Why does my email server appear to be blacklisted by Barracuda?

May 18th, 2012

Sometimes you’ll get an email bounced back to you saying that your email server is blacklisted by Barracuda due to IP reputation even though you know your server is not blacklisted. An example of one such bounce is listed below.

From: Mail Delivery Subsystem [mailto:MAILER-DAEMON@server1.mail.com]
Sent: Wednesday, September 15, 2010 8:27 AM
To: user@gmail.com
Subject: Returned mail: see transcript for details

The original message was received at Wed, 15 Sep 2010 07:26:52 -0500 from 192.168.1.1.myvzw.com [192.168.1.1]

—– The following addresses had permanent fatal errors —– <user@yahoo.com>
(reason: 554 Service unavailable; Client host [server1.mail.com] blocked using Barracuda Reputation;
http://bbl.barracudacentral.com/q.cgi?ip=192.168.1.1)
<user@gmail.com>
(reason: 554 Service unavailable; Client host [server1.mail.com] blocked using Barracuda Reputation;
http://bbl.barracudacentral.com/q.cgi?ip=192.168.1.1)

—– Transcript of session follows —– … while talking to mail.gmail.com.:
>>> DATA
<<< 554 Service unavailable; Client host [server1.mail.com] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=192.168.1.1
554 5.0.0 Service unavailable

 

This message indicates that the IP address 192.168.1.1 (the real IP in in question was replaced with this internal one for privacy reasons) was blocked due to IP reputation. It does not mean that server1.mail.com was blocked, just the indicated IP address, which probably isn’t server1.mail.com’s IP address at all. It is probably the home/office IP address of the person who sent the message that got bounced.

How can you tell?  Perform a “Reverse DNS Lookup” on the IP address to see what domain it belongs to — your IPS’s or your email provider’s.  You can use this online tool to quickly find out to where an IP points.

There is a way to configure (or should we say misconfigure) Barracuda firewalls so that they read the complete headers of an email and if any IP addresses in the headers is blacklisted, they reject the email – even if the IP in question is not an email server. This is why the IP that is listed as blocked in these bounce messages are generally home/office IP’s. They get blocked because home/office IP’s are generally dynamic IP’s that change occasionally and those type of IP’s are not supposed to have mail servers on them.  Additionally, dynamic home/office IP addresses generally have worse reputations than those of paid email servers.

If you are unable to get your IP removed from the blacklist then your only other option, besides getting a new IP address, is to have your email provider remove your home/office IP from every email you send. (E.g. LuxSci’s Anonymous SMTP service will do this).