Solved

Remove IP address from blacklist BARRACUDA,Spamhaus ZEN

Posted on 2015-02-10
9
431 Views
Last Modified: 2015-03-09
Hi,

One of our client's IP address has been added to blacklist at Barracuda and Spamhaus ZEN. How can I remove the IP from the blacklist?

Please also see the below information regarding quarantine outbound emails.

DIRECTION: outbound

POLICY_TYPE: spam

SCORE: 17.956/15

6.3,RBL: Received via a relay in Spamhaus PBL
0.0,RBL: SORBS: sent directly from dynamic IP address
6.7,BODY: Bayes spam probability is 99 to 100%
0.5,HELO greeting hostname has no A-record
0.4,BODY: Bayes spam probability is 99.9 to 100%
0.0,BODY: HTML included in message 1.9,Delivered to internal network by host with
2.2,Contains image and was sent by dynamic
ACTION: quarantine
0
Comment
Question by:Educad
9 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
the sending server name and reverse ip address must be in your dns.
0
 
LVL 24

Expert Comment

by:VB ITS
Comment Utility
Jump on the Barracuda and Spamhaus websites to do a lookup on your client's IP address, it will tell you why they are getting blacklisted and what you need to do to get rid of the cause of the blacklist.

Request for the removal only after you have addressed the issue otherwise you risk being re-added to the list. Some RBL's will only remove you a certain amount of times before they start charging fees (dodgy, I know).
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
Comment Utility
"SORBS: sent directly from dynamic IP address"

If you are on a dynamic IP address, then don't waste your time trying to get delisted, as you will be unable to do so. You need to switch to a static address or use your ISPs SMTP server as a smart host.

Simon.
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
Comment Utility
I agree with Sembee as you need to configure your systems to relay via your ISP and this will require authentication as most ISPs do not allow open relay for their customers.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Educad
Comment Utility
Simon,

They are using static IP address but not sure why it is marked ad dynamic IP address.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 250 total points
Comment Utility
It's possible that you were given a static IP in a pool usually associated to dynamic IPs, it's an unfortunate thing that does happen.

Did you do a lookup for the IP address via the links I gave you in my previous post? The links may not have been very obvious as I hyperlinked the actual RBL provider name to their lookup page:

Barracuda: http://www.barracudacentral.org/lookups
Spamhaus: http://www.spamhaus.org/lookup/
0
 

Author Comment

by:Educad
Comment Utility
VB ITS,

I have entered the IP address but Barracuda lookup system says "IP address x.x.x.x is not currently listed as "poor" on the Barracuda Reputation System".

In the Spamhaus,

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

See also: http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL
0
 

Author Comment

by:Educad
Comment Utility
VB ITS,

Sorry, it was listed under Sorbs DUHL not Barracuda.

The result I found at Sorb DUHL:

Usage classification (only important if you run your own mailserver.)
1 "DUHL" entries [16:52:01 24 Nov 2003 GMT+00].       
210.x.x.x/24 - 1 entries [16:52:01 24 Nov 2003 GMT+00].       
Note: Active "exDUHL" entries mean that the IP/Network has been unblocked for some or all IPs from the DUHL.
 
Problem hostnames/domains (could cause email problems.)
Note:These entries are for URLs or email domains, the IPs that may show up as 'spamvertised' only indicate where the URL/Host was seen being sent from. Listings for IPs that are 'spamvertised' will not usually cause blocking problems unless the email contains the IP address as a URL
Note: For a more detailed view you have to be registered and logged in.
0
 
LVL 24

Expert Comment

by:VB ITS
Comment Utility
Jump on MxToolbox and run a blacklist lookup on the IP address on there as it will check against a large number of blacklists: http://mxtoolbox.com/blacklists.aspx

If you don't find yourself on any blacklists then it's possible you were automatically removed (which to be honest doesn't happen very often). Looking over your original question again it seems that you were placed on the Spamhaus PBL, which isn't exactly a blacklist: http://www.spamhaus.org/pbl/removal/
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now