Solved

sendmail/firewall IP is black listed in CBL-XBL Spamhuas - any solution?

Posted on 2008-10-25
3
1,216 Views
Last Modified: 2013-12-18
Our Live IP is blocked by cbl.abuseat.org.
Well, I am using sendmail server as a mail server (MTA) on RHEL5. Our main firewall is sending the smtp traffic with the IP same as live IP of sendmail server. sendmail server configuration is fine according to CBL links below
http://cbl.abuseat.org/hostname.html
http://www.cpqlinux.com/hostname.html
http://cbl.abuseat.org/helocheck.html
http://cbl.abuseat.org/namingproblems.html
Here is the output of helocheck
----- The following addresses had permanent fatal errors -----
<helocheck@cbl.abuseat.org>
    (reason: 550 HELO for IP XX.XXX.XX.XXX was "MAIL.MYDOMAIN.COM")
both nslookup and reverse lookup are fine.
The MX entry is the same as MAIL.MYDOMAIN.COM in a hosting company where MAIL.MYDOMAIN.COM is regeistered as a subdomain of MYDOMAIN.COM.

We send all emails from a script that collects information from DB server and then send all emails from sendmail server (MAIL.MYDOMAIN.COM).

Well, as we are using linux machines so i cant expect that they are infected with viruses and trojans. Our company business is like that we send thousands of emails to all our clients in all over the world.
Well, I am not sure but can someone help me to understand that may be one of the following can be the cause of this?
1.  the emails we sent to customer are e.g.  [ From: abc@mydomain.com], emails are sent from mail.mydomain.com (sendmail server). Is this can be the issue? as sending email source (mail.mydomain.com/firewall) IP is different from mydomain.com. So whenever somewhere in middle of the way emails are checked then the reverse NS Lookup of mail server (mail.mydomain.com) points different IP than that is in the From address of email@mydomain.com?

2. Any relay issue?

3. We dont receive emails on sendmail server so can it be the reason that whenever any ISP receive emails from this server it cant get back to it?

I am trying to fix this issue from last three four days. Can someone help me to sort out this issue?


0
Comment
Question by:samengr
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
nabeelmoidu earned 500 total points
ID: 22806270
It needn't be your email server. Do you have outbound port 25 allowed from any of your non-sendmail machines ? Any virus in any one of them could be the reason your ip is blacklisted. if its teh first time, you can ask them to manually remove it.but ensure you take steps to first isolate the spammer in your network.

0
 

Author Comment

by:samengr
ID: 22806682
Thanks for reply. No other machine is allowed to send smtp traffic from firewall. The thing that is confusing me that can it be the sender domain (mail.mydomain.com) is different from the "From" address of email (abc@mydomain.com) because both parent and subdomain have the different IPs? If the other MTA verifies it with the reverse NSLookup then they will find it from different source and that means the sender MTA is defferent from the mail From address. so they can mark as spam and again IP will be black listed.
Well, I changed the outgoing firewall IP, changed the servers configuration, moved the sendmail to another linux machine but still after 4-5 hours IP is in the spamhaus  black list.

0
 

Author Comment

by:samengr
ID: 22806789
I am also getting some bounce back emails that you are not allowed to send emails to some specific domains, and your emails can not reach to the particular users/domains. most of them are yahoo, tiscali, and hotmail addresses.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now