Negative Reputation Server - Please Help

June 6, 2017, 8:25 am

≫ Next: Email being delayed when set to Messagelab.

≪ Previous: 216.82.251.230 does not like recipient. Remote host said: 421 Service Temporarily Unavailable

$

0

0

I need a solution

Hi,

My server ip is 136.243.165.42 and has been "banned" with the reason below:

The IP address 136.243.165.42 was found to have a negative reputation. Reasons for this assessment include:
The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.

We dont send spam emails. Can you help us please to find why our server is banned and we cant send emails to specific addresses?

Thanks

0

---

Email being delayed when set to Messagelab.

June 6, 2017, 8:40 am

≫ Next: emails not getting to messagelabs clients; recieved with 250, no NDR

≪ Previous: Negative Reputation Server - Please Help

$

0

0

I need a solution

We are trying to send email to various messagelab customers.  They are being delayed up to 8 hours.  I've checked and we aren't on a spam list so I don't think that is it.  This is what I see in my logs.

From: To: RID 3 - 4.3.2 - Not accepting messages at this time ('421', ['Service Temporarily Unavailable']) Tue Jun  6 07:42:08 2017 Info: Bounced: DCID 0 MID 7824155 From:

The email would be coming from 66.128.160.106.  Going to either cluster4 or cluster5.messagelabs.com

Thanks,

   Adam

0

emails not getting to messagelabs clients; recieved with 250, no NDR

June 7, 2017, 6:31 am

≫ Next: IP blacklisted as snow shoe host

≪ Previous: Email being delayed when set to Messagelab.

$

0

0

I need a solution

For the last 5 weeks or so, we've had an issue where email to several different domains did not arrive at the recipient address, and did not generate an NDR.

It took us a while to pin the issue down, but the only common feature was the domains this was happening with were all MessageLabs customers:

We've done extensive testing at our end: We've checked our Mail Domain (Stockvale.co.uk) Email server IP's (Main: 81.137.233.190& Backup: 88.97.35.149), and upstream mail relay (78.137.116.48) are not on any blacklists using http://mxtoolbox.com, setup as Open relays using http://www.mailradar.com/openrelay/, have a valid SPF Record at http://www.kitterman.com/spf/validate.html, not listed on the Symantec lookup tool at http://ipremoval.sms.symantec.com/lookup, and setup full reverse DNS names and DKIM Records, which we didn't previously have. None of this fixed the issue

Tracking the following domains we can see they all:
- Are MessageLabs customers
- The Cluster servers accepted the email
- The recipient never received the email
- The sender never received a Non Delivery Report (NDR)

claritytm.co.uk
aviva.com
essentra.com
ibs-systems.co.uk
prsformusic.com
ensgroup.co.uk
ima.org.uk

All other domains are receiving our email fine, including Barracuda and office365 clients.

Tracking through our relay, we can see the MessageLabs servers accepting the email:

Jun  6 11:01:45 webserver postfix/smtp[1624]: 72E2181253: to=<[****]@aviva.com>, relay=cluster8.eu.messagelabs.com[85.158.137.19]:25, delay=0.79, delays=0.15/0/0.29/0.34, dsn=2.0.0, status=sent (250 ok 1496743305 qp 3184 server-6.tower-39.messagelabs.com!1496743304!98273900!1)


Jun  6 17:03:25 webserver postfix/smtp[13408]: 9F6E481266: to=<[****]@essentra.com>, relay=cluster3.eu.messagelabs.com[194.106.220.35]:25, delay=0.59, delays=0.11/0/0.25/0.23, dsn=2.0.0, status=sent (250 ok 1496765005 qp 16145 server-14.tower-91.messagelabs.com!1496765004!28796128!1)

Jun  6 17:04:29 webserver postfix/smtp[13408]: 55E2781262: to=<[****]@ibs-systems.co.uk>, relay=cluster3.eu.messagelabs.com[85.158.137.83]:25, delay=0.91, delays=0.1/0/0.43/0.38, dsn=2.0.0, status=sent (250 ok 1496765069 qp 3187 server-15.tower-140.messagelabs.com!1496765068!83241465!1)

