# Blacklisted, what to do?

## audiodef

Since about a month ago, I have been unable to email a couple of businesses I buy music and recording equipment from. My mail server (which I run myself) has been telling me, after quite a delay, that my messages could not be delivered. It's just these two businesses - everything else seems fine. 

So I did a blacklist check on whatismyipaddress.com. I seem to be blacklisted by b.barracudacentral.org, which was mentioned in the rejection messages from my mail server. I have tried their contact us form but have not heard back after three days. 

Also blacklisted by dnsbl.justspam.org. No one else is blacklisting my server's IP address. I believe I had taken reasonable precautions in setting up my mail server, and since only two places in a long list of blacklisters have me on their list, I must be doing something right. But the fact that my server is listed anywhere tells me I might not have done everything I could have. 

Not sure this could be from an old history with the IP address from before it was mine, since this is a recent thing. 

I need to be able to do business and buy studio gear! So what can I do on my end to prevent this from happening?

----------

## Jaglover

First check if you are running an open relay, there are online tools for that.

https://duckduckgo.com/?q=open+relay+test&atb=v23__&ia=web

----------

## audiodef

Thanks for pointing me in the right direction. 

Using mxtoolbox, the only thing it found wrong with testing my mail server was "Reverse DNS does not match SMTP Banner." But I have:

```

smtpd_banner = $myhostname ESMTP $mail_name

```

in my postfix's main.cf. I added this line and then did postfix reload. No change from mxtoolbox. 

Mailradar passed my server as not accepting relays, which I knew it should. (But good to double-check!)

So Barracuda zoomed in on my SMTP banner, which seems like overkill, but whatever. What should I change the above line to?

EDIT:

Fixed by simply adding my SMTP hostname to the banner string. 

So now my server literally passes every test two different tools performed. How do I get Barracuda to stop holding up my business?

----------

## Jaglover

You used Contact form or Removal Request form at Barracuda?

Are there any Windows machines behind the same IP address? They may send spam and your IP address is held responsible.

----------

## audiodef

It's a hosted dedicated server, so if Hetzner is doing anything, it is beyond my control. I have nothing attached to my server of my own doing, and all my mail clients are Linux-based. I'm the only user. 

Yeah, I used their removal request form. It said I should have been placed in a temporary "OK" status while they investigate, but that never happened.

----------

## Jaglover

Can't think of anything further. As a side note I have to mention it may not be the mail server that is sending spam. In case a box is compromised the attacker usually installs his own mail sending application to send out bulk email. You could request one of alleged spam messages from them and look at the headers.

----------

## szatox

How about calling those 2 businesses and asking them for white-listing you?

Other things could be:

missing SPF information - it's not strictly an error in configuration, but some systems classify all emails as spam if server is not explicitly allowed there. Missing SPF allows everything _implicitly_

missing whois information - if you try to hide your identity some systems are more likely to reject your mail. Using datacenter's whois information, or DNS provider's whois masking both fall into this category.

Missing PTR could also result in bumping your spam score.

And one more that is worth checking: I suppose you only have a single IP or handful of those. Check your neighborhood. Sometimes the whole prefix gets banned. I know some servers that were banned for that reason, when the whole /24 network was added.

----------

## 1clue

Things that make a difference:

Do you send automated messages from this server, like mailing lists or newsletters to lots of people, or have a webapp that sends email to customers based on some form action?

Do you send lots of attachments, particularly to images?

Do you send lots of links to some server?

Spam tends to have lots of the above things. Some email servers like gmail analyze the messages they receive and categorize a site as a spam site that way.

If somebody "near" your IP address has been classified as a spammer some blacklists mark the neighbors as suspect.

While I haven't seen proof, I suspect that having a porn site "near" your IP makes a difference too.

Do a reverse lookup on your IP address.  Or google your ip address and see what comes up. Sometimes you can get old domain names that way.

Sending lots of apparently similar emails that contain one attachment, like a PDF, without text in the message or without a subject, can be a problem too. I've had trouble just mailing somebody pdf documents that the users asked for, it gets classified as spam by some of the bigger email servers.

----------

## audiodef

The whois on my server's IP address is the hosting company's datacenter info. Do I have any control over that?

----------

## Aiken

 *szatox wrote:*   

> 
> 
> missing SPF information - it's not strictly an error in configuration, but some systems classify all emails as spam if server is not explicitly allowed there. Missing SPF allows everything _implicitly_
> 
> missing whois information - if you try to hide your identity some systems are more likely to reject your mail. Using datacenter's whois information, or DNS provider's whois masking both fall into this category.
> ...

 

Spf is a strange beast. I get dmarc reports about spoofed emails where both spf and dkim failed with a comment the dns queries were ignored and emails were delivered. Emails from my mail server always go to junk when sending to someone @ outlook.com which is frustrating. Spf, dkim, server greeting, A, AAAA, PTR, ssl certs all line up. I run with spf -all and dmarc p=reject. Sent an email to someone @ outlook.com via a mail server not in my spf and with the -all and reject settings it went straight to inbox. I have many hotmail dmarc reports showing they ignored spf -all and delivered spoofed emails.

While I have it set up I don't have a high opinion of how spf is handled.

Interesting about the whois bit. Since reading your comment have googled email deliverability whois and a bit about that came up. 2 of my domains I use the id privacy the registrar offers and one domain has my name. Am not seeing any difference between them with junk vs inbox.

 *1clue wrote:*   

> 
> 
> If somebody "near" your IP address has been classified as a spammer some blacklists mark the neighbors as suspect.
> 
> 

 

Yet another frustrating one. Find yourself on a blacklist, go to their web site to be told you are not sending any spam but too bad you are in the /24 to /20 they have decided to block.

----------

## frostschutz

This is why I rent external mailserver instead of running my own. Make it someone elses headache.

----------

## 1clue

 *frostschutz wrote:*   

> This is why I rent external mailserver instead of running my own. Make it someone elses headache.

 

IMO properly running a mail server is a bigger headache than anything else in the enterprise.

----------

