IP Not Black Listed Yet Cannot Deliver Email to MessageLabs Managed Servers

May 22, 2017, 7:33 pm

≫ Next: Symantec IP Removal Lookup URL

≪ Previous: Subnet blacklisted - Reason?

$

0

0

I need a solution

Hi,

Again our server is blacklisted only this time you don't even have the courtesy to send undelivered messages, probably because they would say it was listed in a blacklist it isn't in again. I've used all the Symantec Blacklist check pages I could find and our IP doesn't appear in any of them. Our Server's IP is 49.176.197.220. We aren’t on any other blacklists, there's no spam coming from our mail server, we don’t have a virus, we aren’t an open relay and we have a static IP. Please fix this. We can't email our customers, suppliers, our bank, and other financial institutions we deal with.

0

---

Symantec IP Removal Lookup URL

May 24, 2017, 1:21 am

≫ Next: Server Blacklisted Request Removal

≪ Previous: IP Not Black Listed Yet Cannot Deliver Email to MessageLabs Managed Servers

$

0

0

I need a solution

Hi,

I am laughing, but am unsure if this is funny

Today I went to check our IP at the official Symantec IP lookup tool linked below

http://ipremoval.sms.symantec.com/lookup/

But when I attempt to enter the image text it keeps telling me over and over again either that the

"The security text does not match the image"

or

"Please enter capitalized letters and/or numbers only"

Ive attempted this around 20 times, but no go

This has been working fine until yesterday.

Who at Symantec is responsible for the lookup tool needs to be contacted and asked exactly what is going on

Thanks

0

Server Blacklisted Request Removal

May 29, 2017, 4:06 am

≫ Next: ip blacklisted removal request

≪ Previous: Symantec IP Removal Lookup URL

$

0

0

I need a solution

Hi,

We have a problem sending some emails to our clients via our server (136.243.165.42). We found that the server is blacklisted by symantec.

Please can you check again my server reputation?

1. We are currently blacklisted only by Symantec
2. We dont send Spam!
3. We dont have virus (as our hosting provider told us)

Please, if tell me if i need to do anything else to fix the problem!

Thanks!

0

ip blacklisted removal request

May 30, 2017, 6:16 am

≫ Next: Connection to cluster3.eu.messagelabs.com refused/dropped (again)

≪ Previous: Server Blacklisted Request Removal

$

0

0

I need a solution

Good morning,

We have som trouble to send emails to some domains protected by MessageLabs.

Here the part of log. Our ip is 78.4.29.24

  Waiting for protocol to start...<-- 220 server-5.tower-201.messagelabs.com ESMTP
  --> EHLO mail.trevispa.com<-- 250-server-5.tower-201.messagelabs.com<-- 250-STARTTLS<-- 250-PIPELINING<-- 250 8BITMIME
  --> MAIL From:<xxxx@example.com><-- 250 OK
  --> RCPT To:<xxxx@example.com.au><-- 250 OK
  --> DATA<-- 354 go ahead
  Sending <xxxxxxxxxxxxxxxxxx\pd35013664479.msg> to [216.82.242.45]
  * Socket error 10054 - Connessione reimpostata dall'altro lato.
  Errore di scrittura socket
  Socket connection closed by the other side (how rude!)
  * Socket error 10053 - Connessione interrotta.
  Connessione chiusa

Best regards and good job

0

Connection to cluster3.eu.messagelabs.com refused/dropped (again)

June 1, 2017, 12:50 am

≫ Next: IPremoval site says good reputation, but blocked by Symatec spam appliance

≪ Previous: ip blacklisted removal request

$

0

0

I need a solution

Hello,

one of our mailservers is unable to connect to cluster3.eu.messagelabs.com again, which prevents us from sending vital Information to our partners.

Could you please review and whitelist 87.118.100.220

nc cluster3.eu.messagelabs.com 25
cluster3.eu.messagelabs.com [85.158.137.83] 25 (smtp) : Connection timed out

nc cluster3.eu.messagelabs.com 25
cluster3.eu.messagelabs.com [85.158.137.83] 25 (smtp) : Connection refused

I have checked the blacklist and could not find any entries for that IP.

I'd appreciate a permanent solution this time.

Best regards,

Alex

0

IPremoval site says good reputation, but blocked by Symatec spam appliance

June 2, 2017, 2:11 pm

≫ Next: IP Reputation

≪ Previous: Connection to cluster3.eu.messagelabs.com refused/dropped (again)

$

0

0

I need a solution

We have had some problems sending email to a select few clients.  I did an Internet search and found several postings on this forum regarding doing a search on the Symantec IPremoval site.  Our IP address comes back clean, but I was then told by a client that we were listed in the Symantec Global Bad Sender list that is used by their spam appliance.  So, is there a different way to check the list and is there a way to get our  IP address cleaned up?

