This pearler popped up today.
We started getting a few delays messages from various clients…. at first didnt think much of it…. but after telnetting into one clients and recieving the following error:
554 Your access to this mail system has been rejected due to the sending MTA’s poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
Connection to host lost.
Thats not so good… mxtoolbox.com…. nup, not on those 107 blacklists, abuse.net, yep, we’re still not an open relay, nor have we ever been… so WTF?
apparently our subnets reputation is poor….. not our relays or our /28, but someone else in the class C… thats right, the fucking class C.
I had always thought that ironport was quite good – up until now….. thats just plain fucking stupid…. punishing the entire class C because one dickhead is being a dickhead….. effectively shutting down our business for a few days.
Best thing is – there’s no appeal or support line to contact… best article i found was this – http://itepisodes.blogspot.com.au/2009/04/what-to-do-after-being-blacklisted.html that suggestes to wait 3 days and allow the reputation to come back up (assuming the SPAM stops)
* Update 4/4/2012 @ 17:23 ACST *
A guy i pseudo work with every now and again, who specifically does cisco and ironport stuff rang me out of the blue last night and said he was also having the issue, along with mqny others (and i got a bunch more calls today about it too) – looks like the issue is senderbase…. the guy managed to get this out of them….
“While investigating the IP in question, SenderBase identified a misconfiguration in one of their sensors which was causing the discrepancy with the IP. This has been fixed and steps have been taken to ensure it does not happen again. The reputation of the IP should improve within 24 hours as our servers update the changes made on our end.”
So while that will hopefully resolve the issue – im still pissed. For a few reasons:
1) Im not quite sure these people understand the impact to a company of not being able to contact their clients via email
2) Go to http://www.senderbase.org/help/blocked - what options do you have… you can query your reputation and thats it. Sure you can hit contact, then email support…. but not having an automated mechanism for logging de-listing, come across, to me, as if “we never get it wrong, therefore if your network has a poor reputation, you have clearly fucked up” – when thats not the case.
3) The guy who forwarded me this email is a fairly significant cisco dealer (for this region) – and a good dude. If he has better contacts than us non-cisco people and still has to jump up and down for 3 days to get a response…. thats pretty fucking shit. See point 1 – i just dont think they realise, or care, about the impact that it has on a business.
4) Fair call to the guy that commented (below) – no i dont know the other site is spamming…. i jumped to an incorrect conclusion – and i was completely wrong
As of this moment, we are still blocked due to “poor reputation”…. we’ll see if anything changes overnight.
* Update 5/04/2012 @ 08:47 ACST *
Still no movement, i have directly emailed senderbase support – i dont expect a reply – but have to try…. we now havent been able to email a good 60% of our customers all week.
Brett – the commenter below has also posted an article about this on ITNews.com.au – http://www.itnews.com.au/News/296066,having-trouble-sending-email.aspx
* Update 13:40 ACST *
So i just had another chat to the guy i know that does a lot of ironport stuff…. apparently something is in the works. I have asked him to put together some facts around the situation and send them to me – which he said he will try and do this afternoon.
Since this doesnt look like its going to be fixed soon (enough) – i have implemented a temporary work around on my mail servers, of relaying via my ISP’s mail relay…. for those of of you out there also on internode…. you can use mail.internode.on.net as a outbound relay…. at least temporarily.
On the reverse lookup/PTR comments below…. bascially there was some suggestion that it was a stricter PTR check that was causing the issue initially… i got this information 3rd hand and ran with it – as, no official information was forth-coming from cisco…. so hey, trying something on a whim that may fix the issue is good by me - as it can always be reversed easily
Anyhoo – hopefully we should have something better by the end of today.
* update 9/4/2012 * – i did get this thurs night, but have been away camping, so didnt post.
I can now also report that i can connect directly to all of our clients.