Solved

Email not going to certain domains - new firewall - blacklist - dns record?

Posted on 2012-03-20
5
464 Views
Last Modified: 2012-08-13
We installed a new firewall a couple days ago.  The next day we started getting reports of some emails not being delivered.  Most mail goes through, but to certain domains it doesn't.  Those emails are piling up in Exchange 2007 as delayed.  We tried telneting to the servers of these other domains and they say our domain's reputation isn't good enough or something like that.

To me it sounded like a blacklist issue.  We are only on one.  Could be the problem, might not be.  Trying to get that figured out.

Other things i'm looking at - is there some kind of dns record that bigger companies are requiring to send them email?  I forget what it's called.  Soap record or something.  It is to prove that your mail server really belongs to you, and isn't being spoofed.  Could that cause this?  What is it called and how do I implement it?

The new firewall is another possibility, but I don't see how.  Anti-virus and all security settings are turned off.  And we can email most domains fine.  

Any advice would be helpful.  The one blacklist we were on said we were on it because we emailed a spamtrap.  Exchange server shows no signs it is being used to spam.  The blacklist also wanted us to pay like $150 for an express whitelist.  Sounds kind of sketchy.  

thanks for any help.
0
Comment
Question by:readymade
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Netflo earned 350 total points
Comment Utility
Step 1: Temporarily disable TCP SYN checking on your firewall, this can cause problems with mail flow and internet surfing appearing to be delayed.

Step 2: Create a rule on your firewall to block port 25 traffic from trusted to untrusted except for your Exchange server IP. Enable logging to identify machines which have been infected - disinfect and monitor again.

Step 3: Ensure your 'PTR record' matches your 'A record'. For example owa.domainname.com, you will need to contact your ISP to get that record set.

Step 4: Grab a tea or coffee and wait for your record to be removed from the spam list or pay the express fee.

This is the normal procedure if your network is not bolted down and you dealing with the 'cute', rather than 'prevention'.

Best of luck!
0
 

Author Comment

by:readymade
Comment Utility
Ok we've already done some of those things.  What about an SPF record?  Could not having this cause some domains to reject our mail?
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 150 total points
Comment Utility
To me it sounded like a blacklist issue.  We are only on one.  Could be the problem, might not be.
Depending on the list this may be a huge problem or a tiny problem... all depends on which lists receivers check against.

Other things i'm looking at - is there some kind of dns record that bigger companies are requiring to send them email?
Yep that would be an SPF record, and yes that could cause some receiving servers to reject you flat out.

For most sending domains the SPF record is very simple and doesn't need all the bells and whistles you may find from certain online SPF generation tools.

E.g., assuming the sending IP's for your domain are 1.2.3.4 and 1.2.3.5
"v=spf1 ip4:1.2.3.4 ip4:1.2.3.5 -all"

Open in new window

That would be added into DNS for the domain used in your envelope-from (MAIL FROM) as a TXT record.  If your envelope-from is bobsdomain.com then that is where this record needs to be.

The one blacklist we were on said we were on it because we emailed a spamtrap.
This sounds a bit phishy, pun intended.  Most spamtraps are fake addresses setup as honeypots, most big receivers will actually recycle old real email addresses that shouldn't be getting new mail for that exact purpose.

The blacklist also wanted us to pay like $150 for an express whitelist.  Sounds kind of sketchy.  
Usually only the wanna-be / small time RBL's will charge you like that.  Honestly depending on which list it is and how many of your emails are being affected, I may not even worry about it.

Get your SPF record in check first and then see how your deliverability is.  Also take heed of Netflo's answers, specifically 2 and 3.
0
 

Author Closing Comment

by:readymade
Comment Utility
We created the firewall policy so only email servers can send.  It also looks like all of the domains that were blocking us were using Cisco IronPort, which uses senderbase.org as their spam reporter.  I believe we have been taken off senderbase so we are now able to send to many if not all of the domains again.  We will look into the SPF record.  

We think maybe a machine was sending out spam.  Unless we find it, we'll never know.  Have to wait and see.  Thanks for the help!
0
 
LVL 18

Expert Comment

by:Netflo
Comment Utility
Enable logging for your port 25 rule, you'll find the machine report immediately.

Yes I would strongly recommend a SPF record too as mentioned by Papertrip.

Best of luck!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now