Why is the email server in AT&T’s blacklist

blacklistemailrbl

I just got this bounce message:

<████████@att.net>: host scc-mailrelay.att.net[204.127.208.75] said:
    521-88.208.246.34 blocked by sbc:blacklist.mailrelay.att.net. 521 DNSRBL:
    Blocked for abuse. See http://att.net/blocks (in reply to MAIL FROM
    command)

So I'm trying to figure out why our server ended up on their blacklist. The web page link doesn't tell me why, as far as I can see. From a few multi-RBL tools I conclude that our IP is only on the collateral damage lists of uceprotect.net (you can be exempt from that with a paid subscription), and I dearly hope that AT&T doesn't use that.

From the mail server logs I see that an email to another @att.net address went through two days ago without being blocked.

Does anyone have any ideas how I can find out what went wrong?

Best Answer

If you go to mxtoolbox.com and put in your IP, you can get a blacklist report. Your IP is on two of them:

Click the details next to the BL in question and it will tell you why you are on there and how to remove your self.

EDIT: I see that you already know that you are on the UCE Protect... Most mail admins use clearing house BLs that query all of the known ones, like SORBS, UCE, spamhaus, etc. You would need to talk with AT&T to determine which ones they are using. I noticed that they have a form you can fill out to find out why you were blocked...

EDIT2: Also, you should try adding your IP(s) to http://www.whitelisted.org. Supposedly, this will get around the UCE2 and UCE3.

rant
As a side note, I don't blame you for being upset at AT&T using UCE2 or UCE3. The people that run that blacklist have a bad attitude that is hurting everyone. They seem to think that you can switch ISPs on a whim when they won't shutdown a spammer. This mentality is just not practical in the current age of spam botnets of millions of computers scattered around the globe.
/rant

Related Solutions

Postfix Whitelist – How to Set Up Before Recipient Restrictions

If you do processing based on RCPT TO address, you are going to flood this person with spam, because it will disable any further spam checks.

Your only option is to use check_sender_access.

smtpd_recipient_restrictions =
            check_client_access hash:/etc/postfix/access_sender
            reject_unauth_destination,
            reject_rbl_client b.barracudacentral.org,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client bl.mailspike.net,
            check_policy_service unix:postgrey/socket

Like so:

fromuser@domain.com      OK
domain.com               OK
fromuser@                OK

dont forget to postmap access_sender after you create it.

Mail server: retry timeout issues to and from specific domain

Start from fixing IN PTR records for MX-hosts (they are domain-emitters also, yes?!)

Shit 1 - mail.floridaseating.com

Quering 8.8.8.8 for {158.99.70.216.in-addr.arpa.,ANY}
Received answer from 8.8.8.8
  Not authoritative

Answers for 158.99.70.216.in-addr.arpa.:
  -> [PTR] floridaseating.com.

Shit 2 - sitconf.com

Quering 8.8.8.8 for {150.161.223.206.in-addr.arpa.,ANY}
Received answer from 8.8.8.8
  Not authoritative

Answers for 150.161.223.206.in-addr.arpa.:
  -> [PTR] 206-223-161-150.beanfield.net.

But now

Mar 13 02:45:09 floridaseating qmail: 1331621109.213098 starting delivery 1217: msg 33459587 to remote *@sitconf.com
...
Mar 13 02:46:10 floridaseating qmail: 1331621170.273121 delivery 1217: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/

show us banal troubles of connectivity

Cheap solution

Find SMTP-server, from which both sides are SMTP-reacheable and build backup-MX for domains on it. Deferred on delivery to primary MX will be dropped to backup-MX and later from it - on primary

Best Answer

Related Solutions

Postfix Whitelist – How to Set Up Before Recipient Restrictions

Mail server: retry timeout issues to and from specific domain

Cheap solution

Related Topic