SBS 2008 Exchange Server being Blacklisted
Not a good day :(
I've recently installed an SBS08 server running Exchange 2007 at one of my clients. Today they have been black listed on BARRACUDA BRBL. The server is set to use our ISP's smart-host (mail.opptonline.net) and yet it still has gotten blacklisted. I have confirmed in the Send Connector that the smart host is really really there.
I have attached email headers. When the user send an email. exchange pops back the attached message headers.
Domain.com is my company who is sending the mail which is being blocked.
Keyetv.com is the receiving domain of my blocked mails.
I've recently installed an SBS08 server running Exchange 2007 at one of my clients. Today they have been black listed on BARRACUDA BRBL. The server is set to use our ISP's smart-host (mail.opptonline.net) and yet it still has gotten blacklisted. I have confirmed in the Send Connector that the smart host is really really there.
I have attached email headers. When the user send an email. exchange pops back the attached message headers.
Domain.com is my company who is sending the mail which is being blocked.
Keyetv.com is the receiving domain of my blocked mails.
Diagnostic information for administrators:
Generating server: mta1.srv.hcvlny.cv.net (tcp-daemon)
MHunter@keyetv.com
mx2.nexstar.tv (TCP|167.206.4.196|44643|72.249.102.22|25) (barracuda2.nexstar.tv ESMTP [aa0f8fe95058f7c9c41d87fb394acd2f]) #<mx2.nexstar.tv (TCP|167.206.4.196|44643|72.249.102.22|25) (barracuda2.nexstar.tv ESMTP [aa0f8fe95058f7c9c41d87fb394acd2f]) #5.0.0 smtp;554 Service unavailable; Client host [mta1.srv.hcvlny.cv.net] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=96.56.121.10> #SMTP#
Original message headers:
Return-Path: <USER@domain.com>
Received: from tcp-daemon.mta1.srv.hcvlny.cv.net by mta1.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id
<0L960038R2QOU000@mta1.srv.hcvlny.cv.net>; Wed, 22 Sep 2010 17:08:48 -0400
(EDT)
Received: from remote.domain.com (mail.domain.com [96.56.121.99])
by mta1.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007))
with ESMTP id <0L96003A12QN6KT0@mta1.srv.hcvlny.cv.net> for
USER@keyetv.com; Wed, 22 Sep 2010 17:08:48 -0400 (EDT)
Received: from DCWSBS08.domain.local ([fe80::842a:a619:3a60:40e4])
by DCWSBS08.domain.local ([fe80::842a:a619:3a60:40e4%10]) with mapi; Wed,
22 Sep 2010 17:08:47 -0400
Date: Wed, 22 Sep 2010 17:08:44 -0400
From: Jane Doe <USER@domain.com>
Subject: FW: Post and Pre Logs for Deluxe
To: "USER@keyetv.com" <USER@keyetv.com>
Message-ID: <A947870028054547BFBCBBD69A1D430F37EDD56D@DCWSBS08.dcwcorp.local>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="Boundary_(ID_+Uh/6Nr3XbRvwhWHvPgpTQ)"
Content-Language: en-US
Importance: high
Accept-Language: en-US
X-Priority: 1
Thread-topic: Post and Pre Logs for Deluxe
Thread-index: ActUPqy8ZLdBvQ1mQ7miHd+tQtynqQBcIsUAATq8UGAAAAgbsA==
acceptlanguage: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Reporting-MTA: dns; mta1.srv.hcvlny.cv.net (tcp-daemon)
Final-recipient: RFC822; USER@keyetv.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx2.nexstar.tv (TCP|167.206.4.196|44643|72.249.102.22|25)
(barracuda2.nexstar.tv ESMTP [aa0f8fe95058f7c9c41d87fb394acd2f])
X-Supplementary-Info: <mx2.nexstar.tv
(TCP|167.206.4.196|44643|72.249.102.22|25) (barracuda2.nexstar.tv ESMTP
[aa0f8fe95058f7c9c41d87fb394acd2f]) #5.0.0 smtp;554 Service unavailable;
Client host [mta1.srv.hcvlny.cv.net] blocked using Barracuda Reputation;
http://bbl.barracudacentral.com/q.cgi?ip=96.56.121.99>
ASKER
I change the IP for the post due to privacy. The real IP is 96.56.121.10. It is Blacklisted.
Barracuda has removed it but now Tiopan has added it.
Barracuda has removed it but now Tiopan has added it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have already emailed them.
The point is, how do i prevent the server from being blacklisted? I thought using a smart-host was enough since email isn't seen as being sent from the server. If i change the PTR, will that help? What shall i change it to? remote.domain.com (mail server address)? If i have to fight daily with blacklists, thats not going to be a good thing...
I can hear angry people already. :(
There has to be a way to prevent this from happening to begin with.
The point is, how do i prevent the server from being blacklisted? I thought using a smart-host was enough since email isn't seen as being sent from the server. If i change the PTR, will that help? What shall i change it to? remote.domain.com (mail server address)? If i have to fight daily with blacklists, thats not going to be a good thing...
I can hear angry people already. :(
There has to be a way to prevent this from happening to begin with.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The network is entirely clean. There are no non domain joined computers on it. All client computers are running fully updated AV software. The setup is less than a week old.
Well, to be save, if you have a firewall, just block port 25 outgoing. Only open it for your SBS server.
I had a client with up to date AV, but still one desktop was spamming.
I had a client with up to date AV, but still one desktop was spamming.
ASKER
Port 25 blocked on all but the server. I enabled logging to tell me which machine is trying to send out on the port. Hopefully this will shed some light if this is indeed the issue. Will post back in a few days.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok well have blocked port 25 on all outbound traffic except the Exchange server. Will see how things go. Thanks everyone for the advice.
ASKER
I have not seen anything pop up in the firewall log. It doesn't seem like any computer in the network was ever sending out on port 25. I cant say for sure if its resolved or if we'll be blacklisted again next week. Will have to see how things go. The advice offered was all very well written and well understood, but i dont know if it specifically solved my issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I provided you with a resolution and you awarded the points to scraane who only gave you a troubleshooting tip to see if there was a problem on your network. If you had found a problem then you could have taken advice from scraane or someone else to fix it and awarded the points accordingly but there is no problem on your network so as it stands I have provided the only resolution.
You can check your IPs here:
http://www.barracudacentral.org/lookups/ip-reputation
or use the last line in the header
http://bbl.barracudacentral.com/q.cgi?ip=96.56.121.99