Messaging Gateway

 View Only

Brightmail blocking IPs incorrectly

  • 1.  Brightmail blocking IPs incorrectly

    Posted May 29, 2015 04:05 AM

    For a week I have had 3 of my IPs blacklisted with Brightmail.  I run a very tight ship, and cannot see any outgoing spam after delving deep into the bowls of the mail server config again to check for mistakes.  I request them de-listed, and they are.

    Next day they are back on.  I repeat this 2-3-4 times with different pleas for information on what is causing the listing, but no response.  I sent the Symantec security team an email, no response.  For reference, on www.senderbase.org all 3 have a "Good" reputation, not even "Neutral", but "Good".

    While checking Senderbase (click above link), I see that there is a server on my subnet that is blacklisted all over.  I then check ALL the /24 IPs in my subnet and while none but 1 are listed in any blacklists, ALL but one is listed with Symantec Brightmail. I finally think I've found the culprit.  Symantec must be blacklisting the entire /24 net due to one server.

    I manage to figure out who owns the server, contact them, they stop the spam immediatly and within 6 hours, they are off all blacklists, including Symantec.  They are still off the list today.

    I then request mine delisted, which they are.  Great!

    2 of them are back on the list today,  For the first time it's not all 3, but only the last 2 IPs below.

    I'm at wits end.  I cannot figure out why I keep getting put back on the list.  This is affecting alot of my customers and it is very frustrating I cannot get an example of why I am listed, so I can fix the problem.

    For some reason Symantec also does not se my Reverse lookup, which is fine anywhere else like MXToolbox etc. http://mxtoolbox.com/SuperTool.aspx?action=smtp%3a217.170.205.70&run=toolpage

    217.170.205.46

    217.170.205.70

    217.170.205.111

    Any help, feedback, tips is appreciated.  I've read posts, forums, mailinglists, product specs and done my due dilligence technically, but I cannot figure this one out.