How to Check on why my domain was Balckisted by CBL

Posted on 2009-02-10
Last Modified: 2012-05-06

Recently we have had situartion where the staff could not send Emails to External Users.

I check the Error messages and found out that we were Blacklisted.

I removed it and all was good but the same thing happend and again it was blocked by CBL.

I tried to get in contact with CBL but they do not have any of there contacts listed.

Will any of you out there have any  information on how to get in contact with CBL.

Things I have checked.
Scan Mail and IMSS are working fine and have not reported any spams.
All Emails going out are sent to my IMSS server which relays it to External Sites.
I have checked and done a Scan for Virus and Malware on my Network and everything came clean.

The Changes to my Network are:
1. I have put in a WEB Server but it is in its own DMZ
2. I have Installed Exchange2007 CAS and MB Server
3. I have enabled Outlook anywhere on my CAS Server

I am trying to get this sorted out so that my Domain does not get blacklisted again.

Question by:aij170278
    LVL 4

    Expert Comment

    If your office is setup to use network address translation, and you're all sharing the same public IP address, the e-mail may not be going out of your e-mail server that is getting your IP address blacklisted. I recommend this blog article:
    LVL 33

    Expert Comment

    by:Dave Howe
    CBL is a composite list - the block response should tell you which source list provided the block though. Try telnetting from your mail server to an affected mail server, manually entering "helo" (enter) then "MAIL FROM: <your email address>" (enter) and if that works, then "RCPT TO: <their email address>" (enter) - without the quotes.

    should get a 4xx or 5xx response at some point saying which block list is denying you access.
    LVL 33

    Expert Comment

    by:Dave Howe
    oh - or there is a cgi tool here:

    I sometimes forget those :)

    Author Comment

    Hi ,

    I managed to get in contact with the CBL Team via Email. below is the responce from them:

    The IP was detected most recently at:

    2009:02:11 ~08:00 UTC+/- 15 minutes (approximately 6 hours ago)

    sending email in such a way as to strongly indicate that the IP itself was operating an open http or socks proxy, or a trojan spam package.

    You will need to examine the machine for a spam trojan or open proxy. Up-to-date anti-virus tools are essential.

    If the IP is a NAT firewall, we strongly recommend configuring the firewall to prevent machines on your network connecting to the Internet on port 25, except for machines that are supposed to be mail servers.

    Useful links: (see "Securing your System" and "proxies")

    For more information on securing NAT firewalls/gateways, please see

    Note: appeared to be suspicious because it was using the following name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:

    This MAY have been spamware, or it would be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not some random home PC in a generic end-user pool that's probably infected.

    By causing your mail server to claim to be, for example,


    Chances are you won't be relisted.

    If you're running Qmail, please see:

    This entry has already been delisted from the CBL. Unless otherwise stated, the CBL will relist this IP if the underlying issues are not resolved, and the CBL detects the same thing again.

    the part CBL are saying following name
    to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
    should not be the case becuase is out Telecom Router which connects us to the Internet. Our SMTP HELO/EHLO should be

    How do I go about checking my Exchange2007 Server to see what the SMTP HELO/EHLO settings are?
    LVL 4

    Expert Comment

    Looks like they gave you the same advice as me.

    Author Comment


    Have checked my Exchange Servers, WEB servers and Firewall rules.

    One I came to know is the the ISP who host our Public IP address did not have any PTR Record pointing the IP to us.

    One Thing I have come across Logs in my Firewall is:
    There is SMTP communication coming from IP adress(which are already blocked on SPAMHAUS) and the detination is

    Can anyone advice on this I have attached the file

    LVL 4

    Expert Comment

    Sorry, I don't have word. The images don't show in wordpad. If you read the article I referred you to, it indicates that you will want to set up firewall rules on your network firewall to only allow outgoing e-mail connections from your e-mail server and log everything else. You should be able to tell which IP address on your local network is trying to violate this rule as the traffic will be logged. You also need to be wary of wireless routers on your network.
    LVL 33

    Accepted Solution

    To be honest - provided your isp provides a smarthost, I would just use that as outbound sending target and let them worry about the rest.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Read about achieving the basic levels of HRIS security in the workplace.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now