Spamhaus Returning Advisory for new ip?

Just got some new servers over at rackspace setup Postfix on it to send out some mail and everything is being bounced because spamhaus has the pbl returning: 127.0.0.10

Ive looked on their site to figure out how to fix this and i cannot find anything. I already submitted the form to be removed from the list. Which looks like it was already updated but both ip's are still returning this error.

relay is auth only so theres issues with an open relay.

scratchin my head on this one.
remlabincAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

shauncroucherCommented:
It could be authenticated relay attack where a password has been comprimised. Change all passwords for accounts allowed authenticated relay.

Also , run a scan of public IP over at mxtoolbox.com --> blacklists.

It is important to identify the issue FIRST, then apply to be removed. Keep reapplying for removal  due to multiple relisting, and you will be permanently banned.

Shaun
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
remlabincAuthor Commented:
yea thats the thing... cant figure out what the issue is. mxtoolbox is where i got the 127.0.0.10 response from.

there are no auth users relay only on mynetworks.
0
shauncroucherCommented:
Are you using a static IP address? I take it that this is an IP from rackspace?

You say

"relay is auth only so theres issues with an open relay"

then

"there are no auth users relay only on mynetworks"

So, is authentication available to relay mail using your SMTP service? If so, change all user passwords for accounts permitted to relay with authentication.

Have you run diagnostics at mxtoolbox.com to make sure you are not an open relay?

If you have, then it might be that the IP was blacklisted when it was passed on to you, what do rackspace say about this?

Shaun
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

remlabincAuthor Commented:
yup RS ip... from the cloud..

its not open relay... only my network can send smtp out.. no authentication is there.

yes i ran the tools everything looks perfect... ill private message you the IP... RS says everything should be fine.
0
remlabincAuthor Commented:
guess i cant leave a PM... 174.143.129.171
0
shauncroucherCommented:
It seems the IP is in the PBL which is a list maintained with co-operation from the ISP's (such as rackspace in your example) where rackspace provide a list of IP's that may be dynamic or otherwise should not be sending mail outbound.

The reason why this is flagged in spamhaug, rackspace support will know the answer to that one!

You can do one of three things:

1) Apply for the IP to be removed and see what happens, see if spamhaus remove the IP, after all, you are a genuine customer using the server to send mail on that IP, so spamhaus should remove it.

2) Contact Rackspace and get them to resolve it, as they are the ones that have provided that IP (and it will be part of a range) to spamhaus as a list of IP's that should not send mail directly.

3) Use rackspace smarthost to send mail through and then you don't have to worry about your IP reputation at all.

Shaun
0
remlabincAuthor Commented:
spamhaus figured out the issue.. thanks for the replies though
0
shauncroucherCommented:
What was the issue?

shaun
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.