jasontomlinson1
asked on
Barracuda reputation repeatedly blacklists our IP address, even though we use Google/Postini Outbound SMTP filtering
We manage a small network for a local real estate company. The network has a Microsoft Small Business Server 2003 with Exchange 2003 email server. We also use the Google/Postini message filtering/security service for both inbound and outbound. Port 25 is locked down so that the Exchange server can only talk SMTP to the approved IP address list of the Postini servers. All other best practices that I know of for Exchange server and email servers are enabled (recipient and sender filtering, SPF records, etc.).
The problem is that the IP address of the server keeps getting added to Barracuda Networks reputation list as "poor", resulting in bounced messages when the users try to email anyone at any company that uses the Barracuda SPAM firewalls. Here is the sample bounceback:
Reporting-MTA: dns;jt-tn.com
Received-From-MTA: dns;psmtp.com
Arrival-Date: Tue, 26 May 2009 13:31:55 -0500
Final-Recipient: rfc822;thompsot@realtracs.
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 Service unavailable; Client host [na3sys009aog101.obsmtp.co
X-Display-Name: timt
The client host listed belongs to Postini, but the IP address referenced is the IP address of the acutal Exchange server. I have requested support from Google/Postini and have not received a reply after several days. Each time the IP address is blacklisted, I follow the link to request removal and Barracuda removes it...sometimes in 5 minutes, sometimes 5 hours. I have not been able to get a response from Barracuda about what to do different to keep this from occurring every week, so I thought someone might have encountered a similar problem.
The problem is that the IP address of the server keeps getting added to Barracuda Networks reputation list as "poor", resulting in bounced messages when the users try to email anyone at any company that uses the Barracuda SPAM firewalls. Here is the sample bounceback:
Reporting-MTA: dns;jt-tn.com
Received-From-MTA: dns;psmtp.com
Arrival-Date: Tue, 26 May 2009 13:31:55 -0500
Final-Recipient: rfc822;thompsot@realtracs.
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 Service unavailable; Client host [na3sys009aog101.obsmtp.co
X-Display-Name: timt
The client host listed belongs to Postini, but the IP address referenced is the IP address of the acutal Exchange server. I have requested support from Google/Postini and have not received a reply after several days. Each time the IP address is blacklisted, I follow the link to request removal and Barracuda removes it...sometimes in 5 minutes, sometimes 5 hours. I have not been able to get a response from Barracuda about what to do different to keep this from occurring every week, so I thought someone might have encountered a similar problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the comments. The local and remote relay are set to the local IP of the server and the IP range provided by Postini. No other relay hosts are allowed. Port 25 is blocked for all client computers.
One question I'm trying to figure out is why the rejection notice lists the Postini outbound host, but the IP address of the sending mail server? I guess the original sending IP flows through the Postini service?
As additional information, I also signed up for the EmailReg.org service as referenced by Barracuda. However, the information on Barracuda's website is incorrect. I successfully registered this mail server with EmailReg and Barracuda continues to add the IP to the blacklist about every 5 days.