Articles on this Page
- 05/22/17--19:33: _IP Not Black Listed...
- 05/24/17--01:21: _Symantec IP Removal...
- 05/29/17--04:06: _Server Blacklisted ...
- 05/30/17--06:16: _ ip blacklisted rem...
- 06/01/17--00:50: _Connection to clust...
- 06/02/17--14:11: _IPremoval site says...
- 06/03/17--13:27: _IP Reputation
- 06/05/17--04:25: _IP Reputation
- 06/06/17--04:36: _188.8.131.52 does...
- 06/06/17--08:25: _Negative Reputation...
- 06/06/17--08:40: _Email being delayed...
- 06/07/17--06:31: _emails not getting ...
- 06/07/17--08:53: _IP blacklisted as s...
- 06/07/17--20:04: _How do you see .clo...
- 06/08/17--07:50: _IP Block List Removal
- 06/08/17--13:47: _Snow Shoe Spamming ...
- 06/09/17--10:22: _IPremoval site says...
- 06/09/17--11:27: _553 Message Filtere...
- 06/09/17--17:58: _Mail server blocked...
- 06/12/17--03:04: _421 Service Tempora...
- 05/24/17--01:21: Symantec IP Removal Lookup URL
- 05/29/17--04:06: Server Blacklisted Request Removal
- We are currently blacklisted only by Symantec
- We dont send Spam!
- We dont have virus (as our hosting provider told us)
- 05/30/17--06:16: ip blacklisted removal request
- 06/01/17--00:50: Connection to cluster3.eu.messagelabs.com refused/dropped (again)
- 06/03/17--13:27: IP Reputation
- 06/05/17--04:25: IP Reputation
- 06/06/17--08:25: Negative Reputation Server - Please Help
- 06/06/17--08:40: Email being delayed when set to Messagelab.
- 06/07/17--06:31: emails not getting to messagelabs clients; recieved with 250, no NDR
- 06/07/17--08:53: IP blacklisted as snow shoe host
- The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
- 06/07/17--20:04: How do you see .cloud Quarantine?
- 06/08/17--07:50: IP Block List Removal
- 06/08/17--13:47: Snow Shoe Spamming Reputation
- 06/09/17--10:22: IPremoval site says good reputation, but blocked by Symatec
- 06/09/17--11:27: 553 Message Filtered error
- 06/09/17--17:58: Mail server blocked by Messagelabs
- 06/12/17--03:04: 421 Service Temporarily Unavailable from MessageLabs SMTP servers
Again our server is blacklisted only this time you don't even have the courtesy to send undelivered messages, probably because they would say it was listed in a blacklist it isn't in again. I've used all the Symantec Blacklist check pages I could find and our IP doesn't appear in any of them. Our Server's IP is 184.108.40.206. We aren’t on any other blacklists, there's no spam coming from our mail server, we don’t have a virus, we aren’t an open relay and we have a static IP. Please fix this. We can't email our customers, suppliers, our bank, and other financial institutions we deal with.
I am laughing, but am unsure if this is funny
Today I went to check our IP at the official Symantec IP lookup tool linked below
But when I attempt to enter the image text it keeps telling me over and over again either that the
"The security text does not match the image"
"Please enter capitalized letters and/or numbers only"
Ive attempted this around 20 times, but no go
This has been working fine until yesterday.
Who at Symantec is responsible for the lookup tool needs to be contacted and asked exactly what is going on
We have a problem sending some emails to our clients via our server (220.127.116.11). We found that the server is blacklisted by symantec.
Please can you check again my server reputation?
Please, if tell me if i need to do anything else to fix the problem!
We have som trouble to send emails to some domains protected by MessageLabs.
Here the part of log. Our ip is 18.104.22.168
Waiting for protocol to start...<-- 220 server-5.tower-201.messagelabs.com ESMTP --> EHLO mail.trevispa.com<-- 250-server-5.tower-201.messagelabs.com<-- 250-STARTTLS<-- 250-PIPELINING<-- 250 8BITMIME --> MAIL From:<email@example.com><-- 250 OK --> RCPT To:<firstname.lastname@example.org><-- 250 OK --> DATA<-- 354 go ahead Sending <xxxxxxxxxxxxxxxxxx\pd35013664479.msg> to [22.214.171.124] * Socket error 10054 - Connessione reimpostata dall'altro lato. Errore di scrittura socket Socket connection closed by the other side (how rude!) * Socket error 10053 - Connessione interrotta. Connessione chiusa
Best regards and good job
one of our mailservers is unable to connect to cluster3.eu.messagelabs.com again, which prevents us from sending vital Information to our partners.
Could you please review and whitelist 126.96.36.199
nc cluster3.eu.messagelabs.com 25
cluster3.eu.messagelabs.com [188.8.131.52] 25 (smtp) : Connection timed out
nc cluster3.eu.messagelabs.com 25
cluster3.eu.messagelabs.com [184.108.40.206] 25 (smtp) : Connection refused
I have checked the blacklist and could not find any entries for that IP.
I'd appreciate a permanent solution this time.
We have had some problems sending email to a select few clients. I did an Internet search and found several postings on this forum regarding doing a search on the Symantec IPremoval site. Our IP address comes back clean, but I was then told by a client that we were listed in the Symantec Global Bad Sender list that is used by their spam appliance. So, is there a different way to check the list and is there a way to get our IP address cleaned up?
We are a legitimate company that does not send out a lot of emails and nothing bulk. Our IP address is only about a month old and who knows who had it before us.
Any help to get us off the list or to the right department would be greatly appreciated.
Dear Symantec Team,
I host an uncompromised dedicated server on 220.127.116.11 where I install one VM with CPANEL, LITESPEED, CSF ... I have 10 clients there, two of my clients related me some clientes did not receive email from domain ... I check SPF, DKIM, DMARC, Blacklists, and not found anything, I request ip investigation but still no way to fix my problem ... well, in my last try, I request to CPANEL for check my server ... and all is ok ... So, I request, remove my dedicated IP and my VM from your list, because my client have problem to send mail to two clients ... and I have problem with this ...
Please let me know what we can do to clear the reputation for our IP permanently.
my mail server ip is 18.104.22.168
I have activated the removal procedure 6 days ago but still have a bad reputation
How long does the procedure complete? The website show me 24 hours
Hello we are trying to send email to <user>@interoute.com, from mail.escom.bg and recieve failure notice from our server:
22.214.171.124 does not like recipient. Remote host said: 421 Service Temporarily Unavailable
My server ip is 126.96.36.199 and has been "banned" with the reason below:
The IP address 188.8.131.52 was found to have a negative reputation. Reasons for this assessment include:
The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.
We dont send spam emails. Can you help us please to find why our server is banned and we cant send emails to specific addresses?
We are trying to send email to various messagelab customers. They are being delayed up to 8 hours. I've checked and we aren't on a spam list so I don't think that is it. This is what I see in my logs.
From: To: RID 3 - 4.3.2 - Not accepting messages at this time ('421', ['Service Temporarily Unavailable']) Tue Jun 6 07:42:08 2017 Info: Bounced: DCID 0 MID 7824155 From:
The email would be coming from 184.108.40.206. Going to either cluster4 or cluster5.messagelabs.com
For the last 5 weeks or so, we've had an issue where email to several different domains did not arrive at the recipient address, and did not generate an NDR.
