Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Blacklisted, what to do?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6639
Location: The soundosphere

PostPosted: Wed Mar 29, 2017 2:35 pm    Post subject: Blacklisted, what to do? Reply with quote

Since about a month ago, I have been unable to email a couple of businesses I buy music and recording equipment from. My mail server (which I run myself) has been telling me, after quite a delay, that my messages could not be delivered. It's just these two businesses - everything else seems fine.

So I did a blacklist check on whatismyipaddress.com. I seem to be blacklisted by b.barracudacentral.org, which was mentioned in the rejection messages from my mail server. I have tried their contact us form but have not heard back after three days.

Also blacklisted by dnsbl.justspam.org. No one else is blacklisting my server's IP address. I believe I had taken reasonable precautions in setting up my mail server, and since only two places in a long list of blacklisters have me on their list, I must be doing something right. But the fact that my server is listed anywhere tells me I might not have done everything I could have.

Not sure this could be from an old history with the IP address from before it was mine, since this is a recent thing.

I need to be able to do business and buy studio gear! So what can I do on my end to prevent this from happening?
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana

PostPosted: Wed Mar 29, 2017 2:50 pm    Post subject: Reply with quote

First check if you are running an open relay, there are online tools for that.

https://duckduckgo.com/?q=open+relay+test&atb=v23__&ia=web
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6639
Location: The soundosphere

PostPosted: Wed Mar 29, 2017 4:09 pm    Post subject: Reply with quote

Thanks for pointing me in the right direction.

Using mxtoolbox, the only thing it found wrong with testing my mail server was "Reverse DNS does not match SMTP Banner." But I have:
Code:

smtpd_banner = $myhostname ESMTP $mail_name

in my postfix's main.cf. I added this line and then did postfix reload. No change from mxtoolbox.

Mailradar passed my server as not accepting relays, which I knew it should. (But good to double-check!)

So Barracuda zoomed in on my SMTP banner, which seems like overkill, but whatever. What should I change the above line to?

EDIT:

Fixed by simply adding my SMTP hostname to the banner string.

So now my server literally passes every test two different tools performed. How do I get Barracuda to stop holding up my business?
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana

PostPosted: Wed Mar 29, 2017 6:14 pm    Post subject: Reply with quote

You used Contact form or Removal Request form at Barracuda?

Are there any Windows machines behind the same IP address? They may send spam and your IP address is held responsible.
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6639
Location: The soundosphere

PostPosted: Wed Mar 29, 2017 10:51 pm    Post subject: Reply with quote

It's a hosted dedicated server, so if Hetzner is doing anything, it is beyond my control. I have nothing attached to my server of my own doing, and all my mail clients are Linux-based. I'm the only user.

Yeah, I used their removal request form. It said I should have been placed in a temporary "OK" status while they investigate, but that never happened.
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana

PostPosted: Wed Mar 29, 2017 10:57 pm    Post subject: Reply with quote

Can't think of anything further. As a side note I have to mention it may not be the mail server that is sending spam. In case a box is compromised the attacker usually installs his own mail sending application to send out bulk email. You could request one of alleged spam messages from them and look at the headers.
_________________
My Gentoo installation notes.
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Thu Mar 30, 2017 9:31 pm    Post subject: Reply with quote

How about calling those 2 businesses and asking them for white-listing you?

Other things could be:
missing SPF information - it's not strictly an error in configuration, but some systems classify all emails as spam if server is not explicitly allowed there. Missing SPF allows everything _implicitly_
missing whois information - if you try to hide your identity some systems are more likely to reject your mail. Using datacenter's whois information, or DNS provider's whois masking both fall into this category.
Missing PTR could also result in bumping your spam score.

And one more that is worth checking: I suppose you only have a single IP or handful of those. Check your neighborhood. Sometimes the whole prefix gets banned. I know some servers that were banned for that reason, when the whole /24 network was added.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2569

PostPosted: Thu Mar 30, 2017 10:06 pm    Post subject: Reply with quote

Things that make a difference:


  1. Do you send automated messages from this server, like mailing lists or newsletters to lots of people, or have a webapp that sends email to customers based on some form action?
  2. Do you send lots of attachments, particularly to images?
  3. Do you send lots of links to some server?
  4. Spam tends to have lots of the above things. Some email servers like gmail analyze the messages they receive and categorize a site as a spam site that way.
  5. If somebody "near" your IP address has been classified as a spammer some blacklists mark the neighbors as suspect.
  6. While I haven't seen proof, I suspect that having a porn site "near" your IP makes a difference too.


Do a reverse lookup on your IP address. Or google your ip address and see what comes up. Sometimes you can get old domain names that way.

Sending lots of apparently similar emails that contain one attachment, like a PDF, without text in the message or without a subject, can be a problem too. I've had trouble just mailing somebody pdf documents that the users asked for, it gets classified as spam by some of the bigger email servers.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6639
Location: The soundosphere

PostPosted: Sat Apr 01, 2017 4:22 pm    Post subject: Reply with quote

The whois on my server's IP address is the hosting company's datacenter info. Do I have any control over that?
_________________
decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN
Back to top
View user's profile Send private message
Aiken
Apprentice
Apprentice


Joined: 22 Jan 2003
Posts: 239
Location: Toowoomba/Australia

PostPosted: Sun Apr 02, 2017 9:17 pm    Post subject: Reply with quote

szatox wrote:

missing SPF information - it's not strictly an error in configuration, but some systems classify all emails as spam if server is not explicitly allowed there. Missing SPF allows everything _implicitly_
missing whois information - if you try to hide your identity some systems are more likely to reject your mail. Using datacenter's whois information, or DNS provider's whois masking both fall into this category.


Spf is a strange beast. I get dmarc reports about spoofed emails where both spf and dkim failed with a comment the dns queries were ignored and emails were delivered. Emails from my mail server always go to junk when sending to someone @ outlook.com which is frustrating. Spf, dkim, server greeting, A, AAAA, PTR, ssl certs all line up. I run with spf -all and dmarc p=reject. Sent an email to someone @ outlook.com via a mail server not in my spf and with the -all and reject settings it went straight to inbox. I have many hotmail dmarc reports showing they ignored spf -all and delivered spoofed emails.

While I have it set up I don't have a high opinion of how spf is handled.

Interesting about the whois bit. Since reading your comment have googled email deliverability whois and a bit about that came up. 2 of my domains I use the id privacy the registrar offers and one domain has my name. Am not seeing any difference between them with junk vs inbox.

1clue wrote:

If somebody "near" your IP address has been classified as a spammer some blacklists mark the neighbors as suspect.


Yet another frustrating one. Find yourself on a blacklist, go to their web site to be told you are not sending any spam but too bad you are in the /24 to /20 they have decided to block.
_________________
Beware the grue.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Sun Apr 02, 2017 9:23 pm    Post subject: Reply with quote

This is why I rent external mailserver instead of running my own. Make it someone elses headache.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2569

PostPosted: Mon Apr 03, 2017 2:21 pm    Post subject: Reply with quote

frostschutz wrote:
This is why I rent external mailserver instead of running my own. Make it someone elses headache.


IMO properly running a mail server is a bigger headache than anything else in the enterprise.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum