The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Symantec Reputation Blocking IP

Discussion in 'E-mail Discussions' started by bluerayconcepts, Jul 24, 2013.

  1. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    So last week I started getting a couple complaints from customers about not being able to send to some people. THe bounce messages they were getting had no info in them about what was going on, only SMTP error. Nothing that we normally see when blocked or unknown user etc. So I ran through the standard RBL checks and nothing.. all clean.
    So Monday I had another customer send me a bounce message that actually showed a good bounce message:
    > SMTP error from remote mail server after RCPT TO:<bsmith@idahoan.com>:
    > host mx.usa.net [165.212.65.113]: 550 Mail from xx.xx.xx.xx
    >refused. Please refer to IP Reputation Investigation for an
    >explanation.

    So i proceeded to follow their instructions as it turns out the issue from the week before was also because of Symantec. 3 days later I am still blocked with Symantec with no idea of why. I have now put in the removal request twice. Turns out that now I have users that cannot send to outlook.com, hotmail or MSN. So I went through their process and joined their SNDS and see that the IP Status for hotmail is showing we are block by Symantec so all my problems are revolving around the Symantec Block.

    I have gone through my logs and have found no mass mailing done by our customers. I do not allow mailing lists on the server. Of course they never give you a specific reason why you were block so at this point it could be anything.

    I am currently at a loss as to what to look for. Any help would be appreciated.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,145
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    Due to suspicious activity your server IP is blacklisted in Symantec, I will suggest you enable DKIM and SPF for your domain and setup the RDNS for your server. Here are the good DOC of How to: Prevent Email Abuse
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,666
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's difficult to guess the specific reason you were added to that blacklist because it's not something listed publicly. Ensure you have RDNS configured for the IP address you are using to send emails, and that SPF/DKIM records are configured for your domain names.

    Thank you.
     
  4. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Yeah RDNS has been setup since the server was spun up. I started going through all the accounts and checking DKIM and SPF last night and finished them up this morning. There were a lot not enabled, some spf were wrong. Which is weird because I have DKIM and SPF enable on WHM so I would have thought it would have created them on account creation. I also noticed that on accounts that were created on other servers with spf and then migrated to this server, the SPF record was not updated.

    But they are all fixed now. So is it just a wait and see game now? This is the first time I have had to deal with Brightmail/Symantec, normally any other block I have had to deal with was due to a specific email and they were always pretty quick to respond or take care of it.
     
    #4 bluerayconcepts, Jul 25, 2013
    Last edited: Jul 25, 2013
  5. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Looks like we have been removed from Brightmail Block. Still not sure what caused it, and I doubt that the DKIM and SPF record changes I made within the last hour would have caused it be removed that fast. Would it?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,666
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible, but it's difficult to say without knowing the type of system they use to lower a server's reputation. You may want to contact their support team directly to see if they can provide you any additional information.

    Thank you.
     
  7. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    looks like we are still blocked at hotmail though. aggrevating
     
  8. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    It certainly used to be the case that blocks at hotmail marked to expire were removed once every 24 hours, think if memory served it used to hit around 15.00 GMT

    If you haven't identified the spam send that caused the problem in the first place, it might be worth joining the ms jmr feedback loop (which in my experience they sometimes will make you join before they'll remove a block)
     
  9. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Yeah I joined all their stuff 2 days back. Actually not to bad, decent info to look at.

    The main issue is their PITA form to fill out.
     
Loading...

Share This Page