We are a legitimate company that does not send out a lot of emails and nothing bulk.  Our IP address is only about a month old and who knows who had it before us.

Any help to get us off the list or to the right department would be greatly appreciated.

0

• Capture.JPG

IP Reputation

June 3, 2017, 1:27 pm

≫ Next: IP Reputation

≪ Previous: IPremoval site says good reputation, but blocked by Symatec spam appliance

$

0

0

I need a solution

Dear Symantec Team,

I host an uncompromised dedicated server on 192.99.8.30 where I install one VM with CPANEL, LITESPEED, CSF ... I have 10 clients there, two of my clients related me some clientes did not receive email from domain ... I check SPF, DKIM, DMARC, Blacklists, and not found anything, I request ip investigation but still no way to fix my problem ... well, in my last try, I request to CPANEL for check my server ... and all is ok ... So, I request, remove my dedicated IP and my VM from your list, because my client have problem to send mail to two clients ... and I have problem with this ... 

Please let me know what we can do to clear the reputation for our IP permanently.

Kind regards,

Moreira, E

0

IP Reputation

June 5, 2017, 4:25 am

≫ Next: 216.82.251.230 does not like recipient. Remote host said: 421 Service Temporarily Unavailable

≪ Previous: IP Reputation

$

0

0

I need a solution

Hì

my mail server ip is 192.167.129.6

I have activated the removal procedure 6 days ago but still have a bad reputation

How long does the procedure complete? The website show me 24 hours

0

---

216.82.251.230 does not like recipient. Remote host said: 421 Service Temporarily Unavailable

June 6, 2017, 4:36 am

≫ Next: Negative Reputation Server - Please Help

≪ Previous: IP Reputation

$

0

0

I need a solution

Hello we are trying to send email to <user>@interoute.com, from mail.escom.bg and recieve failure notice from our server:

216.82.251.230 does not like recipient.
Remote host said: 421 Service Temporarily Unavailable 

0

Negative Reputation Server - Please Help

June 6, 2017, 8:25 am

≫ Next: Email being delayed when set to Messagelab.

≪ Previous: 216.82.251.230 does not like recipient. Remote host said: 421 Service Temporarily Unavailable

$

0

0

I need a solution

Hi,

My server ip is 136.243.165.42 and has been "banned" with the reason below:

The IP address 136.243.165.42 was found to have a negative reputation. Reasons for this assessment include:
The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.

We dont send spam emails. Can you help us please to find why our server is banned and we cant send emails to specific addresses?

Thanks

0

Email being delayed when set to Messagelab.

June 6, 2017, 8:40 am

≫ Next: emails not getting to messagelabs clients; recieved with 250, no NDR

≪ Previous: Negative Reputation Server - Please Help

$

0

0

I need a solution

We are trying to send email to various messagelab customers.  They are being delayed up to 8 hours.  I've checked and we aren't on a spam list so I don't think that is it.  This is what I see in my logs.

From: To: RID 3 - 4.3.2 - Not accepting messages at this time ('421', ['Service Temporarily Unavailable']) Tue Jun  6 07:42:08 2017 Info: Bounced: DCID 0 MID 7824155 From:

The email would be coming from 66.128.160.106.  Going to either cluster4 or cluster5.messagelabs.com

Thanks,

   Adam

0

emails not getting to messagelabs clients; recieved with 250, no NDR

June 7, 2017, 6:31 am

≫ Next: IP blacklisted as snow shoe host

≪ Previous: Email being delayed when set to Messagelab.

$

0

0

I need a solution

For the last 5 weeks or so, we've had an issue where email to several different domains did not arrive at the recipient address, and did not generate an NDR.

It took us a while to pin the issue down, but the only common feature was the domains this was happening with were all MessageLabs customers:

We've done extensive testing at our end: We've checked our Mail Domain (Stockvale.co.uk) Email server IP's (Main: 81.137.233.190& Backup: 88.97.35.149), and upstream mail relay (78.137.116.48) are not on any blacklists using http://mxtoolbox.com, setup as Open relays using http://www.mailradar.com/openrelay/, have a valid SPF Record at http://www.kitterman.com/spf/validate.html, not listed on the Symantec lookup tool at http://ipremoval.sms.symantec.com/lookup, and setup full reverse DNS names and DKIM Records, which we didn't previously have. None of this fixed the issue

Tracking the following domains we can see they all:
- Are MessageLabs customers
- The Cluster servers accepted the email
- The recipient never received the email
- The sender never received a Non Delivery Report (NDR)

claritytm.co.uk
aviva.com
essentra.com
ibs-systems.co.uk
prsformusic.com
ensgroup.co.uk
ima.org.uk

All other domains are receiving our email fine, including Barracuda and office365 clients.

