Solved

E-Mail System Was Unable to Deliver Message

Posted on 2010-08-16
8
791 Views
Last Modified: 2012-05-10
First off thank you for taking the time out to assist me w/ this issue....

One of my clients is unable to sent message to one of his clients. The client can send messages to him but not the other way around. From anywhere else it works fine, but not form the office network.

MS Server 2003 sbs sp2
Exchange Version: 6.5.7638.1
ISP: Cable Business Class
Watch Guard Firebox (hardware firewall)

The error message he gets back is: "<mta3.srv.hcvlny.xx.net (tcp-daemon) #5.0.0 smtp; 554 service unavailable; Client host [mta3.srv.hcvlny.xx.net] blocked using barracuda reputation;
http://bbl.barracudacentral.com/q.cgi?ip=96.56.61.226

The link takes me to:

Sorry, your email was blocked

We are sorry you have reached this page because an email was blocked based on its originating IP address having a "poor" reputation. The "poor" reputation may have been caused by one of the following reasons:

    * Your email server contains a virus and has been sending out spam.
    * Your email server may be misconfigured.
    * Your PC may be infected with a virus or botnet software program.
    * Someone in your organization may have a PC infected with a virus or botnet program.
    * You may be utilizing a dynamic IP address which was previously utilized by a known spammer.
    * Your marketing department may be sending out bulk emails that do not comply with the CAN-SPAM Act.
    * You may have an insecure wireless network which is allowing unknown users to use your network to send spam.
    * In some rare cases, your recipient's Barracuda Spam Firewall may be misconfigured.

Barracuda Networks is not attempting to block your individual emails in particular. The reputation system uses automated algorithms for determining its results -- very similar to the anti-fraud mechanisms used for credit cards.

Does this mean that my clients server has spam/virus. (un likely since we run Vipre Enterprise and i check logs and quarantine often)
Or does this mean that the person my client is sending the email to is infected? If so, why would emails coming from him get through??

Thank you for you expertise...
0
Comment
Question by:loshdog
  • 2
  • 2
  • 2
  • +2
8 Comments
 

Accepted Solution

by:
buckobilly earned 100 total points
ID: 33446444
I had some blocked similar to that last week.  We use DoubleCheck for our spam filter.  They said that baracuda was having a lot of issues lately.  One of the options they gave me was to turn off reverse dns check on my spam filter.  That did the trick.  It could also mean that the company you are trying to email may need to turn it off as well.  

If you do a google search on MX toolbox, they have a lot of tools you can use to test your dns and other mail related items.

You will need to know your "@companyname.com" to use the tools.

Hope this helps!
0
 
LVL 20

Assisted Solution

by:woolnoir
woolnoir earned 200 total points
ID: 33446450
In general a lot of the cable internet IP ranges are blocked due to specially that, they are cable and a higher than normal percentage of cable users have exploited machines which have been exploited. The best way to check is to make a request for a removal, or a request for more information - you should be able to get the exact reason for the reputation from barracuda - there is a webform to get more info.

Alternatively, you could set up a smartrelay (smarthost) setting within exchange to route all outgoing emails via your ISP's mail server - that should have a better reputation and shouldnt get blocked...this is how companies traditionally do things - incoming email wont be effected by this change.
0
 

Author Comment

by:loshdog
ID: 33446614
I will try both solutions and report back. Thank you for your time and attention to this matter.

~Milosz
0
 
LVL 20

Assisted Solution

by:woolnoir
woolnoir earned 200 total points
ID: 33446907
As a general update Barracuda isnt the only spam blocker out there, it would be wise to check all aspecs of the domain, reverse DNS, the IP address its using etc etc. if you run your own smtp server you need to put a lot of time and effort into it.. thats why generally people forward the outgoing path onto another host i.e ISP mail server.

People like messagelabs.com make a business out of relaying incoming and outgoing mail for businesses.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 5

Assisted Solution

by:sharedit
sharedit earned 100 total points
ID: 33459190
This doesn't necessarily mean you have a virus/bot...

as buck mentioned go here, and put you servers IP in (or mail.domain.com, whatever will resolve to your IP).
http://www.mxtoolbox.com/diagnostic.aspx

Any of the alerts should be worked through to really improve email service, and decrease the likely-hood you will be blacklisted.  Also check the blacklists and go through each one to request that you are delisted.

do you use exchange?
depending on the alerts you see, you will need to ask, or google how to solve each problem, all of them will be simple fixes.  Most changes are made on your exchange(im assuming exchange) server.  reverse DNS will require that you call your ISP and have them set your reverse DNS on your IP to whatever you sned as your SMTP header, mail.domain.com is common.

If you have a configurable firewall,  It would also be advisable to limit smtp traffic to be sent from only your mail server.  It is completely possible an infected PC could send out its own email, which would trigger a blacklist from your IP, even though the mail was not sent from your mail server.

shared it

0
 
LVL 5

Assisted Solution

by:adaroc
adaroc earned 100 total points
ID: 33460126
hi there,

1 this is usually because your client is delivering via DNS and not via his ISP's smarthost.

2 If you must deliver via dns, then ensure you have reverse DNS set for the mail servers public IP address and even spf record . This will give it a better reputation.

please post back results


0
 

Author Closing Comment

by:loshdog
ID: 33460864
Thank you all for your time and input on this issue.

I did contact Barracuda and they replied very quickly to my issue. See below:
=======================================
Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us.

We apologize for any inconvenience that this may have caused you. Since this is is your first request for this IP, the reputation of this IP address will be temporarily upgraded from "poor" for 48 hours *or* until we complete our investigation. When our investigation is complete, you will receive a decision via email. It may take up to 1 hour for the changes in the Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls in the world.

There are a number of reasons your IP address may have been listed as "poor", including:

1. The email server at this IP address contains a virus and has been sending out spam
2. The email server at this IP address may be configured incorrectly
3. The PC at this IP address may be infected with a virus or botnet software program
4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program
5. This IP address may be a dynamic IP address which was previously utilized by a known spammer
6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act
7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email
8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured

If you do not think any of the above apply, please also contact the person who manages this IP address, as they may be better able to investigate this issue.
=========================================

Then I got this email  2 mins later

=========================================
Thank you for contacting Barracuda Networks IP address: 96.xx.6x.xx6

The Barracuda Spam Firewall has rules that apply to email sent from an IP address known to Barracuda Central with a "poor" rating. The Barracuda Spam Firewall has an option to decline email from these IPs. This is an option that the Administrator of the Barracuda Spam Firewall may enable. If the Administrator chooses to enable this option it may block email from your IP address.

This IP has been seen by Barracuda Central to transmit spam email in the past 30 days.

We have removed your "poor" rating. The IP will be automatically rechecked several times each day and may be adjusted again if issues are observed.

Please allow between 12 and 24 hours for changes to propagate around the world to all Barracuda Spam Firewalls -- at which time you will be able to send email from the IP address. This is the last email you should receive about this issue.

Thank you for your time and understanding.
==========================================

If this does not do the trick, I will attempt the several other possible solutions here and post my results.

Thank you again.

~Milosz,
0
 
LVL 5

Expert Comment

by:sharedit
ID: 33464340
i would still run the diagnostics from MXtoolbox.com or dnstrouble.com.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
Resolve DNS query failed errors for Exchange
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now