Jun  6 17:06:23 webserver postfix/smtp[13326]: BA15C81262: to=<[****]@prsformusic.com>, relay=cluster3.eu.messagelabs.com[85.158.136.35]:25, delay=0.66, delays=0.11/0/0.26/0.29, dsn=2.0.0, status=sent (250 ok 1496765183 qp 9135 server-4.tower-125.messagelabs.com!1496765182!79490357!1)

Jun  6 17:07:14 webserver postfix/smtp[13326]: AE27481262: to=<[****]@ensgroup.co.uk>, relay=cluster8.eu.messagelabs.com[85.158.137.19]:25, delay=0.7, delays=0.1/0/0.24/0.36, dsn=2.0.0, status=sent (250 ok 1496765234 qp 25118 server-12.tower-39.messagelabs.com!1496765233!98217780!1)

We are friendly with another MessageLabs customer, rickardluckin.co.uk, who were also having the issue: They opened up a case in their Symantec portal (Reference ref:_00D30jPy._50038rHwPj:ref)

This is the reply they got back from support:

"MessageLabs have come back stating that this is a false positive on their spam systems. Although I have added in the exceptions it would be a good idea to get this resolved correctly. Please can you get a copy of the emails in .MSG format for me I can supply the mail to MessageLabs and they can remove the false positive from the antispam services."

We got the .eml/.msg mails sent over, but they've not had an update on the case, and have limited time to chase on our behalf for a resolution, hence me posting here.

At the moment, rickardluckin.co.uk is the only MessageLabs customer stockvale.co.uk can email, thanks to them explicitly whitelisting us.

Could a member of the Symantec support team:

- Check on this issue, either on its own, or as part of ref:_00D30jPy._50038rHwPj:ref
- Confirm the block is removed so we can test with customers other than rickardluckin.co.uk
- Let us know if this was a genuine false positive on Symantec's end, or if there are any changes/improvements we need to make at our end to improve email reliability to MessageLabs customers

Many thanks.

0

IP blacklisted as snow shoe host

June 7, 2017, 8:53 am

≫ Next: How do you see .cloud Quarantine?

≪ Previous: emails not getting to messagelabs clients; recieved with 250, no NDR

$

0

0

I need a solution

Hello,

so I had to register in order to post to Symantec's forum. This is due to the fact that I have received no response to Investigate form query, nor the IP address in question has been removed from your black list.

The IP address 37.59.140.2 was found to have a negative reputation. Reasons for this assessment include:

• The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.

Few facts:

- The IP in question has sent no spam;

- ClamAV scanner is in place;

- Outgoing spam control software is in place;

- IP is green when checked via mxtoolbox.com;

- The host is running CloudLinux + cPanel (+ CSF).

Can you please remove the black list? It's doing quite amount of harm for our customers.

Thank you very much.

0

How do you see .cloud Quarantine?

June 7, 2017, 8:04 pm

≫ Next: IP Block List Removal

≪ Previous: IP blacklisted as snow shoe host

$

0

0

I do not need a solution (just sharing information)

In the month of May, our company had a 12% increase in malware detection emails, and half of the spam-detection e-mails decreased.

How do you see this trend?

0

IP Block List Removal

June 8, 2017, 7:50 am

≫ Next: Snow Shoe Spamming Reputation

≪ Previous: How do you see .cloud Quarantine?

$

0

0

I need a solution

Hello,

My company recently moved to a new server and took control of the IP address range 50.2.190.88/29 and have noticed that the addresses within this range are all listed as having bad reputation within Symantec's IP block list.

Currently we cannot contact suppliers or customers due to the IP addresses having a bad reputation.

I have checked SPF, DKIM, DMARC, Forward/Reverse DNS, Mail HELO, SMTP Banner, etc, and all are in order from what I can tell.

We do not send out unsolicited emails and primarily just respond to customers or process orders.

Any help to get these IP addresses removed from your block list would be much appreciated.

Sincerely,

Evan

0

Snow Shoe Spamming Reputation

June 8, 2017, 1:47 pm

≫ Next: IPremoval site says good reputation, but blocked by Symatec

≪ Previous: IP Block List Removal

$

0

0

I need a solution

Hi,

we have a new spam filter we are trying to put into production, but for some reason the IP address it is on has a reputation with Symantec Cloud Security for "snow shoe spamming" which isn't something I'd heard of until this issue came up.

It seems that Symantec is the ONLY spam filter that lists our IP address with this negative reputation, I've checked literally hundreds of other spam filters and they all show us as having a clean reputation, or listing us as whitelisted!  I've put in many requests to have our IP reputation investigated and cleared but nothing ever seems to come of it.  When I try to call Symantec they say they can't help since I'm not a customer, and getting our customers to get their clients to talk to Symantec to fix the issue has not gotten us anywhere.

The IP address in question is 173.239.120.245, if you can please have this IP reputation investigated and cleared.  There shouldn't be anything that still causes this reputation to occur, though if you see something we need to clear up I'm certainly happy to do that; I just need to know what that is.

If you could help me resolve this soon it would be very much appreciated!

0

• Negative reputation that has to be cleared up

IPremoval site says good reputation, but blocked by Symatec

June 9, 2017, 10:22 am

≫ Next: 553 Message Filtered error

≪ Previous: Snow Shoe Spamming Reputation

$

0

0

I need a solution

thanks for your help Kevin

I just tried it again and it still is being blocked by Symantic on their mailserver, not sure why but on our side it says it was delivered sucessfully but their end rejects it  

see attachment

The original request for assistance

We changed our web hosting about 3 months ago and its been a ongoing fight to try and get our bank to receive emails from anyone at our company

our ip address for our mail is 149.56.204.49 I have checked the ip address reputation investigation and it says its ok

but for whatever reason the banks mail server is rejecting it as Symantec Global Bad Senders see attached

we really need to get this resolved as its costing us a lot of time and money

thank you very much for your help

0

• atb error.png

---

553 Message Filtered error

June 9, 2017, 11:27 am

≫ Next: Mail server blocked by Messagelabs

≪ Previous: IPremoval site says good reputation, but blocked by Symatec

$

0

0

I need a solution

Hi,

since yesetrday our emails are bouncing back with the error code 553.

Our domain and IP addresses are not blacklisted, and emails are not being delivered to individuals we had regular conversations with last week.

I have submitted flase positive emails to your 'CLOUDfeedback@feedback-87.brightmail.com' address and was wonderring if anyone could advise on what we could do to resolve this issue.

Thanks,

Damian Danik

ddanik@iaccm.com

0

Mail server blocked by Messagelabs

June 9, 2017, 5:58 pm

≫ Next: 421 Service Temporarily Unavailable from MessageLabs SMTP servers

≪ Previous: 553 Message Filtered error

$

0

0

I need a solution

Hello

I just set a new mail server. The ip address  that the ISP assigned to me was already blocked by Messagelabs only (not by any other black list). I requested ip removal from Symantec black list and the IP now shows NEUTRAL, but my server still can't send to Messagelabs protected domains.

I read in another post that the ip was being throttled by Symantec because it was blocked in the past, so i need you to please completely free this IP address.

How can i provide my mail server's ip address securely?

Regards

0

421 Service Temporarily Unavailable from MessageLabs SMTP servers

June 12, 2017, 3:04 am

≫ Next: 553 Message filtered.

≪ Previous: Mail server blocked by Messagelabs

$

0

0

I need a solution

Hi.

Over the weekend, our ISP had issues with reverse DNS lookups and we suffered several instances of IP Blacklisting of our SMTP servers as a result.  Our IP addresses are below which reverse DNS back correctly now - please can you check the MessageLabs configuration to remove the IPs from any blacklists:

213.212.116.132

213.212.116.133

213.212.114.132

Jun 12 10:45:45 <**supressed**> sendmail[8315]: v5C9jaBJ008315: to=<**supressed**>, delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=40557, relay=cluster3a.eu.messagelabs.com. [216.82.251.230], dsn=4.0.0, stat=Deferred: 421 Service Temporarily Unavailable

Thanks

0

553 Message filtered.

June 14, 2017, 11:30 pm

≫ Next: 501 Connection rejected by policy [7.7]

≪ Previous: 421 Service Temporarily Unavailable from MessageLabs SMTP servers

$

0

0

I need a solution

Hi,

I send a mail to 'CLOUDfeedback@feedback-87.brightmail.com' yesterday, with some false positive mails attached.

When sending mails to customers, who we regularly stay in touch with, we keep receiving this 553 error.

It just suddenly started to happen. We haven't made any changes to our setup, so i really don't understand why we suddenly gets these errors?

We really need to be able to send mails to our customers, so is it possible that you will take a look at the mail i send you guys yesterday?

I send the mail from rsc@egn.com.

Really need this fixed today!

Best Regards

Rasmus Schiødt

0

501 Connection rejected by policy [7.7]

June 15, 2017, 4:04 am

≫ Next: Blocked by MessageLabs / Symantec Cloud error 553

≪ Previous: 553 Message filtered.

$

0

0

I need a solution

I run a clean, no-spam email server, but I continue to get blocked by messagelabs for various unexplained reasons. My server is on no major blacklists and has been running on this IP since last September.

This is getting extremely frustrating for both myself and for my customers.

The IP address is: 162.250.120.146.

The messages for various senders on my servers to various recipients over the past 10 days include:

501 Connection rejected by policy [7.7] 16307 from sender domain battlefieldroofing.com for recipient domain petersenmail.com
501 Connection rejected by policy [7.7] 4605 from sender domain battlefieldroofing.com for recipient domain metalera.com
501 Connection rejected by policy [7.7] 15103 from sender domain epiphanychurch.net for recipient domain pnc.com
501 Connection rejected by policy [7.7] 9416 from sender domain battlefieldroofing.com for recipient domain petersenmail.com
501 Connection rejected by policy [7.7] 4306 from sender domain saintann-parish.com for recipient domain jpmorgan.com
501 Connection rejected by policy [7.7] 4004 from sender domain saintann-parish.com for recipient domain jpmorgan.com
501 Connection rejected by policy [7.7] 4011 from sender domain saintann-parish.com for recipient domain jpmorgan.com
501 Connection rejected by policy [7.7] 20905 from sender domain onlinemarketingguild.com for recipient domain stvincents.org

This is way out of a hand. Please help.

0

Blocked by MessageLabs / Symantec Cloud error 553

June 15, 2017, 7:09 am

≫ Next: Message filtered error 553 by MessageLabs / Symantec Cloud

≪ Previous: 501 Connection rejected by policy [7.7]

$

0

0

I need a solution

Several of our customers and suppliers use messagelabs and are unable to send or receive email from our domain (thesolution.co.uk) consitstently. They are receiving the generic 553 message. Our SPF and DKIM records are intact, and mail is coming from legitimate accounts.

We have tested what messages can get through and it appears to be linked to the e-mail address of the sender being part of our standard signature.

Once we removed the e-mail address from the signature we appear to be able to send, but the customer then receives the error when attempting to reply.

This seems to be a problem with the content triggering the filtering.

We have checked that we are not listed on any blacklists either ip based or domain based.

Can you please explain how we can identify the problem.

0

Message filtered error 553 by MessageLabs / Symantec Cloud

June 15, 2017, 7:43 am

≫ Next: (connect to cluster5.eu.messagelabs.com[85.158.138.179]:25: Connection timed out)

≪ Previous: Blocked by MessageLabs / Symantec Cloud error 553

$

0

0

I need a solution

Several of our customers and suppliers use messagelabs and are unable to send or receive email from /to our domain (thesolution.co.uk) consitstently.

They are receiving the generic 553 message. Our SPF and DKIM records are intact, and mail is coming from legitimate accounts and IP Addresses.

We have tested what messages can get through and it appears to be linked to the e-mail address being part of the standard signature.

Once we removed the e-mail address from the signature we appear to be able to send, but the customer then receives the error when attempting to reply.

This seems to be a problem with the content triggering the filtering.

We have checked that we are not listed on any blacklists either ip based or domain based.

Replies to the customer with their e-mail signatures contained their e-mal address also fails with erro 553.

Can you please explain how we can identify the problem.

0

---

(connect to cluster5.eu.messagelabs.com[85.158.138.179]:25: Connection timed out)

June 19, 2017, 9:14 am

≫ Next: Symantec security/compliance reports such as SOC 2/SSAE-16

≪ Previous: Message filtered error 553 by MessageLabs / Symantec Cloud

$

0

0

I need a solution

Hello, 

could you please clear our IP from the blacklist? 
89.200.172.75

Some of our customers get this message when trying to send a mail :(

Best regards from Austria, 
Stefan T. 

0

Symantec security/compliance reports such as SOC 2/SSAE-16

June 19, 2017, 12:08 pm

≫ Next: Blacklist Removal

≪ Previous: (connect to cluster5.eu.messagelabs.com[85.158.138.179]:25: Connection timed out)

$

0

0

I need a solution

I am trying to find the latest due dilligence type reports for Symentec Email.Cloud. I am a member of their Customer Trust Portal but the docs there are every old - Some CenturyLink, Saavis, and Terramark docs dated 2012, 2013. Anything newer? I did email privacy@symantec.com and DL-IT-CustomerTrustOffice@symantec.com back on 5/31 and did not receive a reply.

https://www.symantec.com/connect/groups/customer-trust-portal

Thanks for any help anyone can provide.

0

Blacklist Removal

June 19, 2017, 11:23 pm

≫ Next: Full IP blocks listed?

≪ Previous: Symantec security/compliance reports such as SOC 2/SSAE-16

$

0

0

I need a solution

Dear Sir,

Our Server IP 202.130.87.248 had been blocked from you. Would you remove our IP from your blacklist and let us send out the messages?

Thanks!
William

0

Full IP blocks listed?

June 20, 2017, 2:05 am

≫ Next: messagelabs.com "Connection timed out" from my mail server

≪ Previous: Blacklist Removal

$

0

0

I need a solution

Dear Symantec,

It seems that almost our whole AS-number is listed.
The AS-number is as47869.

In particulair 94.228.208.0/20, 109.235.48.0/21, 178.239.48.0/20, 31.171.128.0/22, 37.46.192.0/22.
Is it possible to get these delisted, or let us know the exact reason so we can take actions to make sure it gets delisted again?

Thank you in advance.
Kind regards. 

0

messagelabs.com "Connection timed out" from my mail server

June 20, 2017, 4:25 am

≫ Next: Email Security.cloud Blacklist en servidores messagelabs

≪ Previous: Full IP blocks listed?

$

0

0

I need a solution

Hi,

I'm trying to send an email to a messagelabs.com address but unfortunately it's being rejected. This is from the logs:

Jun 20 12:00:34 melkor postfix/qmgr[780]: 106FF1D4: from=<XXX>, size=1266, nrcpt=1 (queue active)
Jun 20 12:01:04 melkor postfix/smtp[3072]: connect to cluster3.eu.messagelabs.com[85.158.136.35]:25: Connection timed out
Jun 20 12:01:34 melkor postfix/smtp[3072]: connect to cluster3.eu.messagelabs.com[194.106.220.51]:25: Connection timed out
Jun 20 12:02:04 melkor postfix/smtp[3072]: connect to cluster3.eu.messagelabs.com[85.158.139.3]:25: Connection timed out
Jun 20 12:02:34 melkor postfix/smtp[3072]: connect to cluster3.eu.messagelabs.com[85.158.137.35]:25: Connection timed out
Jun 20 12:03:04 melkor postfix/smtp[3072]: connect to cluster3.eu.messagelabs.com[85.158.136.3]:25: Connection timed out
Jun 20 12:03:04 melkor postfix/smtp[3072]: 106FF1D4: to=<XXX>, relay=none, delay=150, delays=0.09/0.01/150/0, dsn=4.4.1, status=deferred (connect to cluster3.eu.messagelabs.com[85.158.136.3]:25: Connection timed out)

Ths server I am using is a VPS which I know has had spam sent from it in the past (judging by the number of blocklists I had to be removed from), but it should be clean now. Could someone have a look?

This is my server:
melkor.jcowgill.uk.2209INA185.145.46.63
melkor.jcowgill.uk.3156INAAAA2a07:4580:b0d:7b9::1

Thanks,
James

0