We notice you are on a blacklist

Andy
Andy used Ask the Experts™
on
Hello,
My client IPs has blacklisted only at Sorbs
Sorbs website – „Site Down for Maintainance“
http://www.sorbs.net
Im waiting for Sorbs website to find out reason and to delist IP but in the meantime what can I do to find source of the problem.
Any advice?
Maybe it is false positive?
http://forums.gfi.com/dnsblsorbsnet-has-alot-of-false-positives-m900742006.aspx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Server engineer
Commented:
Your Exchange server public IP is blacklisted on RBL sorbs because there is spam going out from your exchange server from internal user.

Internal user might have registered to an unknown website.

Run a complete virus/malware scan on all domain joined machines and exchange server to rule out any virus/malware.

Reset the password for user.

You can also enable diagnostics login on the send connector and check the logs. Also see the mail.queue if there are too many emails stuck in the queue for unknown domains. Also check DSN messages without FROM address in the queue.

If it is false positive check the mxtoolbox under blacklist check and enter exchange server public IP to see if it's blacklisted.

Contact your ISP to remove the IP from blacklist.
Do you have a PTR (rDNS) record for your public IP address?  If not, this could be the cause as this is one of the main reasons for false positives on spam filters. If you don't have a PTR record their spam filters  mark it as a dynamic IP address that shouldn't be sending email.  Along with what SAIF said I would check that too.

In addition, once you have this issue resolved, I would advise adding filters to your perimeter router that prevent outgoing SMTP packets from any IP address except those of your email servers.  Unless, of course, you actually have a reason to allow your users to send email externally without it being routed through your email servers.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Make sure that your SPF record is setup correctly, because this record tells recipient servers if the sending server is a authorized server or not. That is one of the most import items to fix not already correct.
Hani M .S. Al-habshiContributor as IT Expert

Commented:
Why is my IP address blacklisted?
Your IP address may be blacklisted for several reasons. Your IP may only be listed on a single blacklist, or it could be listed on multiple blacklists. Each IP blacklist is maintained separately and not governed by a central source. Each may have different standards for listing/delisting IP addresses.
 
If your IP address is blacklisted, this doesn't necessarily mean there is cause for concern. Some blacklists automatically add any IP address that is assigned via DHCP from the ISP. DHCP IP addresses are mainly how almost all residential connections connect to the Internet. Business accounts are more likely to be assigned static IP addresses.

We don’t maintain a blacklist, but here are the main reasons why your IP could end up being listed. Virus, Malware, or spam. If you've got a virus or malware and your computer is constantly pinging or attempting to communicate with other computers, you're bound to hit a computer where the admin will see your ‘attack’, block your IP address, and report it accordingly. If you send spam or run a mail server that is not properly configured and it allows spam to be sent, that IP address will get blacklisted.

If you have a DHCP IP address and you're not a spammer and don't have a virus, it's possible that the person who had your IP address before you was, or the person who had it before them, or the person who had it before them. Only the ISP knows who had the IP address prior to assigning it to you. You may have done nothing wrong.

How do I get my IP address off of a blacklist?
First, you should make sure that all devices on your network are not infected. After you've determined your network is clean and that no unauthorized traffic is going out, find where your IP address is blacklisted and contact them for removal. Each blacklist will have different ways of requesting an IP removal. And just because you've made the removal request, doesn't mean they'll honor your request.

What if my IP address remains on a blacklist?
That depends. If you're an average home user, having your IP address on a blacklist probably won't make a difference with your daily surfing agenda. However, if you're a business and run your own mail server, you may have issues getting unlisted. You'll need to make sure each device on your network is clean and make sure your mail server is configured correctly and locked down so it's not allowed to send messages from unauthenticated users.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial