I recently moved my company’s Administration Offices from one site to another.
Simple I thought.
- Purchase a new internet connection
- move the email server
- and reconfigure email to be sent and received on the new internet connection
Apparently not. A few days after moving to the new IP Address I get a call from a user saying that their email is getting blocked by the Barracuda Reputation Block List (BRBL)*.
Me being me I assumed I had something misconfigured. So then ensued days of checking to make sure all my internal systems where virus / malware free. That the gateway firewall rules were all explicit DENY unless allowed. That no host other than the email server could send SMTP traffic out. And following the Barracuda reasons for blacklist page to make sure I was not accidentally causing my own problems.
I called my ISP and they started looking at reasons why I was getting blocked. RBL’s it seems can use a lot of different methods to decide to recommend blocking your IP.
Reasons why you get on a RBL
Although you have purchased a “business grade” connection your ISP may have used it in a dynamic range in the past. Dynamically assigned IP ranges are traditionally highly suspect because home users aren’t aware that their computers are 0wn3d by evil h@x0rs. RBL’s can list this as DYN-ADDR and subscribers to the RBL can blanket deny anthing from a DYN-ADDR range. So your IP can have a lingering black mark from this heritage. So strike one for your IP having a checkered past.
Another problem can be the previous user of the IP address. If they have been infected by Malware and Trojans then you will perhaps have further listing/s on the internet for SPAM sending and DICTIONARY ATTACKS.
I typed my IP address into Google and got a link to http://www.projecthoneypot.org. This showed that prior to me using the IP address it was a known source of SPAM and Dictionary Attacks (A year before I used the IP but still a bad reputation can hang around).
So what to do:
The recommended way of not having to worry about getting your IP on a RBL is to use your ISP’s mail server as a smart host.
You can usually identify this server by:
- the SMTP email setting in your email client (e.g. Thunderbird, Outlook, Outlook Express)
- or the ISP will usually publish it’s SMTP server address on it’s website.
Configure your onsite server to send everything via this server. Your ISP will be managaing their email server infrastructure so that all it’s customers can send email. Your email will be sent to the Smart Host and then relayed from there to it’s destination. The benefit is you can screw down your firewall rules to one outgoing SMTP connection (your email server to the smarthost) and whatever inbound rules you need to get mail delivered to your email server.
So what to do to get your IP address a good reputation:
Make sure your Email Gateway IP address has the correct RDNS (Reverse DNS entry). Something like mx1.yourdomain.com and that you have an A record with the same name pointing to the same IP address. Re your ISP for the RDNS and your Domain Name Host for the A record. See Check your DNS/RDNS Setup below.
Go onto the internet and search for every major RBL site, go to their listing lookup page, do a lookup for your IP and if it’s listed as a bad IP address try to get it de-listed before you start using it for email. You can get the assistance of your ISP to do this because their postmaster may have a good working relationship with the RBL providers and can help expedite getting your IP back to having a good reputation.
You can also pay $20USD protection money to EmailReg.org and this is supposed to assist the Barracuda RBL to trust your IP address by providing a mapping of which IP Addresses send emails for your domain.
Check your DNS/RDNS setup
Using my ISP’s mail server as an example of a correct setup:
# first find the A record for the host dig @126.96.36.199 mail.exemail.com.au ; <<>> DiG 9.6.1-RedHat-9.6.1-2.fc11 <<>> @188.8.131.52 mail.exemail.com.au ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22687 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;mail.exemail.com.au. IN A ;; ANSWER SECTION: mail.exemail.com.au. 11375 IN CNAME chestnut2-mail.exetel.com.au. chestnut2-mail.exetel.com.au. 314 IN A 184.108.40.206 ;; AUTHORITY SECTION: exetel.com.au. 1756 IN NS ns1.exetel.com.au. exetel.com.au. 1756 IN NS ns2.exetel.com.au. ;; ADDITIONAL SECTION: ns1.exetel.com.au. 765 IN A 220.127.116.11 ns2.exetel.com.au. 1370 IN A 18.104.22.168 ;; Query time: 34 msec ;; SERVER: 22.214.171.124#53(126.96.36.199) ;; WHEN: Thu Jul 16 00:01:39 2009 ;; MSG SIZE rcvd: 157 # next lookup the ptr record which is the RDNS (Reverse DNS) # by querying the IP supplied from above (188.8.131.52). # note the "A" record and the "PTR" return the same hostname # in this case chestnut2-mail.exetel.com.au. dig @184.108.40.206 -x 220.127.116.11 ; <<>> DiG 9.6.1-RedHat-9.6.1-2.fc11 <<>> @18.104.22.168 -x 22.214.171.124 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63734 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;126.96.36.199.in-addr.arpa. IN PTR ;; ANSWER SECTION: 188.8.131.52.in-addr.arpa. 19431 IN PTR chestnut2-mail.exetel.com.au. ;; AUTHORITY SECTION: 0.233.220.in-addr.arpa. 17086 IN NS ns2.exetel.com.au. 0.233.220.in-addr.arpa. 17086 IN NS ns1.exetel.com.au. ;; ADDITIONAL SECTION: ns2.exetel.com.au. 1002 IN A 184.108.40.206 ns1.exetel.com.au. 457 IN A 220.127.116.11 ;; Query time: 34 msec ;; SERVER: 18.104.22.168#53(22.214.171.124) ;; WHEN: Wed Jul 15 23:36:46 2009 ;; MSG SIZE rcvd: 153