Tracking through our relay, we can see the MessageLabs servers accepting the email:

Jun  6 11:01:45 webserver postfix/smtp[1624]: 72E2181253: to=<[****]@aviva.com>, relay=cluster8.eu.messagelabs.com[85.158.137.19]:25, delay=0.79, delays=0.15/0/0.29/0.34, dsn=2.0.0, status=sent (250 ok 1496743305 qp 3184 server-6.tower-39.messagelabs.com!1496743304!98273900!1)


Jun  6 17:03:25 webserver postfix/smtp[13408]: 9F6E481266: to=<[****]@essentra.com>, relay=cluster3.eu.messagelabs.com[194.106.220.35]:25, delay=0.59, delays=0.11/0/0.25/0.23, dsn=2.0.0, status=sent (250 ok 1496765005 qp 16145 server-14.tower-91.messagelabs.com!1496765004!28796128!1)

Jun  6 17:04:29 webserver postfix/smtp[13408]: 55E2781262: to=<[****]@ibs-systems.co.uk>, relay=cluster3.eu.messagelabs.com[85.158.137.83]:25, delay=0.91, delays=0.1/0/0.43/0.38, dsn=2.0.0, status=sent (250 ok 1496765069 qp 3187 server-15.tower-140.messagelabs.com!1496765068!83241465!1)

Jun  6 17:06:23 webserver postfix/smtp[13326]: BA15C81262: to=<[****]@prsformusic.com>, relay=cluster3.eu.messagelabs.com[85.158.136.35]:25, delay=0.66, delays=0.11/0/0.26/0.29, dsn=2.0.0, status=sent (250 ok 1496765183 qp 9135 server-4.tower-125.messagelabs.com!1496765182!79490357!1)

Jun  6 17:07:14 webserver postfix/smtp[13326]: AE27481262: to=<[****]@ensgroup.co.uk>, relay=cluster8.eu.messagelabs.com[85.158.137.19]:25, delay=0.7, delays=0.1/0/0.24/0.36, dsn=2.0.0, status=sent (250 ok 1496765234 qp 25118 server-12.tower-39.messagelabs.com!1496765233!98217780!1)

We are friendly with another MessageLabs customer, rickardluckin.co.uk, who were also having the issue: They opened up a case in their Symantec portal (Reference ref:_00D30jPy._50038rHwPj:ref)

This is the reply they got back from support:

"MessageLabs have come back stating that this is a false positive on their spam systems. Although I have added in the exceptions it would be a good idea to get this resolved correctly. Please can you get a copy of the emails in .MSG format for me I can supply the mail to MessageLabs and they can remove the false positive from the antispam services."

We got the .eml/.msg mails sent over, but they've not had an update on the case, and have limited time to chase on our behalf for a resolution, hence me posting here.

At the moment, rickardluckin.co.uk is the only MessageLabs customer stockvale.co.uk can email, thanks to them explicitly whitelisting us.

Could a member of the Symantec support team:

- Check on this issue, either on its own, or as part of ref:_00D30jPy._50038rHwPj:ref
- Confirm the block is removed so we can test with customers other than rickardluckin.co.uk
- Let us know if this was a genuine false positive on Symantec's end, or if there are any changes/improvements we need to make at our end to improve email reliability to MessageLabs customers

Many thanks.

0

IP blacklisted as snow shoe host

June 7, 2017, 8:53 am

≫ Next: How do you see .cloud Quarantine?

≪ Previous: emails not getting to messagelabs clients; recieved with 250, no NDR

$

0

0

I need a solution

Hello,

so I had to register in order to post to Symantec's forum. This is due to the fact that I have received no response to Investigate form query, nor the IP address in question has been removed from your black list.

The IP address 37.59.140.2 was found to have a negative reputation. Reasons for this assessment include:

• The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.

To request that this IP address reputation be cleared, check the applicable boxes below and click Investigate.

Few facts:

- The IP in question has sent no spam;

- ClamAV scanner is in place;

- Outgoing spam control software is in place;

- IP is green when checked via mxtoolbox.com;

- The host is running CloudLinux + cPanel (+ CSF).

Can you please remove the black list? It's doing quite amount of harm for our customers.

Thank you very much.

0

How do you see .cloud Quarantine?

June 7, 2017, 8:04 pm

≫ Next: IP Block List Removal

≪ Previous: IP blacklisted as snow shoe host

$

0

0

I do not need a solution (just sharing information)

In the month of May, our company had a 12% increase in malware detection emails, and half of the spam-detection e-mails decreased.

How do you see this trend?

0

IP Block List Removal

June 8, 2017, 7:50 am

≫ Next: Snow Shoe Spamming Reputation

≪ Previous: How do you see .cloud Quarantine?

