I was trying to return an email to a customer and it bounced. Anybody know what is up with Barracuda, how to fix this problem and how they can get abay with obstrucing email traffic. I sent in a request to unblock and I still get bounced. HTML: host d52353a.ess.barracudanetworks.com[64.235.154.66] said: 550 Service unavailable; Client host [myserverhost.com] blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/?r=1&ip=myip ([email protected]:blocked) (in reply to end of DATA command)
550 is a Sender ID validation problem: http://mail.live.com/mail/troubleshooting.aspx#errors You might need to configure your DNS settings with your VPS host company etc. You need an A record, PTR record, MX record, and a SPF record. I have in my DNS settings: A records that point to ` `, `*`, `www`, & `mail` MX record points to `mail.domain.tld` SPF record (in the TXT section) set to `v=spf1 a -all`. (Don't include the quotes in your entries) The PTR record is a reverse look up of your IP. With my provider, this was setup using a link in a different part of their control panel. When you want to test your settings, send a mail to this address: '[email protected]'. They will send you a reply that evaluates your settings and gives hints on what's working or not. Hope this helps. Cheers, Nap
Thanks for the good DNS information. 24 - 48 hours later I was able to send the email. The funny thing here is that the person on the other end was using a gmail for a firewall and not Baracuda. I have checked my Reputation and now is is good. I am not sure if this happened by simply trying to clear my IP reputation on the site or by working on the DNS. I was using the default DNS settings so I added A record * SPF record v=spf1 a -all HTML: SPF check: neutral DomainKeys check: neutral DKIM check: neutral Sender-ID check: neutral SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: server1.example.com Source IP: MY IP mail-from: [email protected] ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: neutral (SPF-Result: None) ID(s) verified: [email protected] DNS record(s): example.com. SPF (no records) example.com. TXT (no records) ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s): ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: neutral (SPF-Result: None) ID(s) verified: [email protected] DNS record(s): example.com. SPF (no records) example.com. TXT (no records) ---------------------------------------------------------- SpamAssassin check details: ---------------------------------------------------------- SpamAssassin v3.4.0 (2014-02-07) Result: ham (-0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain I checked on dnsstrff.com and I have 3 warn, 30 pass and 3 info Warn: Nameserver software version One or more SOA fields are outside recommended ranges Only one MX record exists within the zone. Info: No stealth nameservers to test. No DNSSEC records created for this zone This domain does not have an SPF record, nor an SPF formatted TXT record I think the DNS is working better and I may have just had a Jump in page rank, it appears that I still have something to figure out. I also tried the SPF example in the manual v=spf1 a mx ptr -all but it did not work any better.
You are getting a 'neutral' result for SPF and Sender-ID Check. If you create a PTR record (reverse DNS) you should 'Pass". With my provider, I had to use their interface to create the PTR rather than enter it into my DSN settings page.
I contacted my ISP and got a PTR which simply resolves to one of my dedicated server IPs. I have added the PTR as a DNS record but the results are the same. resolv.conf is pointing to my ISP's nameservers ns1 and ns2 are pointing to my first and second IP. Not sure if that is correct for a single server configuration. I think dnsstuff.com was saying something about too many name servers.
The SPF check compares the IP of the domain announced in the EHLO greeting to the IP which is sending the mail (and a reverse check is also done). So the PTR should resolve to the domain name being announced in the EHLO message by the mail server. I don't think the hostname matters. I haven't done anything with my resolv.conf file. In fact, mine has settings that refer to my hosting company, and thus seems unimportant for this. Here's a summary of my setup: All the DNS settings for my main domain are only in my hosting provider's DNS Manager. I also have DNS settings there for my other hosted domains (but they're probably not needed because I have the same records entered into ISPConfig). On the websites of the companies where the domain names were purchased from, the name server settings are set as follows: mainDomain: I use my hoster's name servers. otherHostedDomains: They are set to point to ns1.mainDomain & ns2.mainDomain. My hosting provider only allows me to have one PTR record (as I only have one IP address), which points to mainDomain. But I don't have it entered in the DNS Manager my hoster provides. TBH, I'm not sure where it's actually recorded; perhaps in their own DNS settings. For all my domains, I have (either in my hoster's DNS Manager, or ISPConfig, or both): 4x A records: *, mail, www, and just mydomain.tld (which shows as an empty entry), A TXT entry for SPF, like you've already done. A MX entry 'mail.domain.tld' When you are configuring these settings, you should set the TTL to 300 (5 min), or less. Once you get it working, set them back to higher values. For my other hosted domains, I have a PTR entry for each in ISPConfig. I'm not sure if that's actually required since a reverse mapping of the IP will show my mainDomain. But, since all my hosted domains use the one mail server (even through they use their own domain name after the @) the EHLO greeting matches the PTR record my hoster setup. I have tested my mail against that site for my main domain & other hosted domains. In each case I get a 'pass'. I was getting 'neutral' before I setup the PTR record. Here is a report from one of my hosted domains: Code: The Port25 Solutions, Inc. team ========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: hostname.mainDomain.tld Source IP: 123.123.123.123 mail-from: [email protected] ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): hostedDomain.tld. SPF (no records) hostedDomain.tld. 300 IN TXT "v=spf1 a -all" hostedDomain.tld. 300 IN A 123.123.123.123 ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s): ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): hostedDomain.tld. SPF (no records) hostedDomain.tld. 300 IN TXT "v=spf1 a -all" hostedDomain.tld. 300 IN A 123.123.123.123 ---------------------------------------------------------- SpamAssassin check details: ---------------------------------------------------------- SpamAssassin v3.4.0 (2014-02-07) Result: ham (1.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)' 0.0 HTML_MESSAGE BODY: HTML included in message ==========================================================
