E-Mail System Was Unable to Deliver Message

First off thank you for taking the time out to assist me w/ this issue....

One of my clients is unable to sent message to one of his clients. The client can send messages to him but not the other way around. From anywhere else it works fine, but not form the office network.

MS Server 2003 sbs sp2
Exchange Version: 6.5.7638.1
ISP: Cable Business Class
Watch Guard Firebox (hardware firewall)

The error message he gets back is: "<mta3.srv.hcvlny.xx.net (tcp-daemon) #5.0.0 smtp; 554 service unavailable; Client host [mta3.srv.hcvlny.xx.net] blocked using barracuda reputation;

The link takes me to:

Sorry, your email was blocked

We are sorry you have reached this page because an email was blocked based on its originating IP address having a "poor" reputation. The "poor" reputation may have been caused by one of the following reasons:

    * Your email server contains a virus and has been sending out spam.
    * Your email server may be misconfigured.
    * Your PC may be infected with a virus or botnet software program.
    * Someone in your organization may have a PC infected with a virus or botnet program.
    * You may be utilizing a dynamic IP address which was previously utilized by a known spammer.
    * Your marketing department may be sending out bulk emails that do not comply with the CAN-SPAM Act.
    * You may have an insecure wireless network which is allowing unknown users to use your network to send spam.
    * In some rare cases, your recipient's Barracuda Spam Firewall may be misconfigured.

Barracuda Networks is not attempting to block your individual emails in particular. The reputation system uses automated algorithms for determining its results -- very similar to the anti-fraud mechanisms used for credit cards.

Does this mean that my clients server has spam/virus. (un likely since we run Vipre Enterprise and i check logs and quarantine often)
Or does this mean that the person my client is sending the email to is infected? If so, why would emails coming from him get through??

Thank you for you expertise...
Who is Participating?
buckobillyConnect With a Mentor Commented:
I had some blocked similar to that last week.  We use DoubleCheck for our spam filter.  They said that baracuda was having a lot of issues lately.  One of the options they gave me was to turn off reverse dns check on my spam filter.  That did the trick.  It could also mean that the company you are trying to email may need to turn it off as well.  

If you do a google search on MX toolbox, they have a lot of tools you can use to test your dns and other mail related items.

You will need to know your "@companyname.com" to use the tools.

Hope this helps!
woolnoirConnect With a Mentor Commented:
In general a lot of the cable internet IP ranges are blocked due to specially that, they are cable and a higher than normal percentage of cable users have exploited machines which have been exploited. The best way to check is to make a request for a removal, or a request for more information - you should be able to get the exact reason for the reputation from barracuda - there is a webform to get more info.

Alternatively, you could set up a smartrelay (smarthost) setting within exchange to route all outgoing emails via your ISP's mail server - that should have a better reputation and shouldnt get blocked...this is how companies traditionally do things - incoming email wont be effected by this change.
loshdogAuthor Commented:
I will try both solutions and report back. Thank you for your time and attention to this matter.

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

woolnoirConnect With a Mentor Commented:
As a general update Barracuda isnt the only spam blocker out there, it would be wise to check all aspecs of the domain, reverse DNS, the IP address its using etc etc. if you run your own smtp server you need to put a lot of time and effort into it.. thats why generally people forward the outgoing path onto another host i.e ISP mail server.

People like messagelabs.com make a business out of relaying incoming and outgoing mail for businesses.
shareditConnect With a Mentor Commented:
This doesn't necessarily mean you have a virus/bot...

as buck mentioned go here, and put you servers IP in (or mail.domain.com, whatever will resolve to your IP).

Any of the alerts should be worked through to really improve email service, and decrease the likely-hood you will be blacklisted.  Also check the blacklists and go through each one to request that you are delisted.

do you use exchange?
depending on the alerts you see, you will need to ask, or google how to solve each problem, all of them will be simple fixes.  Most changes are made on your exchange(im assuming exchange) server.  reverse DNS will require that you call your ISP and have them set your reverse DNS on your IP to whatever you sned as your SMTP header, mail.domain.com is common.

If you have a configurable firewall,  It would also be advisable to limit smtp traffic to be sent from only your mail server.  It is completely possible an infected PC could send out its own email, which would trigger a blacklist from your IP, even though the mail was not sent from your mail server.

shared it

AlexConnect With a Mentor TechCommented:
hi there,

1 this is usually because your client is delivering via DNS and not via his ISP's smarthost.

2 If you must deliver via dns, then ensure you have reverse DNS set for the mail servers public IP address and even spf record . This will give it a better reputation.

please post back results

loshdogAuthor Commented:
Thank you all for your time and input on this issue.

I did contact Barracuda and they replied very quickly to my issue. See below:
Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us.

We apologize for any inconvenience that this may have caused you. Since this is is your first request for this IP, the reputation of this IP address will be temporarily upgraded from "poor" for 48 hours *or* until we complete our investigation. When our investigation is complete, you will receive a decision via email. It may take up to 1 hour for the changes in the Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls in the world.

There are a number of reasons your IP address may have been listed as "poor", including:

1. The email server at this IP address contains a virus and has been sending out spam
2. The email server at this IP address may be configured incorrectly
3. The PC at this IP address may be infected with a virus or botnet software program
4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program
5. This IP address may be a dynamic IP address which was previously utilized by a known spammer
6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act
7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email
8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured

If you do not think any of the above apply, please also contact the person who manages this IP address, as they may be better able to investigate this issue.

Then I got this email  2 mins later

Thank you for contacting Barracuda Networks IP address: 96.xx.6x.xx6

The Barracuda Spam Firewall has rules that apply to email sent from an IP address known to Barracuda Central with a "poor" rating. The Barracuda Spam Firewall has an option to decline email from these IPs. This is an option that the Administrator of the Barracuda Spam Firewall may enable. If the Administrator chooses to enable this option it may block email from your IP address.

This IP has been seen by Barracuda Central to transmit spam email in the past 30 days.

We have removed your "poor" rating. The IP will be automatically rechecked several times each day and may be adjusted again if issues are observed.

Please allow between 12 and 24 hours for changes to propagate around the world to all Barracuda Spam Firewalls -- at which time you will be able to send email from the IP address. This is the last email you should receive about this issue.

Thank you for your time and understanding.

If this does not do the trick, I will attempt the several other possible solutions here and post my results.

Thank you again.

i would still run the diagnostics from MXtoolbox.com or dnstrouble.com.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.