Barracuda reputation repeatedly blacklists our IP address, even though we use Google/Postini Outbound SMTP filtering

We manage a small network for a local real estate company.  The network has a Microsoft Small Business Server 2003 with Exchange 2003 email server.  We also use the Google/Postini message filtering/security service for both inbound and outbound.  Port 25 is locked down so that the Exchange server can only talk SMTP to the approved IP address list of the Postini servers.  All other best practices that I know of for Exchange server and email servers are enabled (recipient and sender filtering, SPF records, etc.).

The problem is that the IP address of the server keeps getting added to Barracuda Networks reputation list as "poor", resulting in bounced messages when the users try to email anyone at any company that uses the Barracuda SPAM firewalls.  Here is the sample bounceback:

Reporting-MTA: dns;jt-tn.com
Received-From-MTA: dns;psmtp.com
Arrival-Date: Tue, 26 May 2009 13:31:55 -0500

Final-Recipient: rfc822;thompsot@realtracs.com
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 Service unavailable; Client host [na3sys009aog101.obsmtp.com] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=74.247.83.218
X-Display-Name: timt

The client host listed belongs to Postini, but the IP address referenced is the IP address of the acutal Exchange server.  I have requested support from Google/Postini and have not received a reply after several days.  Each time the IP address is blacklisted, I follow the link to request removal and Barracuda removes it...sometimes in 5 minutes, sometimes 5 hours.  I have not been able to get a response from Barracuda about what to do different to keep this from occurring every week, so I thought someone might have encountered a similar problem.
jasontomlinson1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shahsejalCommented:
As mentioned in the link: http://www.barracudacentral.org/reputation?ip=74.247.83.218, Barracuda also shows possible reasons behind putting that IP in Black-list.
Is there any relay connector set? If yes, what is the local and remote IP ranges added in the Network tab of the relay connector? Please check if any client machine can directly connect to the Internet on Port 25? If so than that access should be blocked.
0
jasontomlinson1Author Commented:
Shahsejal,

Thanks for the comments.  The local and remote relay are set to the local IP of the server and the IP range provided by Postini.  No other relay hosts are allowed.  Port 25 is blocked for all client computers.

One question I'm trying to figure out is why the rejection notice lists the Postini outbound host, but the IP address of the sending mail server?  I guess the original sending IP flows through the Postini service?

As additional information, I also signed up for the EmailReg.org service as referenced by Barracuda.  However, the information on Barracuda's website is incorrect.  I successfully registered this mail server with EmailReg and Barracuda continues to add the IP to the blacklist about every 5 days.
0
jasontomlinson1Author Commented:
Server had been hacked and some sort of BOTnet program was using the administrator account to send a measured amount of SPAM each day.  Google/Postini did not filter it because it appeared to come from a qualified account.

Resolution: Disabled Exchange server and moved users to basic webmail provided by website host.  Will eventually reload SBS server and reinstate Exchange
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.