Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 878
  • Last Modified:

our email domain IP address was on a blacklist

Greetings:
our email domain IP address was on few blacklist.  I request them to remove it from their site.  there was one site which charge 50euro to remove it.  I had some difficulties in paying them due to some reasons.  But evetually that was also cleared over the weekend.
However, still some of the domains are still not reachable.  What could be cause.  If this is not updated.  It has been now 6 since this morning.  Do you think still it requires some update time.
0
elaw
Asked:
elaw
  • 20
  • 16
  • 2
  • +1
2 Solutions
 
SteveNetwork ManagerCommented:
Removing from blacklists can take time, it depends on how many blacklists you were on, and when they schedule their tests to ensure that you are no longer vunerable..

this can take between 1 hour -> 24hours normally..

check your domain out at the http://www.robtex.com/rbl/ site for detailed info on how is and isnt blocking you..
0
 
elawAuthor Commented:
Another thing how to make sure if any site could check all the black list sites.  I already check the robtex which you mention.  And it does not have any black list.  There is a possibility that there are some sites that are still blocking your IP address.  How to find a site which really covers every black list
0
 
SteveNetwork ManagerCommented:
well normally if robtex is coming up saying you are not blacklisted anywhere then you should be pretty good..  do a google search for 'RBL check' and make sure the other main sites also say you're clean..

you'll find that if you are clean according to the majority then within 24hours you should be good to go again..

0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
elawAuthor Commented:
Do you think it will if I restart the server.
0
 
Alan HardistyCommented:
You will find that you were on blacklists for a reason and just getting yourself de-listed will not keep you off the blacklists if the reason for blacklisting in the first place has not been resolved.
The reason for getting onto blacklists is usually down to a computer or computers being compromised with a virus that sends out mass emails.
Once you know your environment is clean, then you will automatically drop off the blacklists and should stay off.  You can pay to speed up the process for those sites that request payment, but I would not part with any money personally.
Check your status on http://www.mxtoolbox.com/blacklists.aspx and click on the links to those sites that are blacklisting you.  If you check the latest time you were reported as a spammer and if this time was recent, then you are still infected.  If the time was several days ago, then you have hopefully cleaned up your environment and will drop off within a few days.
 
0
 
elawAuthor Commented:
Well, this is true that we are cleaned.  What is happening that those sights which reported that we are blacklisted are ok.  I tried with mxtoolbox site.  All the sites on this site say we are ok.  But mxtool does not cover all the sites.  This is the problem.  I still found one or two sites which are not coming mxtoolbox, blacklisting.  So i did also ask them do delist.

So the question is how we could find that we are ok from all the blacklist sites and if the any site is rejecting our emails, how we could contact them to find out their reference site database.

Thanks for your reply.
0
 
Alan HardistyCommented:
I also use www.dnsstuff.com to check for blacklists but this site lists fewer sites than the MXToolbox site.
In terms of a comprehensive Blacklist check website - these are the only two that I know of and use.  I am not sure if you will find one that lists them all and how will you know if you have? - there are many different sites, no doubt popping up regularly and keeping them up to date won't be easy.
If you are clean now, then you have no reason to worry about the few sites that still list you - you will automatically drop off those sites anyway.
Assuming that most RBL check sites don't know about the few sites that are listing you, then it is unlikely that you will find anyone who you wish to email that will be checking against those particular sites anyway, so I would not worry unduly about those few sites.  The large, more familiar sites are the ones people tend to use and if you are clean on those, then wou should not have any mail-flow issues (for the majority of your mail).
 
0
 
elawAuthor Commented:
But the problem is still some of our important emails are not going.  This is the main concern.
0
 
Alan HardistyCommented:
Are you sending these important emails directly via DNS?
If you are, you can setup a new SMTP connector to send them out via a Smart Host (your ISP's mail server) and then they should get delivered.
http://support.microsoft.com/kb/265293
Check with your ISP the details for their Mail server and enter these details in as the Smart Host.  If they give you an IP Address make sure you enter the IP surrounded by square brackets [ ].
0
 
elawAuthor Commented:
Thanks for giving the solution.  I will check with my ISP tomorrow morning and will see if it works.
0
 
AngelGabrielCommented:
Alanhardisty - I think you are correct - sending emails via a smart host, rather than directly helps a lot with the delivery, because the chances are that that smart host sends millions of messages a day, so has a good reputation.

Do you have a static IP, or a dynamic IP for your internet connection - This will also affect your ability to send emails succesfully, or someone else may have used that IP. and also, make sure no clients are sending messages, that is maybe there is a compromised xp box on the same subnet, sending email directly out.
0
 
Alan HardistyCommented:
AngelGabriel - I'm not suggesting sending all mail via the SmartHost (if this is what you are thinking), although they can be - down to personal preference, but it is another link in the chain that can go wrong.
I prefer to send via DNS and then if they are still sitting on my server, then I can deal with them accordingly.  If you send them via a Smart Host, you lose control of them once they leave your server and then all manner of things can happen.
I have had experience of Smart Hosts sending duplicate copies of emails to the intended destinations and this caused all manner of fun for the companies involved.
0
 
elawAuthor Commented:
So alanhardisty, how we could make sure that smart host could be used only for th problematic email domains.  I mean how we would make sure that the emails are stopped, only use the smart host and the rest of the emails use normal way.  Could you please elaborate on this.
Or should i just follow the MS doc.  As I mentioned that I would check this in the morning.  But any further instructions or guidance will hgihly be appreciated.

Thanks you guys!!!!
0
 
Alan HardistyCommented:
You have your normal SMTP Connector (Exchange System Manager, Connectors).  This will be sending out via DNS.
Add another SMTP Connector - Call it the name of your ISP for ease of reference.
Add your server to the local bridgeheads section on the General tab.
Add the name of your smart host (having selected Forward all mail through this connector to the following smart hosts) e.g., mail.yourisp.com or [123.123.123.123] if they use an IP (not recommended as they may change IP addresses without telling you).
On the Address Space tab, add the domains you are having difficulty sending to in the format @domain.com - make sure you choose SMTP as the type of address space.
This way, all the problem domains will go out via this connector via your ISP and the rest will go via DNS.
Your mail should then flow happily.
0
 
elawAuthor Commented:
Thanks for this further explaination.  I will and let you know.
0
 
elawAuthor Commented:
how can we add the name of the smart host if we are using the DNS name
0
 
Alan HardistyCommented:
You need to create a separate SMTP Connector
http://technet.microsoft.com/en-us/library/aa996625(EXCHG.65).aspx
In the connector - add the name of the smart host e.g., mail.yourisp.com and the name of your Exchange server as the bridgehead server.
Then add the namespace for the connector (the domains you want to be sent via this connector in the format SMTP - @domain.com)
All mail for @domain.com will now be sent via this SMTP connector to you smart host - which means your ISP.
0
 
elawAuthor Commented:
Yes I m doing now but i have a question that should i use a smart host.
OR
Use DNS to route to each address space on this computer
or
forward all mail through this connector to the following smart host
0
 
elawAuthor Commented:
This idea works but still those domains still rejecting our emails
0
 
Alan HardistyCommented:
Are you off all the blacklists yet?
0
 
elawAuthor Commented:
Yes.  this is my understanding because i search many of them but we are not blocked.  but one thing that there is senderbase.org which is not blocking site but it has some kind of poor reputation.
Any idea...
0
 
Alan HardistyCommented:
Can you please post your domain name here - or if you prefer, email it to me directly (via my profile) so that I can check some things for you.
0
 
elawAuthor Commented:
i could not find your email address
0
 
Alan HardistyCommented:
0
 
elawAuthor Commented:
have you got the details
0
 
elawAuthor Commented:
Hii alan - did you find anything???
0
 
Alan HardistyCommented:
Nothing exciting to report.  All clear on the blacklists.  Domain report seems fine on the whole.
One Mail error:
ERROR: I could not complete a connection to one or more of your mailservers:
mailin1.pacific.net.au: The mailserver terminated the connection before the transaction was complete (state 6). This is not RFC compliant, and therefore either due to an error, or it may be the result of a non-RFC-compliant mailserver or non-RFC-compliant anti-spam program.<br />
Also, the FQDN name of your SMTP Virtual Server is not set as mail.yourdomain.com but it is set as yourserver.internalname.net.au.
This should be changed and may result in some of the problems that you are experiencing.
Change this on the default SMTP Virtual Server - under Exchange System Manager.
Expand Servers, Expand YourServer, Expand Protocols, Expand SMTP.  Right-click on the default SMTP virtual server and choose properties.
Click on the Delivery Tab, then the Advanced button.  Change the Fully-qualified domain name to mail.yourdomain.com.au
0
 
elawAuthor Commented:
mailin1.pacific.net.au is a secondry ISP server.
Well this FQDN is like this for few years.  It never had any issue like this.  This is just happened after this blacklisting.  It seems that the domains which are not accepting our emails, their database or cache is not cleared.