It took us a while to pin the issue down, but the only common feature was the domains this was happening with were all MessageLabs customers:
We've done extensive testing at our end: We've checked our Mail Domain (Stockvale.co.uk) Email server IP's (Main: 220.127.116.11& Backup: 18.104.22.168), and upstream mail relay (22.214.171.124) are not on any blacklists using http://mxtoolbox.com, setup as Open relays using http://www.mailradar.com/openrelay/, have a valid SPF Record at http://www.kitterman.com/spf/validate.html, not listed on the Symantec lookup tool at http://ipremoval.sms.symantec.com/lookup, and setup full reverse DNS names and DKIM Records, which we didn't previously have. None of this fixed the issue
Tracking the following domains we can see they all:
- Are MessageLabs customers
- The Cluster servers accepted the email
- The recipient never received the email
- The sender never received a Non Delivery Report (NDR)
All other domains are receiving our email fine, including Barracuda and office365 clients.
Tracking through our relay, we can see the MessageLabs servers accepting the email:
Jun 6 11:01:45 webserver postfix/smtp: 72E2181253: to=<[****]@aviva.com>, relay=cluster8.eu.messagelabs.com[126.96.36.199]:25, delay=0.79, delays=0.15/0/0.29/0.34, dsn=2.0.0, status=sent (250 ok 1496743305 qp 3184 server-6.tower-39.messagelabs.com!1496743304!98273900!1) Jun 6 17:03:25 webserver postfix/smtp: 9F6E481266: to=<[****]@essentra.com>, relay=cluster3.eu.messagelabs.com[188.8.131.52]:25, delay=0.59, delays=0.11/0/0.25/0.23, dsn=2.0.0, status=sent (250 ok 1496765005 qp 16145 server-14.tower-91.messagelabs.com!1496765004!28796128!1) Jun 6 17:04:29 webserver postfix/smtp: 55E2781262: to=<[****]@ibs-systems.co.uk>, relay=cluster3.eu.messagelabs.com[184.108.40.206]:25, delay=0.91, delays=0.1/0/0.43/0.38, dsn=2.0.0, status=sent (250 ok 1496765069 qp 3187 server-15.tower-140.messagelabs.com!1496765068!83241465!1) Jun 6 17:06:23 webserver postfix/smtp: BA15C81262: to=<[****]@prsformusic.com>, relay=cluster3.eu.messagelabs.com[220.127.116.11]:25, delay=0.66, delays=0.11/0/0.26/0.29, dsn=2.0.0, status=sent (250 ok 1496765183 qp 9135 server-4.tower-125.messagelabs.com!1496765182!79490357!1) Jun 6 17:07:14 webserver postfix/smtp: AE27481262: to=<[****]@ensgroup.co.uk>, relay=cluster8.eu.messagelabs.com[18.104.22.168]:25, delay=0.7, delays=0.1/0/0.24/0.36, dsn=2.0.0, status=sent (250 ok 1496765234 qp 25118 server-12.tower-39.messagelabs.com!1496765233!98217780!1)
We are friendly with another MessageLabs customer, rickardluckin.co.uk, who were also having the issue: They opened up a case in their Symantec portal (Reference ref:_00D30jPy._50038rHwPj:ref)
This is the reply they got back from support:
"MessageLabs have come back stating that this is a false positive on their spam systems. Although I have added in the exceptions it would be a good idea to get this resolved correctly. Please can you get a copy of the emails in .MSG format for me I can supply the mail to MessageLabs and they can remove the false positive from the antispam services."
We got the .eml/.msg mails sent over, but they've not had an update on the case, and have limited time to chase on our behalf for a resolution, hence me posting here.
At the moment, rickardluckin.co.uk is the only MessageLabs customer stockvale.co.uk can email, thanks to them explicitly whitelisting us.
Could a member of the Symantec support team:
- Check on this issue, either on its own, or as part of ref:_00D30jPy._50038rHwPj:ref
- Confirm the block is removed so we can test with customers other than rickardluckin.co.uk
- Let us know if this was a genuine false positive on Symantec's end, or if there are any changes/improvements we need to make at our end to improve email reliability to MessageLabs customers
so I had to register in order to post to Symantec's forum. This is due to the fact that I have received no response to Investigate form query, nor the IP address in question has been removed from your black list.