$

0

0

I need a solution

Hello,

My company recently moved to a new server and took control of the IP address range 50.2.190.88/29 and have noticed that the addresses within this range are all listed as having bad reputation within Symantec's IP block list.

Currently we cannot contact suppliers or customers due to the IP addresses having a bad reputation.

I have checked SPF, DKIM, DMARC, Forward/Reverse DNS, Mail HELO, SMTP Banner, etc, and all are in order from what I can tell.

We do not send out unsolicited emails and primarily just respond to customers or process orders.

Any help to get these IP addresses removed from your block list would be much appreciated.

Sincerely,

Evan

0

---

Snow Shoe Spamming Reputation

June 8, 2017, 1:47 pm

≫ Next: IPremoval site says good reputation, but blocked by Symatec

≪ Previous: IP Block List Removal

$

0

0

I need a solution

Hi,

we have a new spam filter we are trying to put into production, but for some reason the IP address it is on has a reputation with Symantec Cloud Security for "snow shoe spamming" which isn't something I'd heard of until this issue came up.

It seems that Symantec is the ONLY spam filter that lists our IP address with this negative reputation, I've checked literally hundreds of other spam filters and they all show us as having a clean reputation, or listing us as whitelisted!  I've put in many requests to have our IP reputation investigated and cleared but nothing ever seems to come of it.  When I try to call Symantec they say they can't help since I'm not a customer, and getting our customers to get their clients to talk to Symantec to fix the issue has not gotten us anywhere.

The IP address in question is 173.239.120.245, if you can please have this IP reputation investigated and cleared.  There shouldn't be anything that still causes this reputation to occur, though if you see something we need to clear up I'm certainly happy to do that; I just need to know what that is.

If you could help me resolve this soon it would be very much appreciated!

0

• Negative reputation that has to be cleared up

IPremoval site says good reputation, but blocked by Symatec

June 9, 2017, 10:22 am

≫ Next: 553 Message Filtered error

≪ Previous: Snow Shoe Spamming Reputation

$

0

0

I need a solution

thanks for your help Kevin

I just tried it again and it still is being blocked by Symantic on their mailserver, not sure why but on our side it says it was delivered sucessfully but their end rejects it  

see attachment

The original request for assistance

We changed our web hosting about 3 months ago and its been a ongoing fight to try and get our bank to receive emails from anyone at our company

our ip address for our mail is 149.56.204.49 I have checked the ip address reputation investigation and it says its ok

but for whatever reason the banks mail server is rejecting it as Symantec Global Bad Senders see attached

we really need to get this resolved as its costing us a lot of time and money

thank you very much for your help

0

• atb error.png

553 Message Filtered error

June 9, 2017, 11:27 am

≫ Next: Mail server blocked by Messagelabs

≪ Previous: IPremoval site says good reputation, but blocked by Symatec

$

0

0

I need a solution

Hi,

since yesetrday our emails are bouncing back with the error code 553.

Our domain and IP addresses are not blacklisted, and emails are not being delivered to individuals we had regular conversations with last week.

I have submitted flase positive emails to your 'CLOUDfeedback@feedback-87.brightmail.com' address and was wonderring if anyone could advise on what we could do to resolve this issue.

Thanks,

Damian Danik

ddanik@iaccm.com

0

Mail server blocked by Messagelabs

June 9, 2017, 5:58 pm

≫ Next: 421 Service Temporarily Unavailable from MessageLabs SMTP servers

≪ Previous: 553 Message Filtered error

$

0

0

I need a solution

Hello

I just set a new mail server. The ip address  that the ISP assigned to me was already blocked by Messagelabs only (not by any other black list). I requested ip removal from Symantec black list and the IP now shows NEUTRAL, but my server still can't send to Messagelabs protected domains.

I read in another post that the ip was being throttled by Symantec because it was blocked in the past, so i need you to please completely free this IP address.

How can i provide my mail server's ip address securely?

Regards

0

421 Service Temporarily Unavailable from MessageLabs SMTP servers

June 12, 2017, 3:04 am

≫ Next: 553 Message filtered.

≪ Previous: Mail server blocked by Messagelabs

$

0

0

I need a solution

Hi.

Over the weekend, our ISP had issues with reverse DNS lookups and we suffered several instances of IP Blacklisting of our SMTP servers as a result.  Our IP addresses are below which reverse DNS back correctly now - please can you check the MessageLabs configuration to remove the IPs from any blacklists:

213.212.116.132

213.212.116.133

213.212.114.132

Jun 12 10:45:45 <**supressed**> sendmail[8315]: v5C9jaBJ008315: to=<**supressed**>, delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=40557, relay=cluster3a.eu.messagelabs.com. [216.82.251.230], dsn=4.0.0, stat=Deferred: 421 Service Temporarily Unavailable

Thanks

0