# Mail Server Blacklisted



## monarckco (Apr 18, 2012)

While I am aware that this issue may not necessarily be related to FreeBSD, but I figured that there might be a misconfiguration of some sort.  

Anyway, I changed my company's web/mail server's IP address early last week and although we are having no connectivity problems, some of our client's email messages are getting blocked by other servers.  It has only happened a couple times, but it is an issue as our customers depend on email to get their business done.  I have searched through our /var/log/maillog to check that we haven't been compromised and unknowingly been sending out SPAM.  I have also checked various SPAM blacklist sites to ensure our IP address has not been listed, but apparently there are some that aren't listed in those searches.

Is it possible that our new IP address was used by someone elses SPAM server at some point?  Or are we being blocked simply because it is a brand new IP address that hasn't been in use long enough to know it's safe?  I am really at a loss.  We only began having these problems after we switched IP addresses.


----------



## SirDice (Apr 18, 2012)

Look at the exact reason why the email is blocked. Contact the receiving end if you have to. Without a reason it's going to be difficult to figure out what's wrong.

Some brain-dead mail admins don't accept email from mailservers that don't have an MX address associated with them. Tell those admins they're idiots, a _sending_ mailserver does NOT require an MX record.


----------



## DutchDaemon (Apr 18, 2012)

PM me the IP address and I'll take a look.


----------



## wblock@ (Apr 18, 2012)

monarckco said:
			
		

> I have searched through our /var/log/maillog to check that we haven't been compromised and unknowingly been sending out SPAM.



There are webserver exploits that would not leave any trace in that file.



> I have also checked various SPAM blacklist sites to ensure our IP address has not been listed, but apparently there are some that aren't listed in those searches.



There are numerous private lists also.



> Is it possible that our new IP address was used by someone elses SPAM server at some point?  Or are we being blocked simply because it is a brand new IP address that hasn't been in use long enough to know it's safe?  I am really at a loss.  We only began having these problems after we switched IP addresses.



Without seeing the rejection messages, it is impossible to say.  Yes, there are some IP ranges that were so abusive that years later people still don't want their spam.


----------



## gkontos (Apr 18, 2012)

You can check the status of your email server.

Link: http://www.mxtoolbox.com/


----------



## monarckco (Apr 19, 2012)

Thanks for all of the replies.  The error message I usually receive is:

```
deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
```
This usually ends up resolving itself, but sometimes just fails completely.

I've also received

```
_Recipient_address_rejected:_Greylisted,_see_http://postgrey.schweikert.ch/help/domain.com.html/Giving_up_on_IP_ADDRESS_HERE./
```
a few times.  I've checked the website, but couldn't really find a way to resolve the issue.  From what I understand, our server might be greylisted because it doesn't have an SSL option?  It also seems like even if it is greylisted, the message will still get sent, just delayed.

The final reason as to why I think we might be blacklisted here and there is because at the beginning of last week I received a failure message in my /var/log/maillog with a URL for the Barracuda SPAM list removal page (which I removed us from).  We were also blocked by another server for a couple of days, but we contacted them and got the problem resolved.  All I did was change IP addresses. Is this normal?


----------



## DutchDaemon (Apr 19, 2012)

Greylisting is nothing more than a temporary refusal to talk to you (deferral). It's a very effective anti-spam measure because it refuses to accept email from hit and run spambots. Normal mailservers will always retry later, and they will be able to deliver the mail later on. It depends on the greylister's configuration how long that period will be. Some use three minutes, other use four hours or even more. Errors starting with "4" are temporary errors (mail will possibly be accepted later), errors starting with "5" are permanent errors (mail will not be accepted at all, bounces). Note: some greylisting servers will greylist forever if they think you're a spammer, hoping to waste your time or fill up your queues.


----------



## DutchDaemon (Apr 19, 2012)

I don't see anything wrong with the setup of your IP address (A/PTR) or your domain (MX), or any blacklists. So if your mail logs don't give specific reasons other than the greylisting ones (which are non-fatal, and not unique, since greylisting is omnipresent), I have no idea.


----------



## monarckco (Apr 19, 2012)

Alright, thanks a lot for explaining all of this and even going as far as checking my setup.
I didn't know that there was an actual meaning to "4" and "5" errors. Nice to know.

I guess I'll just keep an eye on our /var/log/maillog file and see if we get any blacklist messages.  Thanks again everybody.


----------



## SirDice (Apr 19, 2012)

monarckco said:
			
		

> I didn't know that there was an actual meaning to "4" and "5" errors. Nice to know.


There's even a standard for it, RFC-1893.


----------



## throAU (Apr 19, 2012)

Do you have SPF records in DNS that need updating perhaps?


----------

