Barracuda reputation repeatedly blacklists our IP address, even though we use Google/Postini Outbound SMTP filtering

We manage a small network for a local real estate company.  The network has a Microsoft Small Business Server 2003 with Exchange 2003 email server.  We also use the Google/Postini message filtering/security service for both inbound and outbound.  Port 25 is locked down so that the Exchange server can only talk SMTP to the approved IP address list of the Postini servers.  All other best practices that I know of for Exchange server and email servers are enabled (recipient and sender filtering, SPF records, etc.).

The problem is that the IP address of the server keeps getting added to Barracuda Networks reputation list as "poor", resulting in bounced messages when the users try to email anyone at any company that uses the Barracuda SPAM firewalls.  Here is the sample bounceback:

Reporting-MTA: dns;
Received-From-MTA: dns;
Arrival-Date: Tue, 26 May 2009 13:31:55 -0500

Final-Recipient: rfc822;
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 Service unavailable; Client host [] blocked using Barracuda Reputation;
X-Display-Name: timt

The client host listed belongs to Postini, but the IP address referenced is the IP address of the acutal Exchange server.  I have requested support from Google/Postini and have not received a reply after several days.  Each time the IP address is blacklisted, I follow the link to request removal and Barracuda removes it...sometimes in 5 minutes, sometimes 5 hours.  I have not been able to get a response from Barracuda about what to do different to keep this from occurring every week, so I thought someone might have encountered a similar problem.
Who is Participating?
jasontomlinson1Connect With a Mentor Author Commented:
Server had been hacked and some sort of BOTnet program was using the administrator account to send a measured amount of SPAM each day.  Google/Postini did not filter it because it appeared to come from a qualified account.

Resolution: Disabled Exchange server and moved users to basic webmail provided by website host.  Will eventually reload SBS server and reinstate Exchange
shahsejalConnect With a Mentor Commented:
As mentioned in the link:, Barracuda also shows possible reasons behind putting that IP in Black-list.
Is there any relay connector set? If yes, what is the local and remote IP ranges added in the Network tab of the relay connector? Please check if any client machine can directly connect to the Internet on Port 25? If so than that access should be blocked.
jasontomlinson1Author Commented:

Thanks for the comments.  The local and remote relay are set to the local IP of the server and the IP range provided by Postini.  No other relay hosts are allowed.  Port 25 is blocked for all client computers.

One question I'm trying to figure out is why the rejection notice lists the Postini outbound host, but the IP address of the sending mail server?  I guess the original sending IP flows through the Postini service?

As additional information, I also signed up for the service as referenced by Barracuda.  However, the information on Barracuda's website is incorrect.  I successfully registered this mail server with EmailReg and Barracuda continues to add the IP to the blacklist about every 5 days.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.