Solved

Why has my server been added to a black list for "policy violation, unacceptable generic PTR record".

Posted on 2008-10-30
19
3,120 Views
Last Modified: 2013-12-09
I have an SBS 2K3 Premium server.  It works great with no issues other than this black list problem.  About two weeks ago I started getting delay notices from the server saying that some messages hadn't gone through.  After checking my server black list status I realized it had been added to one list @ http://www.spamcannibal.org.  Funny thing is though it says its listed due to invalid PTR record..

My static IP address is 67.141.224.179.  I've contacted Windstream to try and update our PTR record but I'm not sure I'm doing it correctly.  Please note that our incoming email goes through Trend Micro's Hosted SPAM service before arriving at our server.  I only have issues sending to certain addresses.  Right now its Bellsouth addresses.  My actual mail domain is mail.dmxm.biz.

I've also tweaked the IMF on my server to make sure we weren't sending out Spoofed NDR's.

Thanks in advance.
0
Comment
Question by:GTKINC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
19 Comments
 
LVL 8

Expert Comment

by:epohl
ID: 22844804
A couple of different things. Yes your ISP should be able to setup a PTR record for your server. If not the other option is to also relay your outgoing email through Trend or some other service. Bellsouth (AT&T) has gotten very aggressive with their block list. Fill out the form on the site below and they typically remove your IP from the list with 24 hours. Just don't be surprised if its back on the list in a few months.

http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22857964
I filled out the form.  I don't think my problem was due to NDR so I don't know if they will process it as the form looked like that was what it was centered around.  Lets hope that fixes it.  Thanks so far...
0
 
LVL 8

Expert Comment

by:epohl
ID: 22861239
FRom your email server telent to port 25 on one of bellsouths email server and if will give you an error message like 550 etc..., post that message along with you server ip on that page and it will get you unblocked. I have done it at least 10 times for differnet servers I manage.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:GTKINC
ID: 22906581
I'll need instructions on how to do this.  Not sure about they syntax I need to use in order to get all of the information that you need.
0
 
LVL 8

Accepted Solution

by:
epohl earned 500 total points
ID: 22939509
Go to the site below and do an mxlookup for bellouth.net, recored the IP of the first server. (this is the ip you enter on the AT&T form above)
http://www.mxtoolbox.com/index.aspx

OK now from your exhcnage server telnet to port 25 of the ip recorded above (instructions on link below) and you should get an error message. This is what you put into the AT&T form for revelant lines, this error should also include the ip of your server.
http://support.microsoft.com/kb/153119

For changes on AT&T form i typically enter other and type in new email server.


0
 

Author Comment

by:GTKINC
ID: 22961386
Ok.  I submitted another instance with the below information.  Hopefully that will help me.  Strange thing is though I'm still listed with SPAM cannibal and can't figure out how to get off of that list.

550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22968477
Looks like that may have worked!  Lets leave it be for a couple of days and see.  Thanks for all of your help to this point.
0
 

Author Comment

by:GTKINC
ID: 22972011
Spoke to soon.  Its been added back to the black list again.  I'm at a loss.  Please help.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22972789
When you telnet to the server does it give a reason why its blocked?
0
 
LVL 8

Expert Comment

by:epohl
ID: 22972798
Did you get an email from AT&T that it would be removed from the list?
0
 

Author Comment

by:GTKINC
ID: 22979882
The tel net message was 550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html.

I never got a message from them that it was taken off the list however I did get a notice from MXTOOLBOX that it had been removed.  I've signed this server up for their free monitoring service.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22984303
After filling out that form from AT&T you should get an email from them that your server IP has been removed. Typically get this email within a day. If you telnet are you still getting the same error? If so and you have filled out the request you might consider emailing them to see if there is a problem with your request , the email address is at the bottom of the att page.
0
 

Author Comment

by:GTKINC
ID: 22986851
Again though I think I'm getting added to the list due to something else.  I think they are blocking because they use SPAM Cannibal.  Not necessarily because of something that's happening at their end.  Does that make sense?
0
 
LVL 8

Expert Comment

by:epohl
ID: 22987584
You should at least get a response from att about your request. Do you still show up on any of the blacklists?

http://www.mxtoolbox.com/blacklists.aspx
0
 

Author Comment

by:GTKINC
ID: 22995009
Its now listed with 3!
0
 

Expert Comment

by:netAdmin069
ID: 23205924
Run a DNS check for your domain at http://pingability.com/zoneinfo.jsp.
0
 

Author Comment

by:GTKINC
ID: 23265613
When I do this test I get a lot of what appear to be errors but I'm not at all sure on how to correct them.  Could these be my problems?

My domain name is dmxm.biz if it makes things easier.
0
 

Author Comment

by:GTKINC
ID: 23363860
Haven't gotten a resolution yet but points are for your efforts.  Thanks for your time.
0
 
LVL 8

Expert Comment

by:epohl
ID: 23366579
Looks like now you are using Trendmicro service, hopefully this has taken care of your problem. You might also want to look at your firewall and make sure no machine are sending out email via smtp. I have seen desktops with viruses send out email and cause the external ip it shares with the mail server to get blacklisted.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question