Blacklisted in Spamhaus

Our main domain for mailservers has been blacklisted by Spamhaus.
I have not received any complaints prior to this (24 hours ago).
Spamhaus do not let me delist, the domain has been flagged for manual delist (whatever that is), and I did that 24 hours ago, but until now, nothing from Spamhaus.

Anyone knows how to get out of that blacklist, or to get sem response from Spamhaus?

/Jan
dk_jbAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hemil AquinoNetwork EngineerCommented:
Go to this website and check your ip address, if you see any signs of block, just click on that specific provider and they will tell you what to do to white list your ip

http://whatismyipaddress.com/blacklist-check
dk_jbAuthor Commented:
Hi Hemil,

Done that, alle green.
Just on Spamhaus all my IP's and my domain are blacklisted.

/Jan
Hemil AquinoNetwork EngineerCommented:
Do you see something like this?

Your IP is listed in the PBL
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Hemil AquinoNetwork EngineerCommented:
Keep in mind this

THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned by ISPs to broadband customers routers/modems (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for these IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should be on the PBL. Even static IPs which do not send mail should be listed in the PBL.

PBL listings do not prevent you sending email unless your email program is not authenticating properly when it connects to your ISP or to your company's mail server. This can happen if you have changed something in your email program's settings, forgotten to turn on 'SMTP Authentication' or if you have switched 'SMTP Authentication' off by mistake.

If you are using a normal email program such as Outlook, Entourage, Thunderbird or Apple Mail and you are being blocked by a Spamhaus PBL listing when you try to send email, the reason is simply that YOU NEED TO TURN ON 'SMTP AUTHENTICATION' in your email program's account settings. That will immediately solve the problem for you. See: How do I turn on SMTP Authentication?
dk_jbAuthor Commented:
Hi Hermil,

In Spamhaus, my domain is listed in the DBL

My IP's, for all my mailservers  is listed in the SBL (alle have hostnames on the same domains.

/Jan
pgm554Commented:
Got any spare public IP's?
When this happens to me ,I find out what the issues are (they do give you a clue)change the public IP addresses and wait for the other IP's to clear.
It's not just spam they flag you for,if you have an infected pc and it is doing bad things ,they will blacklist your IP.
dk_jbAuthor Commented:
Hi Pgm554,

I did that, but had to change hostnames to anothother domain, on the mailservers, because not only the IP's were blacklisted, the domain was.

Last evening, suddenttly, Spamhaus removed the blacklist, but I never got any response from them.

/Jan
Hemil AquinoNetwork EngineerCommented:
You might be interested in this:

Is there a way to report spam to Spamhaus?
No. Spamhaus DNSBLs are not based on spam reported to us (we have our own systems for detecting and identifying spam, proxies, etc.). Please DO NOT forward your spam to any Spamhaus.org address, we can not do anything with spam you send us, except bin it ourselves (we block people who do forward spam to us from connecting to our mail servers again).
The only public DNSBL system you can currently report spam to is SpamCop.

You can also report your spam (by forwarding it complete with full headers) to the U.S. government's spam-evidence database run by the FTC at: spam@uce.gov

Many ISPs and webmail providers have spam reporting addresses for spam received by their users. Often it is as simple as clicking a "This Is Spam" button. Those reports help the ISP build their own spam filters, and sometimes are aggregated for reports to the spammer's host network via feedback loops.

Some places where you can learn about more about spam and how to report it include:

http://spam.abuse.net/ The Great Granddaddy of all anti-spam sites
http://www.abuse.net/ The Network Abuse Clearinghouse (abuse addresses)
http://spamcop.net/fom-serve/cache/19.html (how to view full headers)
http://www.stopspam.org/email/headers.html (archived) header-reading tutorial
http://www.pop-cram-spam.net/SMTP.htm (archived) basics of Simple Mail Transport Protocol (SMTP, or e-mail)
Also see our Online Scams FAQ for other groups fighting against the scams found in spam.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Sometimes records get wedged in Spamhaus for seemingly no reason + stay there for long periods of time, again seemingly for no reason.

You might switch over to using MailGun till your IP is cleared in Spamhaus.

Also, best you understand why your IP got blacklisted.

There's a Linux Kernel zero day which may be biting you. I had several clients get hit with this a year ago.

The zero day allows crafty hacks to exploit systems + integrate those systems into a Bot network used for sending SMTP spam.

You can test this theory by setting up a iptables rule to log + drop all outgoing SMTP packets + then temporarily stop your MTA.

If you see a huge amount of outgoing port 25 traffic with your MTA down, your machine is infected.

I'm a fairly advanced Server Savant + never found a way to cleanse this hack 100%. The only way I found to fix this, was to move all code off infected machine + reinstall OS from scratch + then reinstall all code.

I've had to do this with... 3-4 machines over the past 2 years. Once they get hit, they seem permanently infected.
dk_jbAuthor Commented:
Hi David,

I don't see, what swithing from Spamhaus to something else would help.
It's the recieving mailserver (not mine), that rejects the mail.

I aleways checkh all outgoing connects for unusual patterns, but.... Nothing.


/Jan
skullnobrainsCommented:
spamhaus will automatically deblacklist you from xbl or sbl after about a day to a maximum of a week ... if you stop sending spam. changing your outgoing ip will work for a short time.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dk_jbAuthor Commented:
Right
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.