Solved

DNS A Record Blacklist

Posted on 2013-06-21
6
1,173 Views
Last Modified: 2013-07-03
Recently I have been trying to trouble shoot certain emails from bouncing back.  When I looked up a black list check I had these hits.  I have checked the email server for any suspicious activities.  I do not completely understand the Host record being blacklisted.  We do not host the Web server.  


Warning! 11 items associated with cafv.org are listed in 7 DNS blacklists.

LISTED

16ms

ATLBL ABL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

18ms

ATLBL HBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

16ms

ATLBL RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214

LISTED

135ms

BBQ

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

20ms

DRBL vote node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

DRBL work node gremlin.ru

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

LISTED

16ms

MW-Internet RBL

DNS A Record cafv.org. resolves to a blacklisted IP 174.120.141.124

DNS MX Record (Mail Server) mail.cafv.org. resolves to a blacklisted IP 71.40.16.214
0
Comment
Question by:Mandoelp
  • 3
  • 2
6 Comments
 
LVL 14

Accepted Solution

by:
Kaffiend earned 250 total points
ID: 39267403
Well, one possibility is that the web server is hosted on a "shared" server (which has multiple websites on it).  If that is the case, it could be that one of the other websites (which has the same IP address as your organization's website) on that server is a spam source.

(See the attached pic)




(Actually, what should worry you more, is why your mail server is on a blacklist.  The Host record of the website is not as critical to reliable email delivery as your mail server is)
174-120-141-124.JPG
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 250 total points
ID: 39267948
I agree with Kaffiend.  If this is a shared server, somebody else using this could be spamming.  

I would talk to the hosting company about it.

If this is not a shared server, do you control the SMTP server config?  If so I would check to see if it is an open relay.
0
 

Author Comment

by:Mandoelp
ID: 39275112
I've been monitoring the Exchange queues and put a network sniffer and used my watch guard monitor utilities to monitor port 25 to see if I had an open relay or a rouge computer spamming from within the network. I haven't seen any unwanted traffic other normal business.  The Website host does host multiple sights.  I've been talking with our web design firm that i believe is is coming from the host provider they use.  Those hits that only list the website are the ones that make me think its the website causing this.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:Mandoelp
ID: 39275478
As a Temporary fix I set up a SMTP Relay on a Remote server through my VPN.  And Added a SMTP Connector in Exchange
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 39276235
Some of these block lists have a form you can submit.  Basically, you promise that you have taken steps to secure your environment (like having installed AV, firewall, block outgoing port 25 for all but your mail server, no open relay, etc etc) and they will take your server IP off their block list.  It's worth a shot.  

And securing your environment is something you should do, anyway.
0
 

Author Comment

by:Mandoelp
ID: 39279555
Kaffiend,   As per your screenshot I contacted "the planet"  who hosts our webpage and have placed a service ticket with them.  As submitting a form to get removed from the blacklist.  These servers surprisingly don't have that feature.  They go back to dead links.  Needless to say its been very frustrating.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question