ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] blacklists

2008-01-29 12:02:33
from [Chris Lewis] [Permanent Link] 
James Muir wrote:
[I hope this question is not off-topic. I am looking for help and am having a hard time finding an appropriate forum in which to ask for help.] 

Actually, it is offtopic, but a short answer should be okay ;-)

Better venues might be news.admin.net-abuse.email or spam-l.
Our department's server was blacklisted on Friday (our reputation is currently listed as "poor") and it is causing a few headaches for us: 

http://www.barracudacentral.com/index.cgi?p=lookups&r=1&ip=140.184.76.9


Barracuda is infamous for appropriating public blacklists, and utilizing
them as their own. So, the first thing to do is check http://www.dnsstuff.com (or some other multi-DNSBL tester), which shows that your IP isn't listed anywhere in any of the 3rd party lists it knows about. If you find it listed (especially one of the dozen or so useful ones), fixing that should solve your problem within a few hours or less.
So, this is not an imported entry, it's Barracuda itself, and contacting them is the only way.
If their web interface isn't generating a response, it may be broken, and you need to report that. Barracuda itself is at support(_at_)barracuda(_dot_)com, and you could try phoning them. I think your email means you're a customer, so they should be obligated to assist.
An alternative would be, since this appears to be mostly within campus, contacting the email admins and getting them to whitelist this IP within their Barracudas - since this is your admins blocking you, they really should be able to assist. But this doesn't help if you're emailing off-campus. 

In the mean time: it says that the last "suspicious event" from this IP
was at 01/29/08 10:52:20 PST.  Check your mail server logs for something
at that time.
Secondly, if this IP is a NAT fronting for end-user desktops, it would probably be a very good thing to secure the NAT so that end-user desktops can't get to the Internet on port 25. Or, split the mail server from the NAT. Or something like that.
e.g. we can't send email to other machines within the university because they reject messages using the blacklist :-) We think the reason we were blacklisted is because mailman was sending out reject messages in response to spam sent to one of our mailing lists.
It could be any number of things. If this IP is a NAT, it probably is infected machines spewing.
According to the web page above, once you request removal, then your IP is supposed to be temporarily removed while your request is considered. But, so far (four days later) this hasn't happened. 

Sounds like the web page is busted.  Contact their support.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] blacklists, James Muir
Next by Date:  Re: [Asrg] blacklists, SM
Previous by Thread:  [Asrg] blacklists, James Muir
Next by Thread:  Re: [Asrg] blacklists, SM
Indexes:  [Date] [Thread] [Top] [All Lists]