ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Barracuda Blocking our server

https://mail.forum.configserver.com/viewtopic.php?t=3962

Page 1 of 1

Barracuda Blocking our server

Posted: 11 Nov 2010, 17:38
by hilario
Once in a while the mails we send are being blocked by Barracuda Reputation system.
This is affecting our normal mail communication with our customers as well as suppliers.

Somehow, they are being able to see our real IP address that is in a ADSL cable Dynamic IP system.
I believe that they should not be able to see my particular IP address, but only my server IP address (that has a good reputation fixed IP for years).

Is there a way to set Mailscanner or Exim to avoid informing my dynamic IP with each mail we send?
How?

Thanks,

Hilário
P.S. Bellow is a report of the system using barracuda to block our mails to this partner:

To: hilario@mydomain.com.br
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

realcustomer@myrealcustomerdomain.com
SMTP error from remote mail server after end of data:
host mail.myrealcustomerdomain.com [241.197.13.63]: 554 Service unavailable; Client host [mydomain.com.br] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=189.38.231.10

------ This is a copy of the message, including all the headers. ------
.....

Re: Barracuda Blocking our server

Posted: 12 Nov 2010, 21:51
by Sarah
There is certainly no way to hide your IP address with MailScanner. You may be able to do something with exim but you should ask on the exim mailing list. It would seem that it is reasonable for Barracuda to check the initial source IP address as well as the IP address of the server through which the mail is sent, so you may have to find another way of sending mail to avoid this issue.

Regards,
Sarah

Re: Barracuda Blocking our server

Posted: 19 Nov 2010, 22:26
by hilario
Hi Sarah,

Your answer is very interesting.
I thought that was an error or misconfiguration I had done in either mailscanner or exim.

Thus, is it normal for any MTA to exhibit the initial source IP address ?

Is it also correct to conclude that normally only spammers would be interested in hiding the originating IP address ?

Thanks for the help

Hilário

Re: Barracuda Blocking our server

Posted: 20 Nov 2010, 01:15
by Sergio
@ Sarah,
I have seen customers that have been blocked by barracuda, so, they change MX using google as their mail and after the change they are not blocked by barracuda anymore. Why is this?

Sergio

Re: Barracuda Blocking our server

Posted: 26 Nov 2010, 15:35
by Sarah
I'm afraid I can't comment on this as I don't know how barracuda determines whether to block a mail server or not. You would have to contact barracuda to find out why a particular IP is blocked. Either way it is certainly unrelated to MailScanner although it may be related to exim configuration.

Barracuda Blocking our server

Posted: 26 Nov 2010, 17:15
by hilario
I have dig the net and posted in cPanel and Mike Tindor gave me this answer:
mtindor wrote:... modifying your exim to mask the IP address of the sender [or to remove that whole received line] is not the way to go.

9 times out of 10 the recipient mailsystem is using a Barracuda Spam Firewall with "deep scanning" enabled. That means that the recipient mail system not only checks the last received line for an IP to check against RBLS, but it checks the IP addresses in other Received lines.

Any admin of a Barracuda Spam Firewall that does this should be smacked. Sure, it can cut down on spam a _very_little_bit_, but the recipient mailsystem would have a lot of false positive spam taggings / rejections based upon this.

For any place that is blocking your emails because of this, you should simply ask them to whitelist your mailserver's IP address if they are going to be so foolish to run deep scanning.

NOTE: The Barracuda Spam Firewall is certainly not the only mail system capable of deep scanning, but it is _by_far_ the most popular one doing this. An unwitting admin-in-training gets a new Barracuda Firewall, starts getting click-happy with all of the options to fight spam, and suddenly they are blocking all kinds of legitimate mail because they are using deep scanning.

Don't get me wrong - I love Barracuda Spam Firewalls. I operate a couple myself. But I'd never ever consider enabling deep scanning on them.
The URL of the original thread from where I got this answer is here:
http://forums.cpanel.net/f43/remove-dyn ... post723862

It is interesting to note that in that thread I reported only the problem and not mentioned Barracuda at all, but Mike immediately understood it was a Barracuda case.

Hope this helps anyone who arrives here with the same problem.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited