T-online.de blacklist “host refused to talk to me” (BL)

emailpostfix

I got following error message for several days, as my server tried to send a message to an emailadress at t-online.de:

host mx02.t-online.de[194.25.134.9] refused to
talk to me: 554 IP=xx.xx.xx.xx - A problem occurred. (Ask your postmaster
for help or to contact tosa@rx.t-online.de to clarify.) (BL)

At several forums I read that this problem without the (BL) appendix occurs if you sent 100+ messages a day and/or they were spam. They say, after 24 hour, this quota will be set to zero again and you get unblocked automatically. But this did not happen. We were still blocked after 3 days.

Our server did not send any spam and was not compromised. Also, a possible reason could be redirect domains, e.g. user@example.com redirects to user@t-online.de . In this case, the hostmaster of example.com will be made "guilty" if he forwards spam he received. However, our server also uses no email forwarding, so this couldn't be the reason either.

Also, our server was not listed at any blacklists of ipvoid.com .

So, the question is why are we getting this error message and is our server probably compromised by hackers?

Best Answer

I have finally found out that all the pages I visited during research were talking about the error message without the (BL) suffix. Without "(BL)", the server wants to tell you, that you are blocked automatically and will be unblocked automatically after 24 hours. You should check forward settings or spamming users, as discussed in the web forums.

In our case, the error message had the rare suffix "(BL)", which meant that our server was on the internal permanent blacklist which is a very rare condition and not well documented. Now it makes sense - BL stands for blacklisted, of course. Writing "Permanent blacklisted" would have helped.

After contacting the email address given in the error message, it turned out, that not our server itself was permanent-blocked, but the datacenter, because there were too many spamming users. Due to our request, only our server IP (xx.xx.xx.xx/32) was whitelisted.

Related Solutions

5.5.0 smtp;554 transaction failed spam message not queued

The unfortunate nature of current anti-spam techniques is that they are imperfect and prone to false positives if the recipient has settings wound too tight. I don't have a specific answer for you but I think there would be value in trying a few troubleshooting steps:

Is this happening for all messages to that domain? Or just some?
If the sender re-sends the message later, does it go through? (Just trying to determine if block is due to flow-control or is message specific.)
Can you send manual tests (for example from the command-line via telnet) and successfully send a message?
Did this behavior start recently? Or has this been an on-going issue?
Have your users ever been able to successfully send to this domain?

If nothing obvious stands out, I'd suggest collecting a packet capture and examining the SMTP conversation. That might provide clues on when exactly the message got rejected. If not, you'll have some "evidence" you can provide to the recipient mail administrator who can hopefully elaborate on what's going on.

Hope this helps.

Gmail.com detect mail as spam, but the server is not on any BlackList

HELO Mistake

The email is being sent out from

    mail.megatec.co.il. 62.219.123.33

Not

    megatec.co.il. 67.228.132.128

Your helo should be

    helo mail.megatec.co.il

SPF - Not Available

Your SPF is either not update or setup incorrectly. A dns query to varies server fail to retrieve it. Even the SOA(ns1.bezeqint.net) failed.

If TXT is setup correctly, ns1.bezeqint.net should relfect the changes within a few minutes, regardless of TTL.

Google dns

# dig @8.8.8.8 megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 megatec.co.il txt ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 42780 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0,
AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;megatec.co.il.            IN  TXT

;; AUTHORITY SECTION: megatec.co.il.        1800    IN  SOA ns1.bezeqint.net.
hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 307 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon
Dec 24 13:18:09 2012 ;; MSG SIZE  rcvd: 94

OpenDNS

# dig @4.2.2.2  megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @4.2.2.2 megatec.co.il txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21588
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;megatec.co.il.         IN  TXT

;; AUTHORITY SECTION:
megatec.co.il.      3600    IN  SOA ns1.bezeqint.net. hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 338 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Mon Dec 24 13:21:37 2012
;; MSG SIZE  rcvd: 94

ns1.bezeqint.net

# dig @ns1.bezeqint.net megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @ns1.bezeqint.net megatec.co.il txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11214
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;megatec.co.il.         IN  TXT

;; AUTHORITY SECTION:
megatec.co.il.      3600    IN  SOA ns1.bezeqint.net. hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 150 msec
;; SERVER: 192.115.106.10#53(192.115.106.10)
;; WHEN: Mon Dec 24 13:25:25 2012
;; MSG SIZE  rcvd: 94

Best Answer

Related Solutions

5.5.0 smtp;554 transaction failed spam message not queued

Gmail.com detect mail as spam, but the server is not on any BlackList

Related Topic