The NDR which our users are getting that the mail is being delivered to those domains but rejecting from them.  the error is something that the access is denied or you have no permission to send the email.

I tried to contact few companies who are rejecting, but some of them did not have idea what I was talking.  I also sent emails to them.  Let see.

This is really strange that all the Blacklisting companies clearing our domain.  I mentioned to you in my previous note that there is a site who are not blacklisting site but their site reporting SBRS poor reputation for our domain.  Any idea about this...
0
 
Alan HardistyCommented:
Which site is this that you have the poor reputation on?  I'll check and see if I can do anything useful for you.
Can you post some NDR messages from your users too please.
0
 
elawAuthor Commented:
senderbase.org - This is the site which says you have a bad reputation.

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <server.domain.net.au #5.5.0 smtp;550 #5.7.1 Your access to submit messages to this e-mail system has been rejected.>


0
 
Alan HardistyCommented:
You are now being shown as Neutral on the senderbase.org site, so mail flow should be back to normal.
Please try again to the email address that you got the above error from.
0
 
Alan HardistyCommented:
Extract from Senderbase.org:
Your IP address or domain is within acceptable parameters. However, your email traffic may still be filtered or blocked.
Typical senders in this category include low-volume senders, senders with asymmetrical or unique sending patterns, or senders who have had problems in the past who are transitioning to a Good reputation score.
Senders with Neutral reputation scores should have no problems delivering mail to most places on the Internet.
0
 
elawAuthor Commented:
Thanks for your help in this regard.  Mails are working now.
could I ask you that how we could make sure on the Exchange server that it accept email only from our internal IP addresses.
0
 
Alan HardistyCommented:
Not sure if what you are asking me is correct!
What are you trying to stop happening?  Please explain a little more.
0
 
elawAuthor Commented:
Well, i m asking how could we stop this happening in the future, what measures we should take.

Also in the exchange server, how could we define that email only be sent from the internal users.
0
 
Alan HardistyCommented:
Did you get an infected computer in your network and was this the cause of the blacklisting?
0
 
elawAuthor Commented:
Well not exactly, because i found different dates of reporting on different blacklist sites.  So i m not sure.  Another thing that i was asking the best practices to stop this kind of incidents to happen.  If you could assist in this since you are the real guru...
0
 
Alan HardistyCommented:
Best prevention is to block TCP port 25 on your firewall to all computers except your Mail Server.
As most spammers use their own SMTP engine in their viruses, then this will stop them from sending their spam, which will stop the spam hitting the hidden email accounts that the Blacklist sites use and thus you won't pop up on any blacklists.
  • Make sure you have Anti-Virus on all your machines and scan them regularly.
  • Ensure that your Mail Server scans for and removes viruses before the messages get to the users.
  • Use a tool such as MalwareBytes (www.malwarebytes.org) to regularly scan your computers for items that your Anti-Virus software can't / won't pick up.
  • Educate your users not to click on pop-up windows.
  • Educate your users to use the internet sensibly.
  • Prevent users from downloading fles from the internet.
  • Reduce the rights that users have so that they cannot install programs on their computers without the Administrator intervening.
  • Block Instant Messenger Programs
  • Block Skype - I had a customer who got a 'Your Computer is infected with a virus' message and it was sent via Skype!!!
Generally, prevention is better than cure.  If you can stop the infection, you can stop being blacklisted.
You can subscribe to websites that monitor your reputation and alert you if it changes, but this is not much help as once your reputation changes, you are blacklisted, so it can only give you a heads-up that you have problems to deal with a little quicker than your users complaining about not being able to send mail.
 
0
 
elawAuthor Commented:
Thanks for your suggestion.  You have been wonderful support
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 20
  • 16
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now