Solved

our email domain IP address was on a blacklist

Posted on 2009-07-12
39
801 Views
Last Modified: 2012-05-07
Greetings:
our email domain IP address was on few blacklist.  I request them to remove it from their site.  there was one site which charge 50euro to remove it.  I had some difficulties in paying them due to some reasons.  But evetually that was also cleared over the weekend.
However, still some of the domains are still not reachable.  What could be cause.  If this is not updated.  It has been now 6 since this morning.  Do you think still it requires some update time.
0
Comment
Question by:elaw
  • 20
  • 16
  • 2
  • +1
39 Comments
 
LVL 12

Expert Comment

by:Steve
Comment Utility
Removing from blacklists can take time, it depends on how many blacklists you were on, and when they schedule their tests to ensure that you are no longer vunerable..

this can take between 1 hour -> 24hours normally..

check your domain out at the http://www.robtex.com/rbl/ site for detailed info on how is and isnt blocking you..
0
 

Author Comment

by:elaw
Comment Utility
Another thing how to make sure if any site could check all the black list sites.  I already check the robtex which you mention.  And it does not have any black list.  There is a possibility that there are some sites that are still blocking your IP address.  How to find a site which really covers every black list
0
 
LVL 12

Expert Comment

by:Steve
Comment Utility
well normally if robtex is coming up saying you are not blacklisted anywhere then you should be pretty good..  do a google search for 'RBL check' and make sure the other main sites also say you're clean..

you'll find that if you are clean according to the majority then within 24hours you should be good to go again..

0
 

Author Comment

by:elaw
Comment Utility
Do you think it will if I restart the server.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
You will find that you were on blacklists for a reason and just getting yourself de-listed will not keep you off the blacklists if the reason for blacklisting in the first place has not been resolved.
The reason for getting onto blacklists is usually down to a computer or computers being compromised with a virus that sends out mass emails.
Once you know your environment is clean, then you will automatically drop off the blacklists and should stay off.  You can pay to speed up the process for those sites that request payment, but I would not part with any money personally.
Check your status on http://www.mxtoolbox.com/blacklists.aspx and click on the links to those sites that are blacklisting you.  If you check the latest time you were reported as a spammer and if this time was recent, then you are still infected.  If the time was several days ago, then you have hopefully cleaned up your environment and will drop off within a few days.
 
0
 

Author Comment

by:elaw
Comment Utility
Well, this is true that we are cleaned.  What is happening that those sights which reported that we are blacklisted are ok.  I tried with mxtoolbox site.  All the sites on this site say we are ok.  But mxtool does not cover all the sites.  This is the problem.  I still found one or two sites which are not coming mxtoolbox, blacklisting.  So i did also ask them do delist.

So the question is how we could find that we are ok from all the blacklist sites and if the any site is rejecting our emails, how we could contact them to find out their reference site database.

Thanks for your reply.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I also use www.dnsstuff.com to check for blacklists but this site lists fewer sites than the MXToolbox site.
In terms of a comprehensive Blacklist check website - these are the only two that I know of and use.  I am not sure if you will find one that lists them all and how will you know if you have? - there are many different sites, no doubt popping up regularly and keeping them up to date won't be easy.
If you are clean now, then you have no reason to worry about the few sites that still list you - you will automatically drop off those sites anyway.
Assuming that most RBL check sites don't know about the few sites that are listing you, then it is unlikely that you will find anyone who you wish to email that will be checking against those particular sites anyway, so I would not worry unduly about those few sites.  The large, more familiar sites are the ones people tend to use and if you are clean on those, then wou should not have any mail-flow issues (for the majority of your mail).
 
0
 

Author Comment

by:elaw
Comment Utility
But the problem is still some of our important emails are not going.  This is the main concern.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Are you sending these important emails directly via DNS?
If you are, you can setup a new SMTP connector to send them out via a Smart Host (your ISP's mail server) and then they should get delivered.
http://support.microsoft.com/kb/265293
Check with your ISP the details for their Mail server and enter these details in as the Smart Host.  If they give you an IP Address make sure you enter the IP surrounded by square brackets [ ].
0
 

Author Comment

by:elaw
Comment Utility
Thanks for giving the solution.  I will check with my ISP tomorrow morning and will see if it works.
0
 
LVL 5

Expert Comment

by:AngelGabriel
Comment Utility
Alanhardisty - I think you are correct - sending emails via a smart host, rather than directly helps a lot with the delivery, because the chances are that that smart host sends millions of messages a day, so has a good reputation.

Do you have a static IP, or a dynamic IP for your internet connection - This will also affect your ability to send emails succesfully, or someone else may have used that IP. and also, make sure no clients are sending messages, that is maybe there is a compromised xp box on the same subnet, sending email directly out.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
AngelGabriel - I'm not suggesting sending all mail via the SmartHost (if this is what you are thinking), although they can be - down to personal preference, but it is another link in the chain that can go wrong.
I prefer to send via DNS and then if they are still sitting on my server, then I can deal with them accordingly.  If you send them via a Smart Host, you lose control of them once they leave your server and then all manner of things can happen.
I have had experience of Smart Hosts sending duplicate copies of emails to the intended destinations and this caused all manner of fun for the companies involved.
0
 

Author Comment

by:elaw
Comment Utility
So alanhardisty, how we could make sure that smart host could be used only for th problematic email domains.  I mean how we would make sure that the emails are stopped, only use the smart host and the rest of the emails use normal way.  Could you please elaborate on this.
Or should i just follow the MS doc.  As I mentioned that I would check this in the morning.  But any further instructions or guidance will hgihly be appreciated.

Thanks you guys!!!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You have your normal SMTP Connector (Exchange System Manager, Connectors).  This will be sending out via DNS.
Add another SMTP Connector - Call it the name of your ISP for ease of reference.
Add your server to the local bridgeheads section on the General tab.
Add the name of your smart host (having selected Forward all mail through this connector to the following smart hosts) e.g., mail.yourisp.com or [123.123.123.123] if they use an IP (not recommended as they may change IP addresses without telling you).
On the Address Space tab, add the domains you are having difficulty sending to in the format @domain.com - make sure you choose SMTP as the type of address space.
This way, all the problem domains will go out via this connector via your ISP and the rest will go via DNS.
Your mail should then flow happily.
0
 

Author Comment

by:elaw
Comment Utility
Thanks for this further explaination.  I will and let you know.
0
 

Author Comment

by:elaw
Comment Utility
how can we add the name of the smart host if we are using the DNS name
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You need to create a separate SMTP Connector
http://technet.microsoft.com/en-us/library/aa996625(EXCHG.65).aspx
In the connector - add the name of the smart host e.g., mail.yourisp.com and the name of your Exchange server as the bridgehead server.
Then add the namespace for the connector (the domains you want to be sent via this connector in the format SMTP - @domain.com)
All mail for @domain.com will now be sent via this SMTP connector to you smart host - which means your ISP.
0
 

Author Comment

by:elaw
Comment Utility
Yes I m doing now but i have a question that should i use a smart host.
OR
Use DNS to route to each address space on this computer
or
forward all mail through this connector to the following smart host
0
 

Author Comment

by:elaw
Comment Utility
This idea works but still those domains still rejecting our emails
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Are you off all the blacklists yet?
0
 

Author Comment

by:elaw
Comment Utility
Yes.  this is my understanding because i search many of them but we are not blocked.  but one thing that there is senderbase.org which is not blocking site but it has some kind of poor reputation.
Any idea...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Can you please post your domain name here - or if you prefer, email it to me directly (via my profile) so that I can check some things for you.
0
 

Author Comment

by:elaw
Comment Utility
i could not find your email address
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
0
 

Author Comment

by:elaw
Comment Utility
have you got the details
0
 

Author Comment

by:elaw
Comment Utility
Hii alan - did you find anything???
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Nothing exciting to report.  All clear on the blacklists.  Domain report seems fine on the whole.
One Mail error:
ERROR: I could not complete a connection to one or more of your mailservers:
mailin1.pacific.net.au: The mailserver terminated the connection before the transaction was complete (state 6). This is not RFC compliant, and therefore either due to an error, or it may be the result of a non-RFC-compliant mailserver or non-RFC-compliant anti-spam program.<br />
Also, the FQDN name of your SMTP Virtual Server is not set as mail.yourdomain.com but it is set as yourserver.internalname.net.au.
This should be changed and may result in some of the problems that you are experiencing.
Change this on the default SMTP Virtual Server - under Exchange System Manager.
Expand Servers, Expand YourServer, Expand Protocols, Expand SMTP.  Right-click on the default SMTP virtual server and choose properties.
Click on the Delivery Tab, then the Advanced button.  Change the Fully-qualified domain name to mail.yourdomain.com.au
0
 

Author Comment

by:elaw
Comment Utility
mailin1.pacific.net.au is a secondry ISP server.
Well this FQDN is like this for few years.  It never had any issue like this.  This is just happened after this blacklisting.  It seems that the domains which are not accepting our emails, their database or cache is not cleared.

The NDR which our users are getting that the mail is being delivered to those domains but rejecting from them.  the error is something that the access is denied or you have no permission to send the email.

I tried to contact few companies who are rejecting, but some of them did not have idea what I was talking.  I also sent emails to them.  Let see.

This is really strange that all the Blacklisting companies clearing our domain.  I mentioned to you in my previous note that there is a site who are not blacklisting site but their site reporting SBRS poor reputation for our domain.  Any idea about this...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Which site is this that you have the poor reputation on?  I'll check and see if I can do anything useful for you.
Can you post some NDR messages from your users too please.
0
 

Author Comment

by:elaw
Comment Utility
senderbase.org - This is the site which says you have a bad reputation.

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <server.domain.net.au #5.5.0 smtp;550 #5.7.1 Your access to submit messages to this e-mail system has been rejected.>


0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You are now being shown as Neutral on the senderbase.org site, so mail flow should be back to normal.
Please try again to the email address that you got the above error from.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
Comment Utility
Extract from Senderbase.org:
Your IP address or domain is within acceptable parameters. However, your email traffic may still be filtered or blocked.
Typical senders in this category include low-volume senders, senders with asymmetrical or unique sending patterns, or senders who have had problems in the past who are transitioning to a Good reputation score.
Senders with Neutral reputation scores should have no problems delivering mail to most places on the Internet.
0
 

Author Comment

by:elaw
Comment Utility
Thanks for your help in this regard.  Mails are working now.
could I ask you that how we could make sure on the Exchange server that it accept email only from our internal IP addresses.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Not sure if what you are asking me is correct!
What are you trying to stop happening?  Please explain a little more.
0
 

Author Comment

by:elaw
Comment Utility
Well, i m asking how could we stop this happening in the future, what measures we should take.

Also in the exchange server, how could we define that email only be sent from the internal users.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Did you get an infected computer in your network and was this the cause of the blacklisting?
0
 

Author Comment

by:elaw
Comment Utility
Well not exactly, because i found different dates of reporting on different blacklist sites.  So i m not sure.  Another thing that i was asking the best practices to stop this kind of incidents to happen.  If you could assist in this since you are the real guru...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Best prevention is to block TCP port 25 on your firewall to all computers except your Mail Server.
As most spammers use their own SMTP engine in their viruses, then this will stop them from sending their spam, which will stop the spam hitting the hidden email accounts that the Blacklist sites use and thus you won't pop up on any blacklists.
  • Make sure you have Anti-Virus on all your machines and scan them regularly.
  • Ensure that your Mail Server scans for and removes viruses before the messages get to the users.
  • Use a tool such as MalwareBytes (www.malwarebytes.org) to regularly scan your computers for items that your Anti-Virus software can't / won't pick up.
  • Educate your users not to click on pop-up windows.
  • Educate your users to use the internet sensibly.
  • Prevent users from downloading fles from the internet.
  • Reduce the rights that users have so that they cannot install programs on their computers without the Administrator intervening.
  • Block Instant Messenger Programs
  • Block Skype - I had a customer who got a 'Your Computer is infected with a virus' message and it was sent via Skype!!!
Generally, prevention is better than cure.  If you can stop the infection, you can stop being blacklisted.
You can subscribe to websites that monitor your reputation and alert you if it changes, but this is not much help as once your reputation changes, you are blacklisted, so it can only give you a heads-up that you have problems to deal with a little quicker than your users complaining about not being able to send mail.
 
0
 

Author Comment

by:elaw
Comment Utility
Thanks for your suggestion.  You have been wonderful support
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now