Barracuda RBL blocking all emails this morning?

Discussion in 'Networking & Security' started by jadams, Jul 30, 2014.

  1. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    Anyone having some issues with their spam filter utilizing Barracuda's RBL? Came into the office today with some reports of email of email being blocked. Checked the logs and I was getting this for every email (not just the one pasted here):

    Code:
    Jul 30 07:51:52 pfsense postfix/smtpd[97565]: NOQUEUE: reject: RCPT from mail.domain.com[208.105.X.X]: 554 5.7.1 Service unavailable; Client host [208.105.X.X] blocked using b.barracudacentral.org; from=<user@customer.com> to=<myuser@company.com> proto=ESMTP helo=<mail.domain.com>
    
     
  2. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,000
    Joined:
    Oct 6, 2002
    That netblock is a roadrunner allocation. I would not expect to get mail from that netblock.

    blocking cable provider ranges is standard practice to clamp down on spam.
     
  3. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    Thanks. thats just one specific instance though. It was blocking everything, even mail from gmail and many other customers.

    EDIT: I also ran them through MXTOOLBOX and none of them were blacklisted. Checked them against http://barraucuda.com/reputation and they passed as well.
     
  4. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,000
    Joined:
    Oct 6, 2002
    We saw barracuda randomly block everything many times for no sane reason for 4+ years and it never showed on the repcheck.. That's why we stopped supporting and using it..

    Good luck!
     
  5. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    Thanks. The two remaining RBL's im using seems to be passing traffic. But according to the logs I think its not being as thurough as Barracuda and some spam is getting through. I think (hope) that the built in exchange anti spam is catching whats left. This is the first I've had the Barracuda RBL do this and its been up and running for about 60 days now.
     
  6. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    ERMAHGAWD someone has the exact same problem?
     
  7. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,000
    Joined:
    Oct 6, 2002
    You evil crossposter, you :p
     
  8. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    haha when I need answers fast I usually goto Reddit. There arent too many threads that I dont eventually crostpost.

    That being said. Someone suggested that I need to register @ BarracudaCentral.org which I didnt know you had to do. I registered my IP's with them just now. Hopefully that will let me go back to using their RBL again, because its really good.
     
  9. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    Thought you guys might like this. So I took the advice of registering over at barracudacentral.org and registering my IP's. Never got the welcome email so i checked logs:

    Code:
    Jul 30 18:21:18 pfsense postfix/smtpd[76890]: NOQUEUE: reject: RCPT from unknown[64.235.144.160]: 550 5.7.1 Client host rejected: cannot find your hostname, [64.235.144.160]; from=<info@barracudacentral.org> to=<jadams@hardforum.com> proto=ESMTP helo=<barracudacentral.org>
    You gotta be kidding me...
     
  10. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,000
    Joined:
    Oct 6, 2002
    ... You have DNS problems, boss. 64.235.144.160 is a ptr to barracudanetworks.com
     
  11. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    I just changed my external DNS over to OpenDNS and Google
     
  12. jadams

    jadams 2[H]4U

    Messages:
    4,087
    Joined:
    Mar 14, 2010
    Soooo just a heads up it definitly turned out that not having a Barracuda account was the culprit. I wasnt aware