This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL's blocking Microsoft internal and Office365 servers

I'm finding that my critical contacts can't communicate with me via email due to flagging by RBL's.  After further investigation, it includes those who are using Microsoft email infrastructure: both internal employees and corporate members who have outsourced their email services to Microsoft through Live@edu other other offerings.  It's not only these folks, but blocking these people impacts me the most.


var/log/smtp/2013/12/smtp-2013-12-18.log.gz:2013:12:18-13:53:08  ravenna exim-in[23455]: 2013-12-18 13:53:08 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="74.63.194.68"  from="bounces+273298-313f-[private information]sendgrid.info"  to="doug@[private information].com" size="-1" reason="rbl"  extra="cbl.abuseat.org" [FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-03.log.gz:2014:01:03-16:10:34  ravenna exim-in[14501]: 2014-01-03 16:10:34 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="204.13.248.72"  from="" to="prvs=008145706c=[private information]" size="13915"  reason="rbl" extra="cbl.abuseat.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-06.log.gz:2014:01:06-10:18:04  ravenna exim-in[8293]: 2014-01-06 10:18:04 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.209"  from="susan.[private information]"  to="doug@[private information]" size="16611" reason="rbl"  extra="combined.rbl.msrbl.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-06.log.gz:2014:01:06-10:18:04  ravenna exim-in[8293]: 2014-01-06 10:18:04  H=mail-bl2lp0209.outbound.protection.outlook.com  (na01-bl2-obe.outbound.protection.outlook.com) [207.46.163.209]:5037  F= rejected RCPT  : 207.46.163.209 blacklisted at  combined.rbl.msrbl.net [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-08.log.gz:2014:01:08-13:31:43  ravenna exim-in[6075]: 2014-01-08 13:31:43 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.206"  from="[private information].com" to="doug@[private information]"  size="20075" reason="rbl" extra="combined.rbl.msrbl.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-08.log.gz:2014:01:08-13:31:43  ravenna exim-in[6075]: 2014-01-08 13:31:43  H=mail-bl2lp0206.outbound.protection.outlook.com  (na01-bl2-obe.outbound.protection.outlook.com) [207.46.163.206]:42226  F= rejected RCPT  : 207.46.163.206 blacklisted at  combined.rbl.msrbl.net [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-08.log.gz:2014:01:08-13:34:08  ravenna exim-in[6301]: 2014-01-08 13:34:08 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.149"  from="[private information].com" to="doug@[private information].com"  size="18356" reason="rbl" extra="cbl.abuseat.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-08.log.gz:2014:01:08-13:37:22  ravenna exim-in[6617]: 2014-01-08 13:37:22 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.242"  from="[private information].com" to="doug@[private information].com"  size="20007" reason="rbl" extra="cbl.abuseat.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-09.log.gz:2014:01:09-14:09:53  ravenna exim-in[14288]: 2014-01-09 14:09:53 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="204.13.248.72"  from="" to="prvs=0086cc3a24=doug@[private information].com" size="9911"  reason="rbl" extra="combined.rbl.msrbl.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-09.log.gz:2014:01:09-14:09:53  ravenna exim-in[14288]: 2014-01-09 14:09:53 H=mho-02-ewr.mailhop.org  [204.13.248.72]:28519 F=<> rejected RCPT  : 204.13.248.72  blacklisted at combined.rbl.msrbl.net [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-10.log.gz:2014:01:10-12:43:14  ravenna exim-in[4950]: 2014-01-10 12:43:14 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.185"  from="[private information].com" to="doug@[private information].com"  size="10951" reason="rbl" extra="combined.rbl.msrbl.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-10.log.gz:2014:01:10-12:43:14  ravenna exim-in[4950]: 2014-01-10 12:43:14  H=mail-bn1blp0185.outbound.protection.outlook.com  (na01-bn1-obe.outbound.protection.outlook.com) [207.46.163.185]:13940  F= rejected RCPT  : 207.46.163.185 blacklisted at  combined.rbl.msrbl.net [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-10.log.gz:2014:01:10-23:51:44  ravenna exim-in[32238]: 2014-01-10 23:51:44 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="204.13.248.72"  from="" to="prvs=0088fe969f=doug[private information].com" size="4677"  reason="rbl" extra="bl.spamcop.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-14.log.gz:2014:01:14-07:51:08  ravenna exim-in[14631]: 2014-01-14 07:51:08 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.154"  from="[private information]com" to="doug@[private information].com"  size="26180" reason="rbl" extra="cbl.abuseat.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-15.log.gz:2014:01:15-21:20:11  ravenna exim-in[10406]: 2014-01-15 21:20:11 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="157.55.133.100"  from="" to="doug[private information]com" size="10082" reason="rbl"  extra="bl.spamcop.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-16.log.gz:2014:01:16-12:49:00  ravenna exim-in[10423]: 2014-01-16 12:49:00 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="209.85.214.201"   from="3ukXYUhIJAEMqfgwfitwnzxmzrfszxlrfnq.htr@calendar-server.bounces.google.com"  to="doug@[private information].com" size="-1" reason="rbl"  extra="cbl.abuseat.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-16.log.gz:2014:01:16-12:49:18  ravenna exim-in[10446]: 2014-01-16 12:49:18 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="74.125.82.48"  from="[private information].com" to="doug@[private information].com"  size="-1" reason="rbl" extra="zen.spamhaus.org" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-16.log.gz:2014:01:16-13:00:13  ravenna exim-in[11676]: 2014-01-16 13:00:13 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="209.85.128.73"  from="3W0jYUhIJAOgVKLbKNYbSecReWKXecQWKSV.MYW@calendar-server.bounces.google.com"  to="doug@[private information].com" size="-1" reason="rbl"  extra="bl.spamcop.net" [/FONT]
[FONT=monospace]/var/log/smtp/2014/01/smtp-2014-01-16.log.gz:2014:01:16-13:06:19  ravenna exim-in[12739]: 2014-01-16 13:06:19 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="209.85.213.73"  from="3W0jYUhIJAOgVKLbKNYbSecReWKXecQWKSV.MYW@calendar-server.bounces.google.com"  to="doug@[private information].com" size="-1" reason="rbl"  extra="b.barracudacentral.org" [/FONT]
[FONT=monospace]/var/log/smtp.log:2014:01:17-12:11:36  ravenna exim-in[8201]: 2014-01-17 12:11:36 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.150"  from="[private information].com"  to="doug@[private information].com" size="32305" reason="rbl"  extra="psbl.surriel.com" [/FONT]
[FONT=monospace]/var/log/smtp.log:2014:01:17-12:14:28  ravenna exim-in[8411]: 2014-01-17 12:14:28 id="1003" severity="info"  sys="SecureMail" sub="smtp" name="email rejected" srcip="207.46.163.189"  from="[private information]com"  to="doug@[private information].com" size="32438" reason="rbl"  extra="cbl.abuseat.org" [/FONT]
Does anyone have any thoughts on best practices for RBL's or what to tell a CEO when he suggests one's email server [Sophos Gateway] is misconfigured.

Thanks,

~Doug


This thread was automatically locked due to age.
Parents
  • it seems they have added a ton of blocklists to their utm..some of them are dubious at best.  I think they either need to build an extensive whitelist OR they need to tone down their anti-spam settings a bit.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • it seems they have added a ton of blocklists to their utm..some of them are dubious at best.  I think they either need to build an extensive whitelist OR they need to tone down their anti-spam settings a bit.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children