[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1197
  • Last Modified:

DNS A Record Blacklist

Recently I have been trying to trouble shoot certain emails from bouncing back.  When I looked up a black list check I had these hits.  I have checked the email server for any suspicious activities.  I do not completely understand the Host record being blacklisted.  We do not host the Web server.  


Warning! 11 items associated with cafv.org are listed in 7 DNS blacklists.

LISTED

16ms

ATLBL ABL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

18ms

ATLBL HBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

16ms

ATLBL RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

135ms

BBQ

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

20ms

DRBL vote node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

DRBL work node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

MW-Internet RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214
0
Mandoelp
Asked:
Mandoelp
  • 3
  • 2
2 Solutions
 
KaffiendCommented:
Well, one possibility is that the web server is hosted on a "shared" server (which has multiple websites on it).  If that is the case, it could be that one of the other websites (which has the same IP address as your organization's website) on that server is a spam source.

(See the attached pic)




(Actually, what should worry you more, is why your mail server is on a blacklist.  The Host record of the website is not as critical to reliable email delivery as your mail server is)
174-120-141-124.JPG
0
 
giltjrCommented:
I agree with Kaffiend.  If this is a shared server, somebody else using this could be spamming.  

I would talk to the hosting company about it.

If this is not a shared server, do you control the SMTP server config?  If so I would check to see if it is an open relay.
0
 
MandoelpAuthor Commented:
I've been monitoring the Exchange queues and put a network sniffer and used my watch guard monitor utilities to monitor port 25 to see if I had an open relay or a rouge computer spamming from within the network. I haven't seen any unwanted traffic other normal business.  The Website host does host multiple sights.  I've been talking with our web design firm that i believe is is coming from the host provider they use.  Those hits that only list the website are the ones that make me think its the website causing this.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MandoelpAuthor Commented:
As a Temporary fix I set up a SMTP Relay on a Remote server through my VPN.  And Added a SMTP Connector in Exchange
0
 
KaffiendCommented:
Some of these block lists have a form you can submit.  Basically, you promise that you have taken steps to secure your environment (like having installed AV, firewall, block outgoing port 25 for all but your mail server, no open relay, etc etc) and they will take your server IP off their block list.  It's worth a shot.  

And securing your environment is something you should do, anyway.
0
 
MandoelpAuthor Commented:
Kaffiend,   As per your screenshot I contacted "the planet"  who hosts our webpage and have placed a service ticket with them.  As submitting a form to get removed from the blacklist.  These servers surprisingly don't have that feature.  They go back to dead links.  Needless to say its been very frustrating.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now