Solved

DNS A Record Blacklist

Posted on 2013-06-21
6
1,161 Views
Last Modified: 2013-07-03
Recently I have been trying to trouble shoot certain emails from bouncing back.  When I looked up a black list check I had these hits.  I have checked the email server for any suspicious activities.  I do not completely understand the Host record being blacklisted.  We do not host the Web server.  


Warning! 11 items associated with cafv.org are listed in 7 DNS blacklists.

LISTED

16ms

ATLBL ABL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

18ms

ATLBL HBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

16ms

ATLBL RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

135ms

BBQ

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

20ms

DRBL vote node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

DRBL work node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

MW-Internet RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214
0
Comment
Question by:Mandoelp
  • 3
  • 2
6 Comments
 
LVL 14

Accepted Solution

by:
Kaffiend earned 250 total points
ID: 39267403
Well, one possibility is that the web server is hosted on a "shared" server (which has multiple websites on it).  If that is the case, it could be that one of the other websites (which has the same IP address as your organization's website) on that server is a spam source.

(See the attached pic)




(Actually, what should worry you more, is why your mail server is on a blacklist.  The Host record of the website is not as critical to reliable email delivery as your mail server is)
174-120-141-124.JPG
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 39267948
I agree with Kaffiend.  If this is a shared server, somebody else using this could be spamming.  

I would talk to the hosting company about it.

If this is not a shared server, do you control the SMTP server config?  If so I would check to see if it is an open relay.
0
 

Author Comment

by:Mandoelp
ID: 39275112
I've been monitoring the Exchange queues and put a network sniffer and used my watch guard monitor utilities to monitor port 25 to see if I had an open relay or a rouge computer spamming from within the network. I haven't seen any unwanted traffic other normal business.  The Website host does host multiple sights.  I've been talking with our web design firm that i believe is is coming from the host provider they use.  Those hits that only list the website are the ones that make me think its the website causing this.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Mandoelp
ID: 39275478
As a Temporary fix I set up a SMTP Relay on a Remote server through my VPN.  And Added a SMTP Connector in Exchange
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 39276235
Some of these block lists have a form you can submit.  Basically, you promise that you have taken steps to secure your environment (like having installed AV, firewall, block outgoing port 25 for all but your mail server, no open relay, etc etc) and they will take your server IP off their block list.  It's worth a shot.  

And securing your environment is something you should do, anyway.
0
 

Author Comment

by:Mandoelp
ID: 39279555
Kaffiend,   As per your screenshot I contacted "the planet"  who hosts our webpage and have placed a service ticket with them.  As submitting a form to get removed from the blacklist.  These servers surprisingly don't have that feature.  They go back to dead links.  Needless to say its been very frustrating.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now