Solved

Remove IP address from blacklist BARRACUDA,Spamhaus ZEN

Posted on 2015-02-10
9
468 Views
Last Modified: 2015-03-09
Hi,

One of our client's IP address has been added to blacklist at Barracuda and Spamhaus ZEN. How can I remove the IP from the blacklist?

Please also see the below information regarding quarantine outbound emails.

DIRECTION: outbound

POLICY_TYPE: spam

SCORE: 17.956/15

6.3,RBL: Received via a relay in Spamhaus PBL
0.0,RBL: SORBS: sent directly from dynamic IP address
6.7,BODY: Bayes spam probability is 99 to 100%
0.5,HELO greeting hostname has no A-record
0.4,BODY: Bayes spam probability is 99.9 to 100%
0.0,BODY: HTML included in message 1.9,Delivered to internal network by host with
2.2,Contains image and was sent by dynamic
ACTION: quarantine
0
Comment
Question by:Educad
9 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40600542
the sending server name and reverse ip address must be in your dns.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40600628
Jump on the Barracuda and Spamhaus websites to do a lookup on your client's IP address, it will tell you why they are getting blacklisted and what you need to do to get rid of the cause of the blacklist.

Request for the removal only after you have addressed the issue otherwise you risk being re-added to the list. Some RBL's will only remove you a certain amount of times before they start charging fees (dodgy, I know).
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 40600851
"SORBS: sent directly from dynamic IP address"

If you are on a dynamic IP address, then don't waste your time trying to get delisted, as you will be unable to do so. You need to switch to a static address or use your ISPs SMTP server as a smart host.

Simon.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40600951
I agree with Sembee as you need to configure your systems to relay via your ISP and this will require authentication as most ISPs do not allow open relay for their customers.
0
 

Author Comment

by:Educad
ID: 40601899
Simon,

They are using static IP address but not sure why it is marked ad dynamic IP address.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 250 total points
ID: 40601916
It's possible that you were given a static IP in a pool usually associated to dynamic IPs, it's an unfortunate thing that does happen.

Did you do a lookup for the IP address via the links I gave you in my previous post? The links may not have been very obvious as I hyperlinked the actual RBL provider name to their lookup page:

Barracuda: http://www.barracudacentral.org/lookups
Spamhaus: http://www.spamhaus.org/lookup/
0
 

Author Comment

by:Educad
ID: 40601937
VB ITS,

I have entered the IP address but Barracuda lookup system says "IP address x.x.x.x is not currently listed as "poor" on the Barracuda Reputation System".

In the Spamhaus,

This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

See also: http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL
0
 

Author Comment

by:Educad
ID: 40601949
VB ITS,

Sorry, it was listed under Sorbs DUHL not Barracuda.

The result I found at Sorb DUHL:

Usage classification (only important if you run your own mailserver.)
1 "DUHL" entries [16:52:01 24 Nov 2003 GMT+00].       
210.x.x.x/24 - 1 entries [16:52:01 24 Nov 2003 GMT+00].       
Note: Active "exDUHL" entries mean that the IP/Network has been unblocked for some or all IPs from the DUHL.
 
Problem hostnames/domains (could cause email problems.)
Note:These entries are for URLs or email domains, the IPs that may show up as 'spamvertised' only indicate where the URL/Host was seen being sent from. Listings for IPs that are 'spamvertised' will not usually cause blocking problems unless the email contains the IP address as a URL
Note: For a more detailed view you have to be registered and logged in.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40601959
Jump on MxToolbox and run a blacklist lookup on the IP address on there as it will check against a large number of blacklists: http://mxtoolbox.com/blacklists.aspx

If you don't find yourself on any blacklists then it's possible you were automatically removed (which to be honest doesn't happen very often). Looking over your original question again it seems that you were placed on the Spamhaus PBL, which isn't exactly a blacklist: http://www.spamhaus.org/pbl/removal/
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question