Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Marked spam again

  1. #1
    iceruam is offline Special Member
    Join Date
    Oct 2006
    Posts
    124
    Rep Power
    8

    Default Marked spam again

    I am in need of help trying to figure out why I keep getting put on a blacklist every couple of weeks with The CBL and now sophos.com

    "Your IP has been HELOing as using the string
    ;; connection timed out; no servers could be reached".


    I have researched and researched but I am unable to find out what this means. My zimbra server is up to date patch wise
    I have a firewall in place
    I am not an open relay
    I am totally confused...has anyone else had this problem and figured out how to correct it?

  2. #2
    iceruam is offline Special Member
    Join Date
    Oct 2006
    Posts
    124
    Rep Power
    8

    Default

    Wow I find it hard to believe that I am the only one who has ever experienced this issue...must be do something totally wrong

  3. #3
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    333
    Rep Power
    7

    Default

    Don't take any of this the wrong way - but any of these are possibilities:
    • Are you SURE you are not an open relay? Have you tested from external IPs?
    • What content of messages are you sending? Are your messages all legitimate to opted in customers/clients/etc.?
    • Do you have any compromised accounts? Have you reviewed your maillog for traffic?
    • Have you added yourself to the feedback loops of major ISPs to know what mail from your servers people are reporting as spam?
    ---
    Paul Chauvet
    State University of New York at New Paltz

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    In addition to the above, Zimbra version and release would be of help. How about using SPF, DKIM and DMARC to make sure your mail is less likely to get marked as spam? Apart from the cryptic error message you haven't really given much information about the problem nor what information is held by the RBL nor whether you've done a google search for that error message and what you've also tried to get yourself of (and keep off) the RBL - i.e what additional measure have you taken to check and protect your server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    iceruam is offline Special Member
    Join Date
    Oct 2006
    Posts
    124
    Rep Power
    8

    Default

    I am not an open relay I used mxtoolbox to verify this,
    Yes all the emails we send are legitimate company correspondence...at typical day we send about 200-300 emails
    I am not able to locate any compromised accounts so I do not think so
    no, the email start getting kicked back because there servers refuse to talk because we are listed in the CBL
    I use SPF, I am unfamiliar with DKIM and DMARC
    I have done much looking for solutions. I wish I could use gmail on an account basis, not one global gmail account to send mail (but use the zimbra interface, not outlook or thunderbird) I was able to us gmail with one global but I was denied mail sending after only about 2 hours. We send most of our emails out in the morning and do a lot of CC'ing
    I am using 8.0.3_GA_5664.FOSS on ubuntu 12.04.2 LTS

    This is the cbl message I get

    IP Address 65.##.##.## is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

    It was last detected at 2013-07-18 19:00 GMT (+/- 30 minutes), approximately 16 hours ago.

    It has been relisted following a previous removal at 2013-07-12 17:39 GMT (6 days, 16 hours, 54 minutes ago)

    Your IP has been HELOing as using the string

    ;; connection timed out; no servers could be reached".

    This may be related to Debian bug number 375787, or it may be some other automated mis-configuration of your mail system. Please fix your configuration.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    Quote Originally Posted by iceruam View Post
    Your IP has been HELOing as using the string
    I've really no idea about this problem and the bug report you've listed appears to relate to sendmail in Debian/Ubuntu. As the listing (and the bug reports) mention the ehlo/helo response have you checked that? Are you actually relaying through gmail (that's what your comment implies)? If you are relaying through another server is there any reason you can't send directly? Other than that I'm afraid I have no other suggestions to make.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    333
    Rep Power
    7

    Default

    Is it just your single IP that is getting blacklisted or the range you are in? Perhaps there are problems at the ISP level (i.e. a whole range getting blocked for spam).

    You really need to get on some feedback loops to find out if messages you send are getting blocked:
    Email Marketing Tips: 10 Email Feedback Loop Lists

    Aside from that, you are only sending 200-300 messages per day. Its few enough that its time consuming, but feasible, to manually review your mail logs. Additionally, review your "Daily mail report" that Zimbra sends to the admin@ account.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  8. #8
    omegainstitute is offline Senior Member
    Join Date
    May 2007
    Location
    Rhinebeck, NY
    Posts
    62
    Rep Power
    8

    Default

    It's quite possible that you have an infected machine on the inside of the firewall that is sending its own emails out, not interacting with Zimbra at all. We've had this issue from time to time and limit the IP's that are allowed to send emails from the inside accordingly. Check the firewall and see if you can track down what internal IP is sending the offending messages.

  9. #9
    iceruam is offline Special Member
    Join Date
    Oct 2006
    Posts
    124
    Rep Power
    8

    Default

    No, what I am saying is, I wish I could send through gmail.

  10. #10
    iceruam is offline Special Member
    Join Date
    Oct 2006
    Posts
    124
    Rep Power
    8

    Default

    whoever uses black lists, which a lot do.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Not marked as spam but go to junk
    By ishinju in forum Administrators
    Replies: 4
    Last Post: 09-23-2013, 10:30 AM
  2. Marked SPAM bounced?
    By mhammett in forum Administrators
    Replies: 1
    Last Post: 05-06-2013, 11:34 AM
  3. Replies: 3
    Last Post: 08-17-2012, 12:01 PM
  4. Replies: 0
    Last Post: 06-20-2012, 12:59 AM
  5. Email sent is marked as spam
    By MrBryce2000 in forum Installation
    Replies: 18
    Last Post: 08-16-2008, 02:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •