[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Remove IP address from blacklist BARRACUDA,Spamhaus ZEN

Posted on 2015-02-10
9
Medium Priority
?
1,028 Views
Last Modified: 2015-03-09
Hi,

One of our client's IP address has been added to blacklist at Barracuda and Spamhaus ZEN. How can I remove the IP from the blacklist?

Please also see the below information regarding quarantine outbound emails.

DIRECTION: outbound

POLICY_TYPE: spam

SCORE: 17.956/15

6.3,RBL: Received via a relay in Spamhaus PBL
0.0,RBL: SORBS: sent directly from dynamic IP address
6.7,BODY: Bayes spam probability is 99 to 100%
0.5,HELO greeting hostname has no A-record
0.4,BODY: Bayes spam probability is 99.9 to 100%
0.0,BODY: HTML included in message 1.9,Delivered to internal network by host with
2.2,Contains image and was sent by dynamic
ACTION: quarantine
0
Comment
Question by:Educad
9 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40600542
the sending server name and reverse ip address must be in your dns.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40600628
Jump on the Barracuda and Spamhaus websites to do a lookup on your client's IP address, it will tell you why they are getting blacklisted and what you need to do to get rid of the cause of the blacklist.

Request for the removal only after you have addressed the issue otherwise you risk being re-added to the list. Some RBL's will only remove you a certain amount of times before they start charging fees (dodgy, I know).
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 40600851
"SORBS: sent directly from dynamic IP address"

If you are on a dynamic IP address, then don't waste your time trying to get delisted, as you will be unable to do so. You need to switch to a static address or use your ISPs SMTP server as a smart host.

Simon.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40600951
I agree with Sembee as you need to configure your systems to relay via your ISP and this will require authentication as most ISPs do not allow open relay for their customers.
0
 

Author Comment

by:Educad
ID: 40601899
Simon,

They are using static IP address but not sure why it is marked ad dynamic IP address.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 1000 total points
ID: 40601916
It's possible that you were given a static IP in a pool usually associated to dynamic IPs, it's an unfortunate thing that does happen.

Did you do a lookup for the IP address via the links I gave you in my previous post? The links may not have been very obvious as I hyperlinked the actual RBL provider name to their lookup page:

Barracuda: http://www.barracudacentral.org/lookups
Spamhaus: http://www.spamhaus.org/lookup/
0
 

Author Comment

by:Educad
ID: 40601937
VB ITS,

I have entered the IP address but Barracuda lookup system says "IP address x.x.x.x is not currently listed as "poor" on the Barracuda Reputation System".

In the Spamhaus,

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

See also: http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL
0
 

Author Comment

by:Educad
ID: 40601949
VB ITS,

Sorry, it was listed under Sorbs DUHL not Barracuda.

The result I found at Sorb DUHL:

Usage classification (only important if you run your own mailserver.)
1 "DUHL" entries [16:52:01 24 Nov 2003 GMT+00].       
210.x.x.x/24 - 1 entries [16:52:01 24 Nov 2003 GMT+00].       
Note: Active "exDUHL" entries mean that the IP/Network has been unblocked for some or all IPs from the DUHL.
 
Problem hostnames/domains (could cause email problems.)
Note:These entries are for URLs or email domains, the IPs that may show up as 'spamvertised' only indicate where the URL/Host was seen being sent from. Listings for IPs that are 'spamvertised' will not usually cause blocking problems unless the email contains the IP address as a URL
Note: For a more detailed view you have to be registered and logged in.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40601959
Jump on MxToolbox and run a blacklist lookup on the IP address on there as it will check against a large number of blacklists: http://mxtoolbox.com/blacklists.aspx

If you don't find yourself on any blacklists then it's possible you were automatically removed (which to be honest doesn't happen very often). Looking over your original question again it seems that you were placed on the Spamhaus PBL, which isn't exactly a blacklist: http://www.spamhaus.org/pbl/removal/
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question