Solved

Why has my server been added to a black list for "policy violation, unacceptable generic PTR record".

Posted on 2008-10-30
19
3,039 Views
Last Modified: 2013-12-09
I have an SBS 2K3 Premium server.  It works great with no issues other than this black list problem.  About two weeks ago I started getting delay notices from the server saying that some messages hadn't gone through.  After checking my server black list status I realized it had been added to one list @ http://www.spamcannibal.org.  Funny thing is though it says its listed due to invalid PTR record..

My static IP address is 67.141.224.179.  I've contacted Windstream to try and update our PTR record but I'm not sure I'm doing it correctly.  Please note that our incoming email goes through Trend Micro's Hosted SPAM service before arriving at our server.  I only have issues sending to certain addresses.  Right now its Bellsouth addresses.  My actual mail domain is mail.dmxm.biz.

I've also tweaked the IMF on my server to make sure we weren't sending out Spoofed NDR's.

Thanks in advance.
0
Comment
Question by:GTKINC
  • 10
  • 8
19 Comments
 
LVL 8

Expert Comment

by:epohl
ID: 22844804
A couple of different things. Yes your ISP should be able to setup a PTR record for your server. If not the other option is to also relay your outgoing email through Trend or some other service. Bellsouth (AT&T) has gotten very aggressive with their block list. Fill out the form on the site below and they typically remove your IP from the list with 24 hours. Just don't be surprised if its back on the list in a few months.

http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22857964
I filled out the form.  I don't think my problem was due to NDR so I don't know if they will process it as the form looked like that was what it was centered around.  Lets hope that fixes it.  Thanks so far...
0
 
LVL 8

Expert Comment

by:epohl
ID: 22861239
FRom your email server telent to port 25 on one of bellsouths email server and if will give you an error message like 550 etc..., post that message along with you server ip on that page and it will get you unblocked. I have done it at least 10 times for differnet servers I manage.
0
 

Author Comment

by:GTKINC
ID: 22906581
I'll need instructions on how to do this.  Not sure about they syntax I need to use in order to get all of the information that you need.
0
 
LVL 8

Accepted Solution

by:
epohl earned 500 total points
ID: 22939509
Go to the site below and do an mxlookup for bellouth.net, recored the IP of the first server. (this is the ip you enter on the AT&T form above)
http://www.mxtoolbox.com/index.aspx

OK now from your exhcnage server telnet to port 25 of the ip recorded above (instructions on link below) and you should get an error message. This is what you put into the AT&T form for revelant lines, this error should also include the ip of your server.
http://support.microsoft.com/kb/153119

For changes on AT&T form i typically enter other and type in new email server.


0
 

Author Comment

by:GTKINC
ID: 22961386
Ok.  I submitted another instance with the below information.  Hopefully that will help me.  Strange thing is though I'm still listed with SPAM cannibal and can't figure out how to get off of that list.

550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html
0
 

Author Comment

by:GTKINC
ID: 22968477
Looks like that may have worked!  Lets leave it be for a couple of days and see.  Thanks for all of your help to this point.
0
 

Author Comment

by:GTKINC
ID: 22972011
Spoke to soon.  Its been added back to the black list again.  I'm at a loss.  Please help.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22972789
When you telnet to the server does it give a reason why its blocked?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 8

Expert Comment

by:epohl
ID: 22972798
Did you get an email from AT&T that it would be removed from the list?
0
 

Author Comment

by:GTKINC
ID: 22979882
The tel net message was 550-67.141.224.69 blocked by ldap:ou=rblmx,dc=att,dc=net Heres the form that you need to fill: http://worldnet.att.net/general-info/block_admin.html.

I never got a message from them that it was taken off the list however I did get a notice from MXTOOLBOX that it had been removed.  I've signed this server up for their free monitoring service.
0
 
LVL 8

Expert Comment

by:epohl
ID: 22984303
After filling out that form from AT&T you should get an email from them that your server IP has been removed. Typically get this email within a day. If you telnet are you still getting the same error? If so and you have filled out the request you might consider emailing them to see if there is a problem with your request , the email address is at the bottom of the att page.
0
 

Author Comment

by:GTKINC
ID: 22986851
Again though I think I'm getting added to the list due to something else.  I think they are blocking because they use SPAM Cannibal.  Not necessarily because of something that's happening at their end.  Does that make sense?
0
 
LVL 8

Expert Comment

by:epohl
ID: 22987584
You should at least get a response from att about your request. Do you still show up on any of the blacklists?

http://www.mxtoolbox.com/blacklists.aspx
0
 

Author Comment

by:GTKINC
ID: 22995009
Its now listed with 3!
0
 

Expert Comment

by:netAdmin069
ID: 23205924
Run a DNS check for your domain at http://pingability.com/zoneinfo.jsp.
0
 

Author Comment

by:GTKINC
ID: 23265613
When I do this test I get a lot of what appear to be errors but I'm not at all sure on how to correct them.  Could these be my problems?

My domain name is dmxm.biz if it makes things easier.
0
 

Author Comment

by:GTKINC
ID: 23363860
Haven't gotten a resolution yet but points are for your efforts.  Thanks for your time.
0
 
LVL 8

Expert Comment

by:epohl
ID: 23366579
Looks like now you are using Trendmicro service, hopefully this has taken care of your problem. You might also want to look at your firewall and make sure no machine are sending out email via smtp. I have seen desktops with viruses send out email and cause the external ip it shares with the mail server to get blacklisted.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now