Solved

<xoxoxo.xoxoxox.com #5.5.0 smtp;550 - xx.xxx.xxx.xx blocked by ldap:ou=rblmx,dc=worldnet,dc=att,dc=net> Help need to send to att.net

Posted on 2006-11-16
8
1,803 Views
Last Modified: 2012-06-21
I am having problem sending to an email address that is on att.net.  I am using Exchange Enter 2003 on a Win2003 sever.

Your message did not reach some or all of the intended recipients.

      Subject:      Test message
      Sent:      11/16/2006 3:38 PM

The following recipient(s) could not be reached:

      XXXXXXXXX@att.net on 11/16/2006 3:39 PM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <yyyyyyy.zzzzzzzzzz.com #5.5.0 smtp;550-xx.xxx.xxx.xx blocked by ldap:ou=rblmx,dc=worldnet,dc=att,dc=net>

When I do have a reverse DNS look up of the xx.xxx.xxx.xx i get my zzzzzzzzzz.com A record.  Anyone got any suggestions.

I have turn on SMTP logging and this is what I get.

2006-11-16 21:39:28 12.102.240.23 OutboundConnectionResponse SMTPSVC1 BUNO-01 - 25 - - 220+worldnet.att.net+-+Maillennium+ESMTP/MULTIBOX+mtiwmxc17+#116 0 0 64 0 1234 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionCommand SMTPSVC1 BUNO-01 - 25 EHLO - yyyyyyy.zzzzzzzzzz.com 0 0 4 0 1234 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionResponse SMTPSVC1 BUNO-01 - 25 - - 250-worldnet.att.net 0 0 20 0 1500 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionCommand SMTPSVC1 BUNO-01 - 25 MAIL - FROM:<username@zzzzzzzzzz.com>+SIZE=3603 0 0 4 0 1515 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionResponse SMTPSVC1 BUNO-01 - 25 - - 550-xx.xxx.xxx.xx+blocked+by+ldap:ou=rblmx,dc=worldnet,dc=att,dc=net 0 0 68 0 1547 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionCommand SMTPSVC1 BUNO-01 - 25 QUIT - - 0 0 4 0 1640 SMTP - - - -
2006-11-16 21:39:28 12.102.240.23 OutboundConnectionResponse SMTPSVC1 BUNO-01 - 25 - - 221+worldnet.att.net 0 0 20 0 1672 SMTP - - - -
0
Comment
Question by:metlogistics
  • 5
  • 2
8 Comments
 
LVL 13

Expert Comment

by:rhinoceros
ID: 17963302
Your IP was blocked by RBL ? I wanna check RBL for your IP address.

0
 

Author Comment

by:metlogistics
ID: 17965851
No, my IP is not blocked by a RBL.

Name URL RBL-base result comments
no-more-funn.moensted.dk http://moensted.dk/spam/no-more-funn/ no-more-funn.moensted.dk LISTED  
3y.spam.mrs.kithrup.com http://3y.spam.mrs.kithrup.com 3y.spam.mrs.kithrup.com Skipped  
t1.bl.reynolds.net.au http://t1.bl.reynolds.net.au t1.bl.reynolds.net.au Skipped  
access.redhawk.org http://access.redhawk.org access.redhawk.org OK  
assholes.madscience.nl http://assholes.madscience.nl assholes.madscience.nl OK  
badconf.rhsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ badconf.rhsbl.sorbs.net OK - List of domain names where the A or MX records point to bad address space.  
bl.csma.biz http://bl.csma.biz/ bl.csma.biz OK  
bl.deadbeef.com http://spam.deadbeef.com/bl/ bl.deadbeef.com OK  
bl.spamcannibal.org http://bl.spamcannibal.org bl.spamcannibal.org OK  
bl.starloop.com http://bl.starloop.com bl.starloop.com OK  
bl.technovision.dk http://bl.technovision.dk bl.technovision.dk OK  
blackholes.five-ten-sg.com http://www.five-ten-sg.com/blackhole.php blackholes.five-ten-sg.com OK  
blackholes.intersil.net http://blackholes.intersil.net blackholes.intersil.net OK  
blackholes.mail-abuse.org http://www.mail-abuse.org/rss/ blackholes.mail-abuse.org OK ?  
blackholes.sandes.dk http://blackholes.sandes.dk blackholes.sandes.dk OK  
blackholes.uceb.org http://blackholes.uceb.org blackholes.uceb.org OK  
blacklist.sci.kun.nl http://blacklist.sci.kun.nl blacklist.sci.kun.nl OK  
blacklist.spambag.org http://blacklist.spambag.org blacklist.spambag.org OK  
block.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ block.dnsbl.sorbs.net OK - List of hosts demanding they are never tested by SORBS.  
blocked.hilli.dk http://blocked.hilli.dk blocked.hilli.dk OK  
blocklist.squawk.com http://blocklist.squawk.com blocklist.squawk.com OK  
blocklist2.squawk.com http://blocklist2.squawk.com blocklist2.squawk.com OK  
bogons.dnsiplists.completewhois.com http://bogons.dnsiplists.completewhois.com bogons.dnsiplists.completewhois.com OK  
cart00ney.surriel.com http://cart00ney.surriel.com cart00ney.surriel.com OK  
cbl.abuseat.org http://cbl.abuseat.org cbl.abuseat.org OK  
dev.null.dk http://dev.null.dk/ dev.null.dk OK ?  
dialup.blacklist.jippg.org http://dialup.blacklist.jippg.org dialup.blacklist.jippg.org OK  
dialups.mail-abuse.org http://www.mail-abuse.org/dul/ dialups.mail-abuse.org OK ?  
dialups.visi.com http://dialups.visi.com dialups.visi.com OK  
dnsbl-1.uceprotect.net http://www.uceprotect.net/en/ dnsbl-1.uceprotect.net OK  
dnsbl-2.uceprotect.net http://www.uceprotect.net/en/ dnsbl-2.uceprotect.net OK  
dnsbl-3.uceprotect.net http://www.uceprotect.net/en/ dnsbl-3.uceprotect.net OK  
dnsbl.ahbl.org http://www.ahbl.org/ dnsbl.ahbl.org OK  
dnsbl.antispam.or.id http://dnsbl.antispam.or.id dnsbl.antispam.or.id OK  
dnsbl.cyberlogic.net http://dnsbl.cyberlogic.net dnsbl.cyberlogic.net OK  
dnsbl.jammconsulting.com http://www.jammconsulting.com/policies/dnsbl.shtml dnsbl.jammconsulting.com OK  
dnsbl.kempt.net http://dnsbl.kempt.net dnsbl.kempt.net OK  
dnsbl.njabl.org http://dnsbl.njabl.org dnsbl.njabl.org OK  
dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ dnsbl.sorbs.net OK - Aggregate zone (contains all DNS zones)  
DSBL - Distributed Sender Boycott List/list http://dsbl.org/ list.dsbl.org OK  
DSBL - Distributed Sender Boycott List/multihop http://dsbl.org/ multihop.dsbl.org OK  
DSBL - Distributed Sender Boycott List/unconfirmed http://dsbl.org/ unconfirmed.dsbl.org OK  
dsbl.dnsbl.net.au http://dsbl.dnsbl.net.au dsbl.dnsbl.net.au OK  
duinv.aupads.org http://duinv.aupads.org duinv.aupads.org OK  
dul.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ dul.dnsbl.sorbs.net OK - Dynamic IP Address ranges (NOT a Dial Up list!)  
dul.maps.vix.com http://dul.maps.vix.com/ dul.maps.vix.com OK GONE  
dul.orca.bc.ca http://dul.orca.bc.ca/ dul.orca.bc.ca OK GONE  
dul.ru http://dul.ru dul.ru OK  
dun.dnsrbl.net http://dun.dnsrbl.net dun.dnsrbl.net OK  
dynablock.njabl.org http://dynablock.njabl.org dynablock.njabl.org OK  
fl.chickenboner.biz http://fl.chickenboner.biz fl.chickenboner.biz OK  
flowgoaway.com http://flowgoaway.com flowgoaway.com OK  
forbidden.icm.edu.pl http://forbidden.icm.edu.pl forbidden.icm.edu.pl OK  
hijacked.dnsiplists.completewhois.com http://hijacked.dnsiplists.completewhois.com hijacked.dnsiplists.completewhois.com OK  
hil.habeas.com http://hil.habeas.com hil.habeas.com OK  
http.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ http.dnsbl.sorbs.net OK - List of Open HTTP Proxy Servers.  
http.opm.blitzed.org http://http.opm.blitzed.org http.opm.blitzed.org OK  
images-msrbls http://www.msrbl.com/ images.rbl.msrbl.net OK - Hosts found sending mail contaning spam images  
intruders.docs.uu.se http://intruders.docs.uu.se intruders.docs.uu.se OK  
korea.services.net http://korea.services.net korea.services.net OK  
l1.spews.dnsbl.sorbs.net http://l1.spews.dnsbl.sorbs.net l1.spews.dnsbl.sorbs.net OK  
l2.spews.dnsbl.sorbs.net http://l2.spews.dnsbl.sorbs.net l2.spews.dnsbl.sorbs.net OK  
lbl.lagengymnastik.dk http://lbl.lagengymnastik.dk lbl.lagengymnastik.dk OK  
mail-abuse.blacklist.jippg.org http://mail-abuse.blacklist.jippg.org mail-abuse.blacklist.jippg.org OK  
map.spam-rbl.com http://map.spam-rbl.com map.spam-rbl.com OK  
misc.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ misc.dnsbl.sorbs.net OK - List of open Proxy Servers not listed in the SOCKS or HTTP lists.  
msgid.bl.gweep.ca http://msgid.bl.gweep.ca msgid.bl.gweep.ca OK  
msrbl http://www.msrbl.com/ combined.rbl.msrbl.net OK - All the msrbl lists combined  
nomail.rhsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ nomail.rhsbl.sorbs.net OK - List of domain names where the owners have indicated no mail should ever be sent with these domains.  
ohps.dnsbl.net.au http://ohps.dnsbl.net.au ohps.dnsbl.net.au OK  
okrelays.nthelp.com http://okrelays.nthelp.com okrelays.nthelp.com OK  
omrs.dnsbl.net.au http://omrs.dnsbl.net.au omrs.dnsbl.net.au OK  
opm.blitzed.org http://opm.blitzed.org/info opm.blitzed.org OK  
ORDB - the Open Relay DataBase http://www.ordb.org/ relays.ordb.org OK ?  
orid.dnsbl.net.au http://orid.dnsbl.net.au orid.dnsbl.net.au OK  
orvedb.aupads.org http://orvedb.aupads.org orvedb.aupads.org OK  
osps.dnsbl.net.au http://osps.dnsbl.net.au osps.dnsbl.net.au OK  
osrs.dnsbl.net.au http://osrs.dnsbl.net.au osrs.dnsbl.net.au OK  
owfs.dnsbl.net.au http://owfs.dnsbl.net.au owfs.dnsbl.net.au OK  
owps.dnsbl.net.au http://owps.dnsbl.net.au owps.dnsbl.net.au OK  
pdl.dnsbl.net.au http://pdl.dnsbl.net.au pdl.dnsbl.net.au OK  
phishing-msrbl http://www.msrbl.com/ phishing.rbl.msrbl.net OK - Hosts found sending phishing mails  
probes.dnsbl.net.au http://probes.dnsbl.net.au probes.dnsbl.net.au OK  
proxies.exsilia.net http://proxies.exsilia.net proxies.exsilia.net OK  
proxy.bl.gweep.ca http://proxy.bl.gweep.ca proxy.bl.gweep.ca OK  
psbl.surriel.com http://psbl.surriel.com psbl.surriel.com OK  
pss.spambusters.org.ar http://pss.spambusters.org.ar pss.spambusters.org.ar OK  
rbl-plus.mail-abuse.org http://rbl-plus.mail-abuse.org rbl-plus.mail-abuse.org OK  
rbl.cluecentral.net http://rbl.cluecentral.net rbl.cluecentral.net OK  
rbl.efnet.org http://rbl.efnet.org rbl.efnet.org OK -Hosts are added by our bots as users connect with hacked boxes and open proxies.  
rbl.jp http://rbl.jp rbl.jp OK  
rbl.maps.vix.com http://www.mail-abuse.org/rbl/ rbl.maps.vix.com OK ?  
rbl.schulte.org http://rbl.schulte.org rbl.schulte.org OK  
rbl.snark.net http://rbl.snark.net rbl.snark.net OK  
rbl.triumf.ca http://rbl.triumf.ca rbl.triumf.ca OK  
rblmap.tu-berlin.de http://rblmap.tu-berlin.de rblmap.tu-berlin.de OK  
rdts.dnsbl.net.au http://rdts.dnsbl.net.au rdts.dnsbl.net.au OK  
relays.bl.gweep.ca http://relays.bl.gweep.ca relays.bl.gweep.ca OK  
relays.bl.kundenserver.de http://relays.bl.kundenserver.de relays.bl.kundenserver.de OK  
relays.mail-abuse.org http://work-rss.mail-abuse.org/rss/ relays.mail-abuse.org OK ?  
relays.nether.net http://relays.nether.net relays.nether.net OK  
relays.nthelp.com http://relays.nthelp.com relays.nthelp.com OK  
relays.radparker.com http://relays.radparker.com/ relays.radparker.com OK GONE?  
rhsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ rhsbl.sorbs.net OK - Aggregate zone (contains all RHS zones)  
ricn.dnsbl.net.au http://ricn.dnsbl.net.au ricn.dnsbl.net.au OK  
rmst.dnsbl.net.au http://rmst.dnsbl.net.au rmst.dnsbl.net.au OK  
rsbl.aupads.org http://rsbl.aupads.org rsbl.aupads.org OK  
satos.rbl.cluecentral.net http://satos.rbl.cluecentral.net satos.rbl.cluecentral.net OK  
sbl-xbl.spamhaus.org http://sbl-xbl.spamhaus.org sbl-xbl.spamhaus.org OK  
sbl.csma.biz http://bl.csma.biz/ sbl.csma.biz OK  
sbl.spamhaus.org http://www.spamhaus.org/sbl/ sbl.spamhaus.org OK Direct UBE sources, verified spam services and ROKSO spammers  
smtp.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ smtp.dnsbl.sorbs.net OK - List of Open SMTP relay servers.  
socks.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ socks.dnsbl.sorbs.net OK - List of Open SOCKS Proxy Servers.  
socks.opm.blitzed.org http://socks.opm.blitzed.org socks.opm.blitzed.org OK  
sorbs.dnsbl.net.au http://sorbs.dnsbl.net.au sorbs.dnsbl.net.au OK  
spam.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ spam.dnsbl.sorbs.net OK - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked.  
spam.dnsrbl.net http://spam.dnsrbl.net spam.dnsrbl.net OK  
spam.exsilia.net http://spam.exsilia.net spam.exsilia.net OK  
spam.olsentech.net http://spam.olsentech.net spam.olsentech.net OK  
spam.wytnij.to http://spam.wytnij.to spam.wytnij.to OK  
spamcop http://www.spamcop.net/bl.shtml bl.spamcop.net OK  
spamguard.leadmon.net http://spamguard.leadmon.net spamguard.leadmon.net OK  
spamsites.dnsbl.net.au http://spamsites.dnsbl.net.au spamsites.dnsbl.net.au OK  
spamsources.dnsbl.info http://spamsources.dnsbl.info spamsources.dnsbl.info OK  
spamsources.fabel.dk http://spamsources.fabel.dk spamsources.fabel.dk OK  
spews.dnsbl.net.au http://spews.dnsbl.net.au spews.dnsbl.net.au OK  
t1.dnsbl.net.au http://t1.dnsbl.net.au t1.dnsbl.net.au OK  
ucepn.dnsbl.net.au http://ucepn.dnsbl.net.au ucepn.dnsbl.net.au OK  
virbl https://virbl.bit.nl/faq.php virbl.dnsbl.bit.nl OK - Lists IP's that sent more than 2 virus in the last 24 hours  
virus-msrbl http://www.msrbl.com/ virus.rbl.msrbl.net OK - Hosts found sending virus mails  
virus.rbl.jp http://virus.rbl.jp virus.rbl.jp OK  
web.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ web.dnsbl.sorbs.net OK - List of web (WWW) server which have spammer abused vulnerabilities (e.g. FormMail scripts)  
whois.rfc-ignorant.org http://whois.rfc-ignorant.org whois.rfc-ignorant.org OK  
will-spam-for-food.eu.org http://will-spam-for-food.eu.org will-spam-for-food.eu.org OK  
wingate.opm.blitzed.org http://wingate.opm.blitzed.org wingate.opm.blitzed.org OK  
xbl.spamhaus.org http://www.spamhaus.org/xbl/ xbl.spamhaus.org OK Illegal 3rd party exploits, including proxies, worms and trojan exploits  
zombie.dnsbl.sorbs.net http://www.dnsbl.nl.sorbs.net/ zombie.dnsbl.sorbs.net OK - List of networks hijacked from their original owners. Some already used for spamming.  
blackholes.wirehub.net http://basic.wirehub.nl/blackholes.html blackholes.wirehub.net N/A RIP  
block.blars.org http://block.blars.org block.blars.org N/A RIP  
blocked.secnap.net http://www.secnap.net/ blocked.secnap.net N/A RIP  
dynablock.wirehub.net http://basic.wirehub.nl/dynablocker.html dynablock.wirehub.net N/A RIP  
ipwhois.rfc-ignorant.org http://www.rfc-ignorant.org/policy-ipwhois.php ipwhois.rfc-ignorant.org N/A RIP  
pdl.pan-am.ca http://pdl.pan-am.ca/pdl/ pdl.pan-am.ca N/A RIP  
rbl.spam.org.tr http://rbl.spam.org.tr rbl.spam.org.tr N/A RIP  
relays.visi.com http://relays.visi.com relays.visi.com N/A RIP  
0
 

Author Comment

by:metlogistics
ID: 17966068
Does my public DNS name need to be same as FQDN of the email server or can they differ?

Cause, currently I have my email server called BUNO-01.zzzzzzzzzz.com on my internal DNS which is mapped statically to the firewall to external IP xx.xxx.xxx.xx

On my publicly hosted DNS
I have zzzzzzzzzz.com registered to an A record xx.xxx.xxx.xx
I have a PTR setup for this A record
I have a MX record of zzzzzzzzzz.com
0
 
LVL 30

Accepted Solution

by:
Wayne Barron earned 250 total points
ID: 17974006
Does your ISP have the Reverse DNS setup on their end?
If not, then this can cause this issue as well.

In most cases, this is an Issue, that your IP Address is being blocked.
Due to SPAM Abuse and so forth.

http://www.google.com/search?hl=en&q=blocked+by+ldap%3Aou%3Drblmx%2Cdc%3Dworldnet%2Cdc%3Datt%2Cdc%3Dnet

Doing a google search on the message, it is all about being Abuse Blocks.

Good luck
Carrzkiss
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:metlogistics
ID: 17980123
Thanks for the google search idea.  The interesting part is that my IP range and domain does not appear on any RBL's, so it  does not make much sense why I am being blocked.  

I have called At&t and tried to get a hold of their network abuse department, but At&t corprate states that this department does not exist.  Also, I have contacted my ISP on the issue to find out if they know if a range of their IP is being blocked by At&t and maybe I just so happen to be within the IP range.

I just hope that this somehow gets resolved.  

Does anyone else have any possible suggestions on what to try?
0
 

Author Comment

by:metlogistics
ID: 17983346
I did some more google search and came around with this http://www.att.net/general-info/mail_info/block_inquiry.html url to have att unblock your ip address.

I will find out if it worked in 2 business days.
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 17985068
keep us informed.
Hope it works
0
 

Author Comment

by:metlogistics
ID: 17995821
The att world net link did work.  They even sent me a nice email.

Dear Administrator:

Thank you for contacting abuse_rbl@abuse-att.net.

The mail-server IP address(es) associated with your request will removed from the block list within 24-36 hours from the date of this letter.  AT&T WorldNet Services, it's affiliates, and network services customers do NOT intentionally block legitimate mail in the course of our anti-spam initiatives and regret for any inconvenience this may have caused.  If the IP that was recently blocked begins to exhibit the characteristics of a compromised network object or is compromised by an offender of Acceptable Use Policies, the IP address will be blocked again.

Administrators: Please thoroughly check your IP logs before requesting removal.  You must determine that all traffic from the blocked IP is actually from your mail servers to ensure your network is not compromised.
Administrators who fail to do this may experience subsequent and more resolute blocking.

Thank you for helping the AT&T WorldNet Services network combat spam in all its forms.

Regards,

AT&T Internet Investigations and Security Systems Team
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now