Who is sending blacklisting of my IP to Spamhaus

Posted on 2014-08-19
Last Modified: 2014-09-08
I have a public IP for sending e-mail for our corporate LAN. We have two firewalls behind the router.
We also have two mail servers. Exchange server relays outgoing e-mails to an Endian proxy that in turn relays e-mails to the internet. In coming e-mails are received by the Endian proxy before being send to the Exchange server.
On the LAN all outgoing traffic is NATed to the gateway. We have also allowed SMTP traffic to only go via the Endian from the Exchange IP, all other smtp from any IP iexcept the Echange server is diallowed to relay through the Endian.  Problem is that zen.smaphaus keeps blacklisting our IP. We have checked all machines for virues and worms and are convinced they are clean.
Question by:Mbuso Ndlovu
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    check that you're not an open relay
    LVL 13

    Expert Comment

    write a mail to spamhaus they will explain very clearly as how your IP is being listed there and what all you can do to remove it and what all can be done as a preventive action so it won't list..

    1. First lookup the IP at SPAMHAUS site.
    2. Open the listing and there must be an e-mail id to communicate with them.


    Author Comment

    by:Mbuso Ndlovu
    Test      Result      
          SMTP TLS      Warning - Does not support TLS.       
          SMTP Transaction Time      6.458 seconds - Warning on Transaction Time       
          SMTP Banner Check      OK - x.x.x.x.x resolves to xxxxxxxxxxxx
          SMTP Reverse DNS Mismatch      OK - Reverse DNS matches SMTP Banner      
          SMTP Connection Time      1.451 seconds - Good on Connection time      
          SMTP Open Relay      OK - Not an open relay.      
    Session Transcript:
    LVL 13

    Expert Comment

    That's perfect.. sometimes it is whole subnet which is listed in Spamhaus.. not only your IP.. and generally ISP distributes IP's from single subnet to multiple customers/users hence it might possible due to someone else your IP has been dragged into blacklist..

    Check that out..

    LVL 1

    Expert Comment

    i had a situation where my public IP address was being blacklisted by spamhaus. This was because it was a Public IP, and another person was creating the spam.  I resolved it by using a company which allows me to use smtp to send email. I had to make sure I had a valid reverse DNS record and am a legitimate business.

    Accepted Solution

    It turned out that some spammers were targeting our IP using spoofed domains. Once the e-mail got rejected by our server the NDR then went to the spoofed domain, thereby creating an impression of us sending out spam.
    We then further tightened our anti-spam settings by blacklisting Dynamic DSL IPs. This has seen spam being rejected before entering our MTA. Thanks all for the contributions.

    Author Closing Comment

    by:Mbuso Ndlovu
    Am using Endian Firewall as mail proxy. I then turned on the Dynamic DSL blocking feature.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now