[Webinar] Learn how to a build a cloud-first strategyRegister Now


Who is sending blacklisting of my IP to Spamhaus

Posted on 2014-08-19
Medium Priority
Last Modified: 2014-09-08
I have a public IP for sending e-mail for our corporate LAN. We have two firewalls behind the router.
We also have two mail servers. Exchange server relays outgoing e-mails to an Endian proxy that in turn relays e-mails to the internet. In coming e-mails are received by the Endian proxy before being send to the Exchange server.
On the LAN all outgoing traffic is NATed to the gateway. We have also allowed SMTP traffic to only go via the Endian from the Exchange IP, all other smtp from any IP iexcept the Echange server is diallowed to relay through the Endian.  Problem is that zen.smaphaus keeps blacklisting our IP. We have checked all machines for virues and worms and are convinced they are clean.
Question by:Mbuso Ndlovu
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40269819
check that you're not an open relay  http://www.mxtoolbox.com
LVL 13

Expert Comment

ID: 40269826
write a mail to spamhaus they will explain very clearly as how your IP is being listed there and what all you can do to remove it and what all can be done as a preventive action so it won't list..

1. First lookup the IP at SPAMHAUS site.
2. Open the listing and there must be an e-mail id to communicate with them.


Author Comment

by:Mbuso Ndlovu
ID: 40269829
Test      Result      
      SMTP TLS      Warning - Does not support TLS.       
      SMTP Transaction Time      6.458 seconds - Warning on Transaction Time       
      SMTP Banner Check      OK - x.x.x.x.x resolves to xxxxxxxxxxxx
      SMTP Reverse DNS Mismatch      OK - Reverse DNS matches SMTP Banner      
      SMTP Connection Time      1.451 seconds - Good on Connection time      
      SMTP Open Relay      OK - Not an open relay.      
Session Transcript:
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

LVL 13

Expert Comment

ID: 40269836
That's perfect.. sometimes it is whole subnet which is listed in Spamhaus.. not only your IP.. and generally ISP distributes IP's from single subnet to multiple customers/users hence it might possible due to someone else your IP has been dragged into blacklist..

Check that out..


Expert Comment

ID: 40270142
i had a situation where my public IP address was being blacklisted by spamhaus. This was because it was a Public IP, and another person was creating the spam.  I resolved it by using a company which allows me to use smtp to send email. I had to make sure I had a valid reverse DNS record and am a legitimate business.

Accepted Solution

Mbuso Ndlovu earned 0 total points
ID: 40300610
It turned out that some spammers were targeting our IP using spoofed domains. Once the e-mail got rejected by our server the NDR then went to the spoofed domain, thereby creating an impression of us sending out spam.
We then further tightened our anti-spam settings by blacklisting Dynamic DSL IPs. This has seen spam being rejected before entering our MTA. Thanks all for the contributions.

Author Closing Comment

by:Mbuso Ndlovu
ID: 40309434
Am using Endian Firewall as mail proxy. I then turned on the Dynamic DSL blocking feature.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month20 days, 12 hours left to enroll

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question