• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1495
  • Last Modified:

why my mail server listed in blacklist?

Just noticed my server was listed in CBL blacklist. I am not sure why as the server is at my home and there are only 2 workstations in my network. I run virus scan on each pcs and didn't find any virus and spyware. One thing I remember is that i did some telnet test and tried to send some test mail from the domain I don't own to the problematic domain address.

ex: let's say my domain is abc.com, but when I do telnet, i did
Telnet mail.bb.com 25
ehlo ms.com
mail from:mike@ms.com
rcpt to:jeff@bb.com

Did this cause my ip listed in blacklist? and i also did some open relay test.
ex: my domain is abc.com
Telnet mail.cc.com
ehlo cc.com
mail from:jess@cc.com
rcpt to: ian@hh.com

Are any of the above caused me to be listed in blacklist??
0
okamon
Asked:
okamon
  • 10
  • 9
  • 2
  • +1
3 Solutions
 
Dan ArseneauCommented:
Running a Telnet session on your server won't cause any issues.  Go to http://www.mxtoolbox.com/ and run some test. Being blacklisted means your server met certain criteria that this particular BL is testing.
0
 
dpedersen13Commented:
Also run the dns test from dnsstuff.com. It will show many of the red flags that could cause this. I'd check for open relay.
0
 
okamonAuthor Commented:
http://www.mxtoolbox.com/  this is where I found listed, no my server is not open relay, i have checked already. and you are saying if send an email using a fake email address to a recipient, I will not get in blacklist??
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan HardistyCommented:
" I am not sure why as the server is at my home and there are only 2 workstations in my network"

Are you on a dynamic IP Address at home?

If you are - you will always be on at least one blacklist.

If you are on a fixed IP Address, then there will be other reasons, usually spam related.
0
 
okamonAuthor Commented:
alanhardisty: I have static IP. why dynamic IP will always get in blacklist? and how? they check the ip and DNS? is this is the case, most of the client they didn't ask their isp to change the dns, it always shows something like static-xx.xxx.xxx.xx.ptr.terago.net

And if I telnet using fake sender's email ex. I use microsoft.com in mail to:
I will not get in blacklist?
0
 
okamonAuthor Commented:
typo: I mean mail from....
0
 
Alan HardistyCommented:
Spammers use Dynamic IP Addresses and as most home users have weak security and don't need a fixed IP Address, they will get a Dynamic IP Address.

Home users should also send out mail directly to their ISP's mail servers, so being blacklisted shouldn't be a problem, but if they catch a virus, their machines will spew out spam and get the IP blacklisted.  If they then drop the connection to the ISP and re-connect, they will get another IP Address and the one they used to have will get picked up by another user, already blacklisted - this cycle then repeats.

If you are on a static IP, then there are many reasons for being blacklisted - most is down to sending spam, others could be down to poor configuration.  Some 'new' IP addresses to a customer have previously been used and blacklisted, so you may inherit a Blacklisted Fixed IP Address.

If no-one requests de-listing, some blacklist sites keep you listed until a request is made, so you may just be able to get de-listed, but then you might not be able to.

If you want to let me know your IP Address (which I can hide for you once posted), I can check and offer you solid advice not best guesses.

Alan
0
 
Dan ArseneauCommented:
I strongly suggest you add an SPF entry to your DNS zone as well.
0
 
okamonAuthor Commented:
thanx alanhardisty: my ip is 76.10.xxx.xxx (please hide my ip)
I already made the request and my IP now is removed from CBL blacklist.
And you forgot to answer one of my question.

If I telnet like this, ex:
telnet mail.microsoft.com 25
ehlo fake_domain.com
mail from:henry@fake_domain.com

Will I get in blacklist?
0
 
Alan HardistyCommented:
Sorry about missing your question.  No - you won't get blacklisted as a result of what you suggested.  You will if you manage to pick a wrong recipient name that is setup as a honeypot (not advertised anywhere) by accident though.

Your IP is no longer listed, so I can't tell you why you were listed unfortunately.
0
 
okamonAuthor Commented:
ok. thank you. I am not sure if I sent to a honeyspot, but I did try to send to a recipient that doesn't exist, but as I manage their domain, I am sure there is no trap. i just wanted to do some test. but one thing is that they use mxlogic as their filter service, so i am not sure if mxlogic report me in blacklist....? do you think it's possible?

 I checked in mxtoolbox, it's clean, but I found my ip blacklisted here.
http://www.blacklistalert.org/

It seems it's the problem of PTR, as the reverse lookup my_ip.dsl.teksavvy.com doesn't match my domain name....??? Will this cause problem?

CASE: C-1010
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthostSpecial Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct email connection. You must use correctly configured [with registered working abuse contact] static IP / ISP mail servers / smarthost service
0
 
Alan HardistyCommented:
I would very much doubt you trying to use telnet to test mail-flow would make you hit the jackpot email account that would trigger blacklisting, unless you are in the habit of winning the lottery!

If you don't have Reverse DNS setup - you will be blacklisted and have mail-flow issues.

You seem to have a generic Reverse DNS record - so please call your ISP and ask them to setup a specific one - namely mail.domain.com.

Your server responds to the world as exchange.okaxxxxxx.local - this will cause you mail-flow issues too.  It should also be mail.domain.com and can be changed on the SMTP Virtual Server Properties> Delivery Tab> Advanced Button.

You should use mail.domain.com as long as mail.domain.com resolves to the fixed IP address you have, and then get your ISP to change Reverse DNS to match.  Once they all point to each other and resolve to each-other, you will be configured correctly and blacklists will leave you alone.
0
 
okamonAuthor Commented:
Thank you again. But still not clear. So I assume when I send an email to other domain, their server will do a reverse lookup and see if the IP match the domain? in this case, i didn't ask my ISP to change it, so chances are their mail server will report me as a spam?

and exchange.okaxxxxxx.local is another thing other recipient's mail server will look into? is it when I ehlo the server it also do a reverse lookup there?? sorry too many questions here, i am a novice
0
 
Alan HardistyCommented:
You won't get reported as a spammer because of poor configuration.  But - you might get blacklisted because of it!

When your server connects to another mail server, your server will say Hello and then pass the FQDN configured on your SMTP Virtual Server to the receiving server.

So the command it uses is:

ehlo exchange.okaxxxxxx.local

The receiving server will also know your IP Address and will check the IP Address for Reverse DNS and may check to see if the FQDN matches the Reverse DNS name.

If it doesn't match - the server may reject you (my server will immediately reject you if it sees .local at the end of your FQDN as this is not correct).

Being reported as a spammer is very different to being blacklisted for being badly configured.

One means you are sending out junk mail - the other means you have configurational issues which need correcting.

Don't worry about the questions - I have a few years head-start on you with Exchange : )
0
 
okamonAuthor Commented:
Thank you very much!! That was very clear!! So let me make sure something again here.

So you are saying, when my exchange server connect to other mail server, I say hello to them with my FQDN configured on your SMTP Virtual Server. That is the first thing other mail server will check.

Then the receiving mail server will "always" ?? check the IP Address for Reverse DNS. So this is something I need to call my ISP to better have it updated correct? And I might, not very likely?? to get blacklisted because of that right?

Also what is the difference between being reported as a spammer and blacklisted?
I think spammer is in blacklist anyways?..

Thank you for your time again.
0
 
Alan HardistyCommented:
No problems - glad you got that - it can be fun trying to explain it : )

Some mail servers will check your FQDN - others won't.  Some will check Reverse DNS - others won't.

It all depends on the type of receiving server, how it is configured and what Anti-Spam software they use (if any at all).  You don't know what will be receiving your mail, so you just need to make sure you are configured properly, so that when a server checks - you pass the checks.

Spammers vs Blacklists - If you appear on some blacklist sites it will be because you sent them spam - but you will also pop up on other sites if you are badly configured, not for sending spam.  Backscatterer.org lists servers that send out Non-Delivery Reports to invalid Recipients on their servers - if a spammer makes up the sender address and the recipient address which is destined for a domain on your server, then the message will get rejected by your server and a NDR message will be sent back to the sender. The trouble is - the sender didn't send the email, so when a genuine email address is used - the genuine email user gets a message saying the message you sent to someone at your organisation could not be delivered.  But - they didn't send you a message - so they might report you for sending them spam.

An NDR message is not technically spam - it is a system message - but it can be seen as bad as spam if you send them back to spam emails from spammers using forged sender addresses.

Spam is also essentially Unsolicited Commercial Email - Trying to sell you a rolex watch or Viagra Tablets that you clearly don't want.  NDR messages are useful System Info messages.

Does that make sense?
0
 
okamonAuthor Commented:
Thank you so much again. I got a real case here. Let me know if you want me to create a new question. And please mask the IP and domain.
The sender from abc@bugaboo.com tried to send an email to our domain. we have exchange server, and all incoming email will go through mxlogic. The sender got bounce back email: Remote host said: 554 Denied. I checked sender's mail servers at mxtoolbox, both of them not listed in blacklist, but the sender's ip is on blacklist. I also asked the sender to forward me the internet headers.
Sender's ip is blacklisted, so that means mxlogic eject the sender,right??  But I didn't find anything about mxlogic in the internet header of the bounce back email.....
0
 
Alan HardistyCommented:
One question is fine : )

If the Sender's IP is blacklisted - then their mail will be rejected by MXLogic.

Can you divulge their IP and I can see why they are listed and if it is still a problem.
0
 
Alan HardistyCommented:
Just re-reading this question title again suggests the above is a separate problem and should really be handled in a new question.

Your initial problem was that you were blacklisted.  Hopefully that it now resolved.

The above is a problem with you receiving.

The path taken by the message was bugaboo to Messagelabs and no doubt Messagelabs rejected their IP because their IP is blacklisted on Tiopan or because their IP also doesn't have Reverse DNS setup.
0
 
okamonAuthor Commented:
So should I open a new question?
0
 
Alan HardistyCommented:
Technically - if the original one is resolved - you would be better off.  I am the only one working with you here and you might get more valuable input form other experts in a new question.
0
 
okamonAuthor Commented:
ok. But i think if i need to open a new question, i will need to post all the sensitive info again there and i think i just gonna as few more question here.

So you are saying my mxlogic not even see the email, the email got rejected at messagelabs? I thought that as well, but as soon as I added the sender to mxlogic's white list, the sender told me the email can go through.....

And I saw 2 ips there, one is in bounce back email, the other is in internet header - "X-Originating-IP". so which one is sender's ip? The one in bounce back email is blacklisted.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 10
  • 9
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now