Monday, March 25, 2013, 10:01
Solution ID: 00000210
PerfectMail is saying my server is black listed! What should I do?
PerfectMail's validation system will proactively check to ensure your mail server is properly configured and functioning. It will also check to ensure your server is not black listed by well known RBL sites on the Internet including spamhaus.org. If your server is listed you will receive a message in the validation report that looks something like the following:
Internet Facing IP Address: WARNING
The "Internet Facing IP Address" of this server [xxx.xxx.xxx.xxx] is Black Listed! E-mail servers may reject e-mail originating from this server.
This issue will definitely affect your ability to send e-mail to the Internet. You must get this issue resolved; and it must be resolved before you can get delisted, otherwise you may end up permanently Black Listed.
Likely a PC on your network has been infected with some sort of malware (virus, trojan, etc.), and is connecting directly to the Internet and sending spam/viruses/malware.
If PCs and mail servers use the same "external IP address" for connecting to the Internet then the reputation of malicious PCs will also be applied to your mail server. Similarly, if you are providing WIFI access to the public and share the "external IP address" between your public WIFI offering and your business servers you may be putting the reputation of your mail servers at risk.
Take the following actions to remediate both the immediate problem and mitigate against future exposure:
1) Does your firewall block port 25 access to the internet from every machine except for mail servers? Remote mail servers make reputation determination based on your public Internet facing IP address. So, all PCs and servers will share the same public facing IP address through your firewall and receive the same reputation. PC's should not normally be sending e-mail to the Internet. Any malicious activity from an infected PC can adversely affect the reputation of your mail servers. Blocking outbound port 25 traffic of PCs may stop this problem.
ACTION: Lock your firewall down so only mail servers can send to port 25 (SMTP).
2) Similarly, do your mail servers and PCs use the same "external IP address" to connect to the Internet? If possible you should configure your firewall so mail servers and PCs use different public facing IP addresses. Separating the paths for outbound Internet traffic may insulate your mail servers from experiencing this problem.
ACTION: Separate outbound traffic to different Internet facing IP addresses for mail servers from other servers and PCs on your internal network.
3) If you offer publically available WIFI services ensure they are locked down as much as possible. Do not let publicly connected PCs to send out on port 25 (SMTP). If possible ensure public WIFI connections use a different "external IP address" from your business service.
ACTION: Prefent public WIFI clients from sending on port 25 and separate such traffic from your business (if possible.)
4) Defenses should always be implemented at multiple locations in your organization. Ensure anti-virus and malware filters are up to date and functioning on edge transport servers, office servers and PCs to provide full protection.
ACTION: Ensure anti-virus/malware filters are up to date.
4) An infected PC may be sending spam through your mail server. In this case you can use PerfectMail to look for and identify an infected PC. Check the PerfectMail logs for "outbound" mail only. Look for patterns of spam messages originating from inside your network. If you see a suspicious pattern of behaviour, identify the infected PC by looking at the
ACTION: Review PerfectMail mail logs to identify PCs sending suspicious e-mail.
5) Go to spamhaus.org and find the CBL list. You are listed there. There should be a form to get your IP address delisted on the site. Remember, you must get this issue resolved locally. If the issue is not resolved before delisting you may end up permanently Black Listed.
ACTION: Get de-listed
Tags: rbl, blacklist, list, spamhaus, virus, spam, malware, validation, error, reputation
Link to this article: kb/my_server_is_black_listed
Updated: Monday, March 25, 2013, 10:01
-- David Rutherford