Blacklisted by uceprotectl3

A client has asked me to look at an email problem on a SBS 2008 network.

Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.

I checked for blacklisted and see that they have one listing from uceprotect showing as Level 3.

They have McAfee Viruscan Enterprise v8.5 for Antivirus and Antispyware on the server, so I am going to run a full scan. However, should I make any changes to the DNS settings on the server?

Also, what is the quickest way to get this entry removed - that doesn't involve improving the German economy?

Thanks,

Mike

mikeabc27Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jakethecatukCommented:
First off, to remove the entry - go here: - http://www.uceprotect.net/en/rblcheck.php

They will do a few checks and remove the entry provided they can.  If they can't, they will advise you what to do.

However, if  you showing as level 3 at uceprotect then it's your ISP's IP range that has the problem.

What listing was reported at uceprotect?
0
jakethecatukCommented:
Also, check http://www.mxtoolbox.com/SuperTool.aspx for your clients IP address
0
Alan HardistyCo-OwnerCommented:
I would hope that no-one blocks at UCEPROTECT Level 3 as this is essentially blocking by an ISP.
You may have other problems that my article may highlight (ignore the blacklist check):
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html 
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

mikeabc27Author Commented:
Hi Jake,
I did originally get the blacklist report from mxtoolbox. Using the supertool and entering blacklist:mydomain.co.uk gives me a completely different IP which is totally clean.
Anyway the mxrecord IP shows and tests as level 3 and I get the following report from our own fixed IP:
 Your ISP BT-UK-AS BTnet UK Regional network/AS2856 is UCEPROTECT-Level3 listed for hosting a total of 21254 abusers. See: Detail
Return codes were: 127.0.0.2

0
jakethecatukCommented:
Can you post the NDR that the users get that can't send - that might help solve the problem.
0
Alan HardistyCo-OwnerCommented:
Oh dear - BT!  My favourite!! : (
I have a customer that picked up a new IP address that was blacklisted on 3 different sites.  They are getting a clean one soon.
They may be allocating you a Statically Assigned Dynamic IP (an IP from a Pool of Dynamic IPs that you get all the time).
I would call BT (0845 600 7020) and ask for a clean IP address.
0
mikeabc27Author Commented:
Jake - NDR attached
Alan - will call BT

blacklist-ndr.docx
0
Alan HardistyCo-OwnerCommented:
What version of Outlook are the problem users using?  2007 by any chance?
Are the okay users also using 2007?
Have you installed all Windows Updates / Office Updates for the problem machines?
0
jakethecatukCommented:
This doesn't look good: -
Diagnostic information for administrators:
 
Generating server: OURSERVER.ourdomain.local
 
Tony@recipient.co.uk
server.other.co.uk #550 relay not permitted ##


That would indicate that the recipient and sender aren't on the server that you are communicating with.  I appreciate your desire for privacy but it makes it harder for us to troubleshoot with you.

Have you tried sending a manual SMTP message to the intended recipient?

Not sure it's an IP issue.  [quote]Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.[end quote] if it were and IP blacklist issue, nothing would get through.
0
Alan HardistyCo-OwnerCommented:
@jakethecatuk - I am not convinced that it is a Blacklisting issue - it sounds more Computer / Outlook related to me.
0
mikeabc27Author Commented:
Yes, Outlook 2007 on ALL. I'm getting one of the problem users to check Windows and Office all updated. He will then try a resend.
Sorry for confusion -
OURSERVER.ourdomain.local - self explanatory
Dave.ourdomain.co.uk - sender
 Tony@recipient.co.uk - address dave is sending to
server.other.co.uk - second receiving server for recipient.co.uk - their first one has a dose of what ours has.
 
0
jakethecatukCommented:
Not convinced it's an Outlook problem - 'server.other.co.uk #550 relay not permitted ##' is not an Outlook error message.

Mike - can I suggest you try a manual SMTP send using telnet to see what happens.  Let me know if you need the syntax.
0
Alan HardistyCo-OwnerCommented:
Reason for my Oulook suggestion:
http://www.pcreview.co.uk/forums/thread-3115437.php 
0
Alan HardistyCo-OwnerCommented:
0
jakethecatukCommented:
See where you're coming from Alan...but as the users are connected to an SBS, they should be communicating via Exchange for all their sending/receiving.

However, it's worth a check to make sure.
0
Alan HardistyCo-OwnerCommented:
Of course - the alternative is that the recipient is blocking particular users at your site and not others!
0
jakethecatukCommented:
[quote]Of course - the alternative is that the recipient is blocking particular users at your site and not others![end quote]

I was making an observation about Exchange and SBS based on the OP's original post - is sarchasm really necessary Alan?
0
Alan HardistyCo-OwnerCommented:
One sure-fire method to test is to use Telnet to the recipient server from a command prompt and test sending from your good users and your bad users:
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<gooduser@yourdomain.com>
rcpt to:<recipient@theirdomain.com>
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<baduser@yourdomain.com>
rcpt to:<recipient@theirdomain.com>
Await response and note
Quit
0
Alan HardistyCo-OwnerCommented:
Didn't see your post before posting mine and was not being sarcastic.  Just writing down a thought : )
0
jakethecatukCommented:
One thing to add to Alan's post - make sure you try the manual SMTP test (telnet) from the SBS server - not the users PC.
0
mikeabc27Author Commented:
Jake - I tried "telnet server.other.co.uk 25" and this tries but fails. I tried it from my own network and that connects.
0
Alan HardistyCo-OwnerCommented:
It shouldn't make any difference where you telnet from - but It won't hurt either.  NAT will make the IP appear to be the same at the recipient end.
0
jakethecatukCommented:
Firewall might block outbound SMTP Alan - hence my suggestion.

However, Mike is getting an error when trying to telnet out.

Mike - is your SBS server configured to use a smart host for e-mail?
0
Alan HardistyCo-OwnerCommented:
Just to confirm - you tried to telnet from your problem server network and no connection and then you tried from your own network and made a connection?
If so - they are specifically blocking your IP.
0
Alan HardistyCo-OwnerCommented:
Good point.
0
mikeabc27Author Commented:
If I telnet from server it works fine. So can't be IP.
I'll have a quick look at firewall and check to confirm they are sending out directly.
0
mikeabc27Author Commented:
Yes, mail is going out directly.
0
jakethecatukCommented:
OK - so what results did you get from the SBS server when you followed Alan's telnet commands?
0
Alan HardistyCo-OwnerCommented:
Can you complete the telnet tests as per my previous post please.
Do they all work, or just some?
0
mikeabc27Author Commented:
Sorry Alan, scrolled down too quickly and missed that post.
Just to clarify, I'm working on MY own network and connected remotely to the clients with the problem. I've 2 remote sessions open, one to a new problem computer and the other to their server.
Their server CAN telnet and I will continue with your tests and advise, however, the problem computer fails at the first line with a Connect failed msg.
Also, I am now told the one good PC has had an NDR with the same msg.
0
jakethecatukCommented:
[quote]Their server CAN telnet and I will continue with your tests and advise, however, the problem computer fails at the first line with a Connect failed msg.

Also, I am now told the one good PC has had an NDR with the same msg.[end quote]

That's good - it means the firewall is blocking all SMTP traffic that doesn't come from the SBS server.
0
Alan HardistyCo-OwnerCommented:
The telnet failing from the client is probably due to good security on the firewall as jakethecatuk pointed out.  Nothing to get worried about.
0
mikeabc27Author Commented:
OK testing from the server:
telnet mail.theirdomain.com 25
OK
ehlo mydomain.co.uk
250-mail.theirdomain.co.uk Hello host.my IP.in-addr.btopenworld.com (my IP)
250-size xxxxxx
250-pipelining
250-auth cram-mds
250-starttls
250-help
mail from:<gooduser@mydomain.co.uk>
500 unrecognised command
rct to:<recipient@theirdomain.com>
503 sender not yet given
0
jakethecatukCommented:
did you put a 'space' between 'from:' and '<gooduser@mydoamin.co.uk>'?
0
Alan HardistyCo-OwnerCommented:
Please also replace "gooduser" with an appropriate user that is not having trouble sending to the remote domain - just in case you are not.
0
mikeabc27Author Commented:
Have tried with and without the space and get the same 500 message
 
0
jakethecatukCommented:
try losing the < and > - I've seen thjat some servers don't like them.

so, mail from: billg@microsoft.com
0
mikeabc27Author Commented:
I'm just going to try the same tests on my server
 
0
Alan HardistyCo-OwnerCommented:
Try the following:
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<gooduser@yourdomain.com>
rcpt to:<recipient@theirdomain.com>
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<baduser@yourdomain.com>
rcpt to:<recipient@theirdomain.com>
Await response and note
Quit  
0
Alan HardistyCo-OwnerCommented:
You may need to enable Mutual TLS on your Send Connector.
Open up Exchange Management Console> Organization Configuration> Hub Transport> Send Connectors> Windows SBS Internet Send Connector Properties.
Click on the Network Tab and tick "Enable Domain Security (Mutual Auth TLS).
Restart your Microsoft Exchange Transport service and then try sending out mail to this domain again.
0
jakethecatukCommented:
Alan - is it a good idea to make those changes?  The OP only has problems sending to one organisation.  Making those changes could cause problems sending to other domains.
0
Alan HardistyCo-OwnerCommented:
The remote end has it enabled and this end presumably does not - so enabling it will allow TLS to be used when needed and not when it is not.
Worst case - turn it back off again if it causes problems with other domains.
0
mikeabc27Author Commented:
OK, if we can take it back a few posts, as I got stuck on another issue.
Tested using the STARTTLS, but this kept bombing out.
So tried without, and a bad user and got 250s all the way up to rcpt to: which returned a 550 relay not permitted,
0
jakethecatukCommented:
if you got 550 on rcpt to: then the server you are connected to seems to think that the mailbox used on rcpt to: is not hosted with them.

you might want to give the IT team a call a the remote company and have a chat with them.
0
Alan HardistyCo-OwnerCommented:
It does seem to be a problem at their end with them not liking you.
What Service Pack / Rollup is your Exchange 2007 on?  It might be a bug that has been fixed.
0
mikeabc27Author Commented:
Open up Exchange Management Console> Organization Configuration> Hub Transport> Send Connectors> Windows SBS Internet Send Connector Properties.
Send Connectors box is empty - no properties
0
Alan HardistyCo-OwnerCommented:
Do you have a send connector listed under the Send Connector Tab?
0
mikeabc27Author Commented:
Exchange Server v08.01.0240.006, 2007 without SPs.
Nothing listed under Send Connectors tab - get msg "Active Directory server.ourdomain.co.uk is not available. Error message: A local error occurred. It was running "get-sendconnector"
0
Alan HardistyCo-OwnerCommented:
Okay - not helpful.
Please can you run the Exchange Best Practices Analyzer from the Tools section of Exchange Management Console and see if that throws anything up as being wrong.  Something is.
0
mikeabc27Author Commented:
Alan - Here's the log the Analzyer regerated
test01.txt
0
Alan HardistyCo-OwnerCommented:
Thanks - did you migrate from SBS2003 by any chance?
Also - did you disable IPv6 on this SBS box?  If you did - you need to re-enable it.
0
mikeabc27Author Commented:
No, OEM installation of SBS 2008 Std to Fujitsu server.
There is only one NIC on this server and IPv6 box is ticked.
0
mikeabc27Author Commented:
Hi, finally sorted this with the help of the Microsoft Partner Forum - the debit side of this is waiting 5 hours for replies, but it always gets there in the end.
Anyway, the first problem was there was nothing in Send Connectors. This was corrected by creating a new Network Administrator account.,
Doing an Nslookup the two mail servers were mail.otherdomain.co.uk (cost - 15) and cowboy.their-it-company.com.(cost - 20).
For some reason all mail was being delivered to and being rejected by the cowboy  server. despite having a higher cost.
I did a manual SMTP from 3 different SBS domain and got a "550 relay not permitted" from everything going via cowboy, but each passed on their primary mail server.
So on Microsoft 's advice I set up a new Send Connector pointing all mail for this domain to mail.otherdomain.co.uk.
Thanks Jake and Neil, I'm splitting the points between you as you were heading in the right direction, but could you let me know why you think the emails were going to the reserve mail server, when the promary one is working?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Glen KnightCommented:
Final comment indicates the points were to be split.

If this is not the case then the authors final comment is a valuable solution that should be added to the PAQ rather than deleted.
0
mikeabc27Author Commented:
Happy to add it dematzer, but I was disappointed not to hear anything further.
0
Glen KnightCommented:
I just felt that your comment was actually the solution and rather than delete the question accept your own answer so that others can benefit from it in the future?
If your happy to do this then simply select the Accept as Solution next to your comment just above my last one.
0
mikeabc27Author Commented:
Thanks dematzer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.