The IP address 22.214.171.124 was found to have a negative reputation. Reasons for this assessment include:
To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.
- The IP in question has sent no spam;
- ClamAV scanner is in place;
- Outgoing spam control software is in place;
- IP is green when checked via mxtoolbox.com;
- The host is running CloudLinux + cPanel (+ CSF).
Can you please remove the black list? It's doing quite amount of harm for our customers.
Thank you very much.
In the month of May, our company had a 12% increase in malware detection emails, and half of the spam-detection e-mails decreased.
How do you see this trend?
My company recently moved to a new server and took control of the IP address range 126.96.36.199/29 and have noticed that the addresses within this range are all listed as having bad reputation within Symantec's IP block list.
Currently we cannot contact suppliers or customers due to the IP addresses having a bad reputation.
I have checked SPF, DKIM, DMARC, Forward/Reverse DNS, Mail HELO, SMTP Banner, etc, and all are in order from what I can tell.
We do not send out unsolicited emails and primarily just respond to customers or process orders.
Any help to get these IP addresses removed from your block list would be much appreciated.
we have a new spam filter we are trying to put into production, but for some reason the IP address it is on has a reputation with Symantec Cloud Security for "snow shoe spamming" which isn't something I'd heard of until this issue came up.
It seems that Symantec is the ONLY spam filter that lists our IP address with this negative reputation, I've checked literally hundreds of other spam filters and they all show us as having a clean reputation, or listing us as whitelisted! I've put in many requests to have our IP reputation investigated and cleared but nothing ever seems to come of it. When I try to call Symantec they say they can't help since I'm not a customer, and getting our customers to get their clients to talk to Symantec to fix the issue has not gotten us anywhere.
The IP address in question is 188.8.131.52, if you can please have this IP reputation investigated and cleared. There shouldn't be anything that still causes this reputation to occur, though if you see something we need to clear up I'm certainly happy to do that; I just need to know what that is.
If you could help me resolve this soon it would be very much appreciated!
thanks for your help Kevin
I just tried it again and it still is being blocked by Symantic on their mailserver, not sure why but on our side it says it was delivered sucessfully but their end rejects it
The original request for assistance
We changed our web hosting about 3 months ago and its been a ongoing fight to try and get our bank to receive emails from anyone at our company
our ip address for our mail is 184.108.40.206 I have checked the ip address reputation investigation and it says its ok
but for whatever reason the banks mail server is rejecting it as Symantec Global Bad Senders see attached
we really need to get this resolved as its costing us a lot of time and money
thank you very much for your help
since yesetrday our emails are bouncing back with the error code 553.
Our domain and IP addresses are not blacklisted, and emails are not being delivered to individuals we had regular conversations with last week.
I have submitted flase positive emails to your 'CLOUDfeedback@feedback-87.brightmail.com' address and was wonderring if anyone could advise on what we could do to resolve this issue.
I just set a new mail server. The ip address that the ISP assigned to me was already blocked by Messagelabs only (not by any other black list). I requested ip removal from Symantec black list and the IP now shows NEUTRAL, but my server still can't send to Messagelabs protected domains.
I read in another post that the ip was being throttled by Symantec because it was blocked in the past, so i need you to please completely free this IP address.
How can i provide my mail server's ip address securely?
Over the weekend, our ISP had issues with reverse DNS lookups and we suffered several instances of IP Blacklisting of our SMTP servers as a result. Our IP addresses are below which reverse DNS back correctly now - please can you check the MessageLabs configuration to remove the IPs from any blacklists:
Jun 12 10:45:45 <**supressed**> sendmail: v5C9jaBJ008315: to=<**supressed**>, delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=40557, relay=cluster3a.eu.messagelabs.com. [220.127.116.11], dsn=4.0.0, stat=Deferred: 421 Service Temporarily Unavailable