[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Email not going to certain domains - new firewall - blacklist - dns record?

Posted on 2012-03-20
5
Medium Priority
?
471 Views
Last Modified: 2012-08-13
We installed a new firewall a couple days ago.  The next day we started getting reports of some emails not being delivered.  Most mail goes through, but to certain domains it doesn't.  Those emails are piling up in Exchange 2007 as delayed.  We tried telneting to the servers of these other domains and they say our domain's reputation isn't good enough or something like that.

To me it sounded like a blacklist issue.  We are only on one.  Could be the problem, might not be.  Trying to get that figured out.

Other things i'm looking at - is there some kind of dns record that bigger companies are requiring to send them email?  I forget what it's called.  Soap record or something.  It is to prove that your mail server really belongs to you, and isn't being spoofed.  Could that cause this?  What is it called and how do I implement it?

The new firewall is another possibility, but I don't see how.  Anti-virus and all security settings are turned off.  And we can email most domains fine.  

Any advice would be helpful.  The one blacklist we were on said we were on it because we emailed a spamtrap.  Exchange server shows no signs it is being used to spam.  The blacklist also wanted us to pay like $150 for an express whitelist.  Sounds kind of sketchy.  

thanks for any help.
0
Comment
Question by:readymade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
Netflo earned 1400 total points
ID: 37745426
Step 1: Temporarily disable TCP SYN checking on your firewall, this can cause problems with mail flow and internet surfing appearing to be delayed.

Step 2: Create a rule on your firewall to block port 25 traffic from trusted to untrusted except for your Exchange server IP. Enable logging to identify machines which have been infected - disinfect and monitor again.

Step 3: Ensure your 'PTR record' matches your 'A record'. For example owa.domainname.com, you will need to contact your ISP to get that record set.

Step 4: Grab a tea or coffee and wait for your record to be removed from the spam list or pay the express fee.

This is the normal procedure if your network is not bolted down and you dealing with the 'cute', rather than 'prevention'.

Best of luck!
0
 

Author Comment

by:readymade
ID: 37745444
Ok we've already done some of those things.  What about an SPF record?  Could not having this cause some domains to reject our mail?
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 600 total points
ID: 37745653
To me it sounded like a blacklist issue.  We are only on one.  Could be the problem, might not be.
Depending on the list this may be a huge problem or a tiny problem... all depends on which lists receivers check against.

Other things i'm looking at - is there some kind of dns record that bigger companies are requiring to send them email?
Yep that would be an SPF record, and yes that could cause some receiving servers to reject you flat out.

For most sending domains the SPF record is very simple and doesn't need all the bells and whistles you may find from certain online SPF generation tools.

E.g., assuming the sending IP's for your domain are 1.2.3.4 and 1.2.3.5
"v=spf1 ip4:1.2.3.4 ip4:1.2.3.5 -all"

Open in new window

That would be added into DNS for the domain used in your envelope-from (MAIL FROM) as a TXT record.  If your envelope-from is bobsdomain.com then that is where this record needs to be.

The one blacklist we were on said we were on it because we emailed a spamtrap.
This sounds a bit phishy, pun intended.  Most spamtraps are fake addresses setup as honeypots, most big receivers will actually recycle old real email addresses that shouldn't be getting new mail for that exact purpose.

The blacklist also wanted us to pay like $150 for an express whitelist.  Sounds kind of sketchy.  
Usually only the wanna-be / small time RBL's will charge you like that.  Honestly depending on which list it is and how many of your emails are being affected, I may not even worry about it.

Get your SPF record in check first and then see how your deliverability is.  Also take heed of Netflo's answers, specifically 2 and 3.
0
 

Author Closing Comment

by:readymade
ID: 37747908
We created the firewall policy so only email servers can send.  It also looks like all of the domains that were blocking us were using Cisco IronPort, which uses senderbase.org as their spam reporter.  I believe we have been taken off senderbase so we are now able to send to many if not all of the domains again.  We will look into the SPF record.  

We think maybe a machine was sending out spam.  Unless we find it, we'll never know.  Have to wait and see.  Thanks for the help!
0
 
LVL 18

Expert Comment

by:Netflo
ID: 37747926
Enable logging for your port 25 rule, you'll find the machine report immediately.

Yes I would strongly recommend a SPF record too as mentioned by Papertrip.

Best of luck!
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question