Messaging Gateway

 View Only
Back to discussions
Expand all | Collapse all

IP removal not working

  • 1.  IP removal not working

    Posted Dec 23, 2021 07:26 PM
    We are running a mailserver for a few customers. The server is properly configured and not listed on any DNSBL. It is not sending out spam and I spend a lot of time so that it will never do this.
    But if I check on the reputation of our IP (116.202.14.71) your system tells me it has a negative reputation. Therefore I used the form to get removed. But nothing happens. I tried this removal 5 Times within the last 3 days, but nothing happens.
    Can anybody help - maybe I am doing something wrong. But there are not really much options on the form, so I really have no idea what to do.


  • 2.  RE: IP removal not working

    Posted Dec 23, 2021 07:39 PM
    Open a support case.


    Original Message


  • 3.  RE: IP removal not working

    Posted Dec 24, 2021 01:25 AM
    Ok, I thought I cannot do that, because I am not using any Brodcom products. But the problem has gone, after serveral days our IP now has been removed from the bad reputation list - it's christmas time :-)
    Original Message


  • 4.  RE: IP removal not working

    Posted Dec 24, 2021 05:30 AM
    U can thank me for that.


    Original Message


  • 5.  RE: IP removal not working

    Posted Dec 24, 2021 06:25 AM
    Sorry, due to a very limitd time, I really was not aware of your "doing" - so I really thank you very, very much for that! It made my day much better :-)
    Original Message


  • 6.  RE: IP removal not working

    Posted Dec 24, 2021 06:25 AM
    Woohoo


    Original Message


  • 7.  RE: IP removal not working

    Posted Jan 26, 2022 06:29 AM
    I come back to this discussion because the same thing happens again. Our server again is listed with bad reputation. Seems that our server is doing something that Symantec does not like. I am sure that our server does not send Spam, but we have customers sending out mass mails (the customers are chambers of engineers sending infomails to there members - typically about 10.000 mails).
    Is it possible that this might cause these problems?
    Anyway, it would be very helpful to get the reason for this bad reputation. And of course it would be helpful if we would get any response when using the delisting site.
    I am not using any symantec products, so I can't find a way to get in contact with any supporter. Last time you were very helpful, maybe you can give me some tipps how to solve my problem? Don't want to make this discussion to an endless loop ;-)
    Original Message


  • 8.  RE: IP removal not working

    Posted Jan 26, 2022 06:33 AM
    Show us what your delivery settings are under smtp, advanced.


    Original Message


  • 9.  RE: IP removal not working

    Posted Jan 26, 2022 09:48 AM
    I'm not sure what you are meaning. I do not use any symantec product. My system is this one https://www.proxmox.com/en/proxmox-mail-gateway 
    It is used by several customers form me, you can say I am a very small hosting-provider.
    The system uses the hostname mailgateway.wwweiss.de, setup for IP4 and IP6. Reverse-DNS is set correctly and the helo is the same as the hostname. From the technical part the system is an debian system running postfix, spamassassin and clamav. The system is running for more than 2 years without problems. End of last year I only switched the server and thereby got a new IP address. After that I thought the problem may be caused by the previous usage of the IP.  But now it is clear that mails going out from my system caused this bad reputation.
    Which details do you want to see?
    Original Message


  • 10.  RE: IP removal not working

    Posted Jan 26, 2022 10:01 AM
    What is the sending rate limits of your mta’s???


    Original Message


  • 11.  RE: IP removal not working

    Posted Jan 26, 2022 10:39 AM
    This are the settings in postfix config:

    default_destination_concurrency_limit = 40
    lmtp_destination_concurrency_limit = 20
    relay_destination_concurrency_limit = 20
    smtp_destination_concurrency_limit = 20
    virtual_destination_concurrency_limit = 20
    Original Message


  • 12.  RE: IP removal not working

    Posted Jan 26, 2022 10:51 AM

    Your values are too high.  Use these and try please

     

    This are the settings in postfix config:

    default_destination_concurrency_limit = 10
    lmtp_destination_concurrency_limit = 10
    relay_destination_concurrency_limit = 20
    smtp_destination_concurrency_limit = 10
    virtual_destination_concurrency_limit = 10

     




    Original Message


  • 13.  RE: IP removal not working

    Posted Jan 26, 2022 11:23 AM
    Ok, this makes sense to me. I set this values now, restarted postfix and again I made a delisting request. How long will it take until the delisting is investigated and the IP removed?
    Original Message


  • 14.  RE: IP removal not working

    Posted Jan 26, 2022 11:24 AM

    Once off the bad list, keep watching for 24 hours.  And monitor your queues. 




    Original Message


  • 15.  RE: IP removal not working

    Posted Jan 26, 2022 11:47 AM
    Ok, will do that. Again I appreciate your great help here!!!!
    Original Message


  • 16.  RE: IP removal not working

    Posted Jan 27, 2022 10:16 AM
    My IP still shows up to have a bad reputation, with the notes "snow shoe" and "unauthorized". Seems that the team who checks the delisting requests still does not like my system. I have about 20 mails in my queues that cannot be delivered, due to this bad reputation.
    Is there any chance to get detailed infos about the reason, why my IP gets listed. 
    I am concerned about the open relay policy. This proxmox mailgateway has the concept that predifined IPs are allowed to send without further authentication (but only on Port 26). So I have defined about 30 IPs from my customers that are allowed to send. No other IP can send. From my point of view this concept is very safe. Is it possible that the check routine detects this as an open relay (though I cannot imagine how this could be checked).
    I am a little bit at a loss what to do
    Original Message


  • 17.  RE: IP removal not working

    Posted Jan 27, 2022 11:01 AM

    What ip / domains can u NOT send to?




