Solved

Why has my server been added to a black list for "policy violation, unacceptable generic PTR record".

Posted on 2008-10-30
19
3,161 Views
Last Modified: 2013-12-09
I have an SBS 2K3 Premium server.  It works great with no issues other than this black list problem.  About two weeks ago I started getting delay notices from the server saying that some messages hadn't gone through.  After checking my server black list status I realized it had been added to one list @ http://www.spamcannibal.org.  Funny thing is though it says its listed due to invalid PTR record..

My static IP address is 67.141.224.179.  I've contacted Windstream to try and update our PTR record but I'm not sure I'm doing it correctly.  Please note that our incoming email goes through Trend Micro's Hosted SPAM service before arriving at our server.  I only have issues sending to certain addresses.  Right now its Bellsouth addresses.  My actual mail domain is mail.dmxm.biz.

I've also tweaked the IMF on my server to make sure we weren't sending out Spoofed NDR's.

Thanks in advance.
0
Comment
Question by:GTKINC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
19 Comments
 
LVL 8

Expert Comment

by:epohl
ID: 22844804
A couple of different things. Yes your ISP should be able to setup a PTR record for your server. If not the other option is to also relay your outgoing email through Trend or some other service. Bellsouth (AT&T) has gotten very aggressive with their block list. Fill out the form on the site below and they typically remove your IP from the list with 24 hours. Just don't be surprised if its back on the list in a few months.

http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22857964
I filled out the form.  I don't think my problem was due to NDR so I don't know if they will process it as the form looked like that was what it was centered around.  Lets hope that fixes it.  Thanks so far...
0
 
LVL 8

Expert Comment

by:epohl
ID: 22861239
FRom your email server telent to port 25 on one of bellsouths email server and if will give you an error message like 550 etc..., post that message along with you server ip on that page and it will get you unblocked. I have done it at least 10 times for differnet servers I manage.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:GTKINC
ID: 22906581
I'll need instructions on how to do this.  Not sure about they syntax I need to use in order to get all of the information that you need.
0
 
LVL 8

Accepted Solution

by:
epohl earned 500 total points
ID: 22939509
Go to the site below and do an mxlookup for bellouth.net, recored the IP of the first server. (this is the ip you enter on the AT&T form above)
http://www.mxtoolbox.com/index.aspx

OK now from your exhcnage server telnet to port 25 of the ip recorded above (instructions on link below) and you should get an error message. This is what you put into the AT&T form for revelant lines, this error should also include the ip of your server.
http://support.microsoft.com/kb/153119

For changes on AT&T form i typically enter other and type in new email server.


0
 

Author Comment

by:GTKINC
ID: 22961386
Ok.  I submitted another instance with the below information.  Hopefully that will help me.  Strange thing is though I'm still listed with SPAM cannibal and can't figure out how to get off of that list.

550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22968477
Looks like that may have worked!  Lets leave it be for a couple of days and see.  Thanks for all of your help to this point.
0
 

Author Comment

by:GTKINC
ID: 22972011
Spoke to soon.  Its been added back to the black list again.  I'm at a loss.  Please help.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22972789
When you telnet to the server does it give a reason why its blocked?
0
 
LVL 8

Expert Comment

by:epohl
ID: 22972798
Did you get an email from AT&T that it would be removed from the list?
0
 

Author Comment

by:GTKINC
ID: 22979882
The tel net message was 550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html.

I never got a message from them that it was taken off the list however I did get a notice from MXTOOLBOX that it had been removed.  I've signed this server up for their free monitoring service.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22984303
After filling out that form from AT&T you should get an email from them that your server IP has been removed. Typically get this email within a day. If you telnet are you still getting the same error? If so and you have filled out the request you might consider emailing them to see if there is a problem with your request , the email address is at the bottom of the att page.
0
 

Author Comment

by:GTKINC
ID: 22986851
Again though I think I'm getting added to the list due to something else.  I think they are blocking because they use SPAM Cannibal.  Not necessarily because of something that's happening at their end.  Does that make sense?
0
 
LVL 8

Expert Comment

by:epohl
ID: 22987584
You should at least get a response from att about your request. Do you still show up on any of the blacklists?

http://www.mxtoolbox.com/blacklists.aspx
0
 

Author Comment

by:GTKINC
ID: 22995009
Its now listed with 3!
0
 

Expert Comment

by:netAdmin069
ID: 23205924
Run a DNS check for your domain at http://pingability.com/zoneinfo.jsp.
0
 

Author Comment

by:GTKINC
ID: 23265613
When I do this test I get a lot of what appear to be errors but I'm not at all sure on how to correct them.  Could these be my problems?

My domain name is dmxm.biz if it makes things easier.
0
 

Author Comment

by:GTKINC
ID: 23363860
Haven't gotten a resolution yet but points are for your efforts.  Thanks for your time.
0
 
LVL 8

Expert Comment

by:epohl
ID: 23366579
Looks like now you are using Trendmicro service, hopefully this has taken care of your problem. You might also want to look at your firewall and make sure no machine are sending out email via smtp. I have seen desktops with viruses send out email and cause the external ip it shares with the mail server to get blacklisted.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question