Solved

why my mail server listed in blacklist?

Posted on 2010-11-16
23
1,298 Views
Last Modified: 2012-05-10
Just noticed my server was listed in CBL blacklist. I am not sure why as the server is at my home and there are only 2 workstations in my network. I run virus scan on each pcs and didn't find any virus and spyware. One thing I remember is that i did some telnet test and tried to send some test mail from the domain I don't own to the problematic domain address.

ex: let's say my domain is abc.com, but when I do telnet, i did
Telnet mail.bb.com 25
ehlo ms.com
mail from:mike@ms.com
rcpt to:jeff@bb.com

Did this cause my ip listed in blacklist? and i also did some open relay test.
ex: my domain is abc.com
Telnet mail.cc.com
ehlo cc.com
mail from:jess@cc.com
rcpt to: ian@hh.com

Are any of the above caused me to be listed in blacklist??
0
Comment
Question by:okamon
  • 10
  • 9
  • 2
  • +1
23 Comments
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34151920
Running a Telnet session on your server won't cause any issues.  Go to http://www.mxtoolbox.com/ and run some test. Being blacklisted means your server met certain criteria that this particular BL is testing.
0
 
LVL 2

Expert Comment

by:dpedersen13
ID: 34152171
Also run the dns test from dnsstuff.com. It will show many of the red flags that could cause this. I'd check for open relay.
0
 

Author Comment

by:okamon
ID: 34152565
http://www.mxtoolbox.com/  this is where I found listed, no my server is not open relay, i have checked already. and you are saying if send an email using a fake email address to a recipient, I will not get in blacklist??
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34153001
" I am not sure why as the server is at my home and there are only 2 workstations in my network"

Are you on a dynamic IP Address at home?

If you are - you will always be on at least one blacklist.

If you are on a fixed IP Address, then there will be other reasons, usually spam related.
0
 

Author Comment

by:okamon
ID: 34155815
alanhardisty: I have static IP. why dynamic IP will always get in blacklist? and how? they check the ip and DNS? is this is the case, most of the client they didn't ask their isp to change the dns, it always shows something like static-xx.xxx.xxx.xx.ptr.terago.net

And if I telnet using fake sender's email ex. I use microsoft.com in mail to:
I will not get in blacklist?
0
 

Author Comment

by:okamon
ID: 34155822
typo: I mean mail from....
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 350 total points
ID: 34156085
Spammers use Dynamic IP Addresses and as most home users have weak security and don't need a fixed IP Address, they will get a Dynamic IP Address.

Home users should also send out mail directly to their ISP's mail servers, so being blacklisted shouldn't be a problem, but if they catch a virus, their machines will spew out spam and get the IP blacklisted.  If they then drop the connection to the ISP and re-connect, they will get another IP Address and the one they used to have will get picked up by another user, already blacklisted - this cycle then repeats.

If you are on a static IP, then there are many reasons for being blacklisted - most is down to sending spam, others could be down to poor configuration.  Some 'new' IP addresses to a customer have previously been used and blacklisted, so you may inherit a Blacklisted Fixed IP Address.

If no-one requests de-listing, some blacklist sites keep you listed until a request is made, so you may just be able to get de-listed, but then you might not be able to.

If you want to let me know your IP Address (which I can hide for you once posted), I can check and offer you solid advice not best guesses.

Alan
0
 
LVL 9

Expert Comment

by:Dan Arseneau
ID: 34156727
I strongly suggest you add an SPF entry to your DNS zone as well.
0
 

Author Comment

by:okamon
ID: 34159509
thanx alanhardisty: my ip is 76.10.xxx.xxx (please hide my ip)
I already made the request and my IP now is removed from CBL blacklist.
And you forgot to answer one of my question.

If I telnet like this, ex:
telnet mail.microsoft.com 25
ehlo fake_domain.com
mail from:henry@fake_domain.com

Will I get in blacklist?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34159643
Sorry about missing your question.  No - you won't get blacklisted as a result of what you suggested.  You will if you manage to pick a wrong recipient name that is setup as a honeypot (not advertised anywhere) by accident though.

Your IP is no longer listed, so I can't tell you why you were listed unfortunately.
0
 

Author Comment

by:okamon
ID: 34160123
ok. thank you. I am not sure if I sent to a honeyspot, but I did try to send to a recipient that doesn't exist, but as I manage their domain, I am sure there is no trap. i just wanted to do some test. but one thing is that they use mxlogic as their filter service, so i am not sure if mxlogic report me in blacklist....? do you think it's possible?

 I checked in mxtoolbox, it's clean, but I found my ip blacklisted here.
http://www.blacklistalert.org/

It seems it's the problem of PTR, as the reverse lookup my_ip.dsl.teksavvy.com doesn't match my domain name....??? Will this cause problem?

CASE: C-1010
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthostSpecial Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct email connection. You must use correctly configured [with registered working abuse contact] static IP / ISP mail servers / smarthost service
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 350 total points
ID: 34160188
I would very much doubt you trying to use telnet to test mail-flow would make you hit the jackpot email account that would trigger blacklisting, unless you are in the habit of winning the lottery!

If you don't have Reverse DNS setup - you will be blacklisted and have mail-flow issues.

You seem to have a generic Reverse DNS record - so please call your ISP and ask them to setup a specific one - namely mail.domain.com.

Your server responds to the world as exchange.okaxxxxxx.local - this will cause you mail-flow issues too.  It should also be mail.domain.com and can be changed on the SMTP Virtual Server Properties> Delivery Tab> Advanced Button.

You should use mail.domain.com as long as mail.domain.com resolves to the fixed IP address you have, and then get your ISP to change Reverse DNS to match.  Once they all point to each other and resolve to each-other, you will be configured correctly and blacklists will leave you alone.
0
 

Author Comment

by:okamon
ID: 34161387
Thank you again. But still not clear. So I assume when I send an email to other domain, their server will do a reverse lookup and see if the IP match the domain? in this case, i didn't ask my ISP to change it, so chances are their mail server will report me as a spam?

and exchange.okaxxxxxx.local is another thing other recipient's mail server will look into? is it when I ehlo the server it also do a reverse lookup there?? sorry too many questions here, i am a novice
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 350 total points
ID: 34162779
You won't get reported as a spammer because of poor configuration.  But - you might get blacklisted because of it!

When your server connects to another mail server, your server will say Hello and then pass the FQDN configured on your SMTP Virtual Server to the receiving server.

So the command it uses is:

ehlo exchange.okaxxxxxx.local

The receiving server will also know your IP Address and will check the IP Address for Reverse DNS and may check to see if the FQDN matches the Reverse DNS name.

If it doesn't match - the server may reject you (my server will immediately reject you if it sees .local at the end of your FQDN as this is not correct).

Being reported as a spammer is very different to being blacklisted for being badly configured.

One means you are sending out junk mail - the other means you have configurational issues which need correcting.

Don't worry about the questions - I have a few years head-start on you with Exchange : )
0
 

Author Comment

by:okamon
ID: 34174816
Thank you very much!! That was very clear!! So let me make sure something again here.

So you are saying, when my exchange server connect to other mail server, I say hello to them with my FQDN configured on your SMTP Virtual Server. That is the first thing other mail server will check.

Then the receiving mail server will "always" ?? check the IP Address for Reverse DNS. So this is something I need to call my ISP to better have it updated correct? And I might, not very likely?? to get blacklisted because of that right?

Also what is the difference between being reported as a spammer and blacklisted?
I think spammer is in blacklist anyways?..

Thank you for your time again.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34174894
No problems - glad you got that - it can be fun trying to explain it : )

Some mail servers will check your FQDN - others won't.  Some will check Reverse DNS - others won't.

It all depends on the type of receiving server, how it is configured and what Anti-Spam software they use (if any at all).  You don't know what will be receiving your mail, so you just need to make sure you are configured properly, so that when a server checks - you pass the checks.

Spammers vs Blacklists - If you appear on some blacklist sites it will be because you sent them spam - but you will also pop up on other sites if you are badly configured, not for sending spam.  Backscatterer.org lists servers that send out Non-Delivery Reports to invalid Recipients on their servers - if a spammer makes up the sender address and the recipient address which is destined for a domain on your server, then the message will get rejected by your server and a NDR message will be sent back to the sender. The trouble is - the sender didn't send the email, so when a genuine email address is used - the genuine email user gets a message saying the message you sent to someone at your organisation could not be delivered.  But - they didn't send you a message - so they might report you for sending them spam.

An NDR message is not technically spam - it is a system message - but it can be seen as bad as spam if you send them back to spam emails from spammers using forged sender addresses.

Spam is also essentially Unsolicited Commercial Email - Trying to sell you a rolex watch or Viagra Tablets that you clearly don't want.  NDR messages are useful System Info messages.

Does that make sense?
0
 

Author Comment

by:okamon
ID: 34178626
Thank you so much again. I got a real case here. Let me know if you want me to create a new question. And please mask the IP and domain.
The sender from abc@bugaboo.com tried to send an email to our domain. we have exchange server, and all incoming email will go through mxlogic. The sender got bounce back email: Remote host said: 554 Denied. I checked sender's mail servers at mxtoolbox, both of them not listed in blacklist, but the sender's ip is on blacklist. I also asked the sender to forward me the internet headers.
Sender's ip is blacklisted, so that means mxlogic eject the sender,right??  But I didn't find anything about mxlogic in the internet header of the bounce back email.....
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34179293
One question is fine : )

If the Sender's IP is blacklisted - then their mail will be rejected by MXLogic.

Can you divulge their IP and I can see why they are listed and if it is still a problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34180177
Just re-reading this question title again suggests the above is a separate problem and should really be handled in a new question.

Your initial problem was that you were blacklisted.  Hopefully that it now resolved.

The above is a problem with you receiving.

The path taken by the message was bugaboo to Messagelabs and no doubt Messagelabs rejected their IP because their IP is blacklisted on Tiopan or because their IP also doesn't have Reverse DNS setup.
0
 

Author Comment

by:okamon
ID: 34180259
So should I open a new question?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34180343
Technically - if the original one is resolved - you would be better off.  I am the only one working with you here and you might get more valuable input form other experts in a new question.
0
 

Author Comment

by:okamon
ID: 34180665
ok. But i think if i need to open a new question, i will need to post all the sensitive info again there and i think i just gonna as few more question here.

So you are saying my mxlogic not even see the email, the email got rejected at messagelabs? I thought that as well, but as soon as I added the sender to mxlogic's white list, the sender told me the email can go through.....

And I saw 2 ips there, one is in bounce back email, the other is in internet header - "X-Originating-IP". so which one is sender's ip? The one in bounce back email is blacklisted.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now