    Original Message


  • 18.  RE: IP removal not working

    Posted Jan 27, 2022 11:53 AM
    Most critical are 
    zf.com
    ps.rolls-royce.com
    I got this from my customer who asked the receiver (it is in German, but should be clear):

    Hallo Herr Decker, die IP Adresse 116.202.14.71 des sendenden Systems (mailgateway.wwweiss.de) ist in unserem AntiSpam System in der globalen Liste der "Bad Senders", daher werden Mails die über das sendende System an uns gesendet werden abgewiesen.
    Der IT Verantwortliche für dieses System kann über folgenden Weg einen removal request an Symantec schicken: https://ipremoval.sms.symantec.com/
    Ich bitte Sie, dem Absender diese Informationen zukommen zu lassen. Es gibt seitens RRPS keine eigenen Einschränkungen oder Blockierungen hinsichtlich dieser IP Adresse, d.h. sobald die IP bei Symantec rausgenommen wurde, sollten die Mails wieder durchkommen.

    After this info, I checked the site and made the removal request - but I am not removed. Then I came back here ;-)
    Original Message


  • 19.  RE: IP removal not working

    Posted Jan 31, 2022 05:13 AM
    I am giving up now, because this took so much time, without any solution. I really do not understand, why Symantec is so ignorant. There are hundreds of blacklists out there each of them is giving support for wrong listed IPs. Only Symantec is doing nothing. No chance to get any info about the listing. Many other "global players" have learned that they should also look to the "small people". Seams that Symantec still has not got this lesson. 
    Looking a little bit in Google, I found a lot of postings where other people had the same problem, allready years ago. 
    My recommendation to Symantec: if you offer a "****" then please also offer an option to get the reasons why a delisting fails - this is an important standard feature. Otherwise do not offer any ****.
    Original Message


  • 20.  RE: IP removal not working

    Posted Jan 31, 2022 07:28 AM
    Maybe I found the problem in the Symantec check routin.
    Proxmox mailgateway accepts connections on Port 26 without authentication. But it accepts only predefined IPs. Because these IPs work on the MTA level, you can connect, and send a mail, but you will get an error AFTER the data command (not allowed due to policy restrictions).
    If the open proxy check does not go up to this level and expects to get an error already after the rcpt to Command, then these mailgateways always look like open proxies but they aren't. 
    From my point of view the check routine - if it is working as expected - is error prone, which should not happen on such a large company!!!!!
    Original Message


  • 21.  RE: IP removal not working

    Posted Jan 31, 2022 07:32 AM
    Good man. See I helped u.


    Original Message


  • 22.  RE: IP removal not working

    Posted Jan 31, 2022 10:49 AM
    I really was very happy with your help and my criticism of course is not against you. But a delisting page should have clear instructions how to contact someone, if the delisting does not work, or it should give directly the reason why it does not work. All other DNSBLs do this - well I do not know about all, just a handfull I checked in the past.
    My system may have problems, that I do not see, but to solve these, I need some input about the reason of beeing listed.
    For example a few months ago I had a problem with mails sent to gmx.de (www.gmx.com). In their check-site there was directly noted a contact mail address. I could write a mail and got an anwser within one day and everything was solved.
    I understand that a compony does not want to give to much info about the spam detection, but basic infos should be given to people like me. 
    Still now after 5 days and your help here I do not know why I was listed and I am sure, also you cannot check this (without doing more than you should). I assume to have found the reason, but maybe my assumption is wrong. 
    So, still I think Symantec as company and provider for this reputation list surely could do a better job ;-)
    Original Message


  • 23.  RE: IP removal not working

    Posted Jan 31, 2022 10:33 AM

    I am still listed under https://ipremoval.sms.symantec.com/. I requested the delisting yesterday, but nothing happens. Still the anwser is:

    The IP Address 116.202.14.71 was found to have a negative reputation. Reasons for this assessment include:

    • The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
    • The host is unauthorized to send email directly to email servers.

    I double checked my system. There are no spams sent. In my queues I have about 20 mails that cannot be delivered. 10 of these mails go to one receiver where I know from my customers that this receiver is using symantec protection.
    Maybe I am too stupid to do the delisting. I check the two options "virus scan done" and "uncompromised mailserver".  Also tried to check "other" and made a short explanation in the comment field. Also nothing happens.
    If I look to the mentioned reasons, I think they are just standard text and do not really check the investigated IP, because my server is "authorized" and also not part of some snow shoe spammings. Can this be caused by forwardings? 
    I think a really have a good understanding of mail protocals and spam protection, but it is hard to analyse if I do not have access to any data. It would be helpful if this check-tool would offer some more details about the mails causing the bad reputation.





    Original Message


  • 24.  RE: IP removal not working

    Posted Jan 31, 2022 10:34 AM

    I am great.




    Original Message


  • 25.  RE: IP removal not working

    Posted Jan 31, 2022 10:55 AM
    Strange - this post I made two days ago! Now it appears together with my new post above.
    Original Message


  • 26.  RE: IP removal not working

    Posted Jan 31, 2022 11:27 AM
    Great work.


    Original Message


  • 27.  RE: IP removal not working

    Posted Feb 21, 2022 04:38 AM
    I have the same problem. The form for delisting request seems not to be working, when I click "Investigate" the page seems to refresh without giving a message that the request was (at least) received.
    I tried to chat with support, they said that I can't open a ticket because I'm not a Symantec customer. But I think that this isn't normal; **** are supposed to be working system wide, not for a single customer, and anyone should be able to request a delisting
    So, how can I request the delisting in other ways? The server is monitored, is not sending spam, complies with basic guidelines (DKIM and SPF) for all the domains hosted and is not listed in other blacklists other than Symantec...
    Original Message