate with the new change.
As long as the majority of traffic from this IP to our customers is not filtered as spam, messages will be allowed to flow uninterrupted through our network. If it is discovered to be spamming again in the future, relisting is likely to occur, and the IP will be more difficult to have removed from the list.
We will now be closing this case. If you have any further concerns, please let us know.
Regards,
Elizabeth Coleman
Tier 1 Technical Support
(Hours: Sat-Weds 15:00-23:30)
Forefront Online Protection for Exchange (FOPE) | Exchange Hosted Archive (EHA) Ticket Assistance: 1146581446
24x7 Phone support: 1-866-291-7726
Still the Email is failing and same NDR is created.
This IP [195.229.241.56] has been reviewed and was removed from the block list. Note that there is a small period of 1-2 hours after delisting is granted until all of our servers propagate with the new change.
As long as the majority of traffic from this IP to our customers is not filtered as spam, messages will be allowed to flow uninterrupted through our network. If it is discovered to be spamming again in the future, relisting is likely to occur, and the IP will be more difficult to have removed from the list.
We will now be closing this case. If you have any further concerns, please let us know.
Regards,
Elizabeth Coleman
Tier 1 Technical Support
(Hours: Sat-Weds 15:00-23:30)
Forefront Online Protection for Exchange (FOPE) | Exchange Hosted Archive (EHA) Ticket Assistance: 1146581446
24x7 Phone support: 1-866-291-7726
Still the Email is failing and same NDR is created.