Software

General discussion

Locked

Has anyone else been blacklisted?

By jdclyde ·
Been going through heck for over a week now.

It seems our corporate e-mail has made it onto the CBL blacklist. http://cbl.abuseat.org

They state the reasons for blacklisting can be:
Being a Relay
Infected with Netsky, Bagle, MyDoom or others.
Or if using NAT'ed addresses, then another system on the network may be sending out the SPAM.

Have taken the following steps.
Blocked SMTP from all system except the e-mail server witht the firewall.
Double checked if mail server was running as a relay.
Server runs Linux, so the above mentioned viruses do not apply.
Have scanned the network and the server for anything that looks suspicious.

All come up clean.
Request removal from list, get removed and put right back on a day later.
After getting blacklisted 4 times this week, I am starting to get upset.

Has anyone else had this problem?
How did you resolve this issue?

Would this blacklisting be illegal for them interfering with the transmission of legitamate business usage that we have paid for?

How do I stay off that list?
Is there a governing authority that this organization can be reported to?
Is there a legal authority they can be reported to?

Or do I just have to sit here and cry in my oatmeal?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Beautiful

by house In reply to DNS Stuff

Thanks a lot. This web utility will come in handy. :)

I deal with a lot of email issues that are usually the result of the kind of activity discussed in this thread.

Collapse -

@MM on a linux server?

by jdclyde In reply to blacklisted

I am still looking into this, but right off the bat most of the viruses can be written off because they only run on Window servers.

Any advise from the linux guys out there?

Guess I will have to start a thread under the linux heading and refer back to this.

Thanks again everyone.

Collapse -

Just because you are running a Linux Server

by HAL 9000 Moderator In reply to @MM on a linux server?

Doesn't mean that you can not be transmitting the Windows Viri just that they have no effect on the Linux Server.

If you like most places have Windows Desktops I would start scanning everyone of them and look for infections or the like.

Yes I know it is painful but as this crowd keeps blacklisting you and it is adversely affecting your business you will have to make sure that there is no way that this is possibly coming from the business. Just one of the Desktops needs to be infected to cause this problem and most likely if one is than most of them will be. The Server should be OK so start looking at the week side of things and that is everything Windows.

If that all comes up clean then have you recently had someone leave under less than ideal circumstances? It could always be someone spoofing your IP but you first have to rule out any possibility that there is a problem within the network.

I hope that gives you something to start with.

Col

Collapse -

I have blocked SMTP

by jdclyde In reply to Just because you are runn ...

from all systems except for the e-mail server.

Any windows system with it's own mass mailer on it should be dropped by the firewall on the way out?

Will give them another check, just to make sure.

Collapse -

In that case I think you'll

by HAL 9000 Moderator In reply to I have blocked SMTP

Find OZ is on the right track.

What he has suggested further down is terrifying and all the more so because it is the most likely scenario.

Col

Collapse -

Internal relay

by Roger99a In reply to I have blocked SMTP

I'm not a Linux guy, but it could be that the mail server is relaying for internal addresses. Exchange will do it, and you have to specify which IP addresses it will allow relaying for.

Collapse -

@mm

by house In reply to @MM on a linux server?

...can exploit your domain without actually residing on your server. I can send from your address if I went through smtp without authentication... don't ya know? I don't necessarily have to be on your network.

Collapse -

jdclyde

by Oz_Media In reply to Has anyone else been blac ...

I am starting to think that the recpient is using a CBL list that is checking so many different data logs that everytime it rescans that databse and updates itself, you are reblacklisted again.

It could be that you are blacklisted by several lists and the CBL is just regathering that data periodically.

"I delisted my IP, but it keeps getting relisted again. Why??

You have a virus, or an open proxy, a trojan spam-sender or some other sort of security compromise, which is causing your IP to be relisted. Always ensure that viruses, open proxies, etc. are removed or secured before trying to delist your IP.

If you did all that but still keep getting listed, then see below for where to talk about the problem."


Is this happening when sending to specific clients? Perhaps THEY are using the CBL as a quick workaround and not updating it properly or simply using too many data files and some also have you blacklisted. If they haven't properly configured their CBL lookup it will also reflect inaccurate info.

I would PHONE the people with the list, send them email and ask how you can call someone directly, explain that YOU are running a business and need to resolve thi sproblem once and for all or else you will be exploring your legal options.

You see what a joke these guys really are, what kind of company only offers an email address for contact?

One with no proper stucture and usually one run by whoever can get to the email in their spare time, including perhaps lunch breaks at school, time between classes etc.

You are being blocked via a list with no contact information, no office and no staff?

This just enhances the importance of companies needing to use properly wieghted SPAM control and not just blocking based on lists. Cheap solutions = cheap results. People seem to forget they are running a business when it comes to stuff like this. $50.00 or $2000.00, how much is your companies correspondence worth? Can you IMAGINE if a similar system was on phone lines? My God, it would sure hit the fan fast!

More details on what mail is being blocked would be worth looking at, as far as where it is going if it isn't all mail. Whether a specific company or similar companies or if this is just randomly hapening to email.

Collapse -

This is scary, tho

by RknRlKid In reply to Has anyone else been blac ...

I was reading through the responses explaining how someone can get listed on one of these blocking services, and decided to go to the CBL site to see what they had to say. While I think they do a service, they are also scary because basically these companies are loose cannons who can list anyone they choose, without ever disclosing why. Proof? From their own FAQs:

"What are the exact criteria for listing on the CBL?
Those will not be disclosed."

I have a problem with that. I have no problem with their being a standard, and having people adhere to a standard. But when the standards are not listed or given, then how can anyone know if they are failing to meet the standard? How can you fix a problem when you don't know how the problem was found?

I think I am going to shoot an email off to them for more clarification.

Collapse -

Let us know

by jdclyde In reply to This is scary, tho

If they have anything to say for themselves.

Yes, I have been real frustrated with this. And they don't notify you that you are on their list. You find out when your business comunincations start getting blocked and users start complaining to you.

This undermines the users confidence in the service that IT provides them.

Related Discussions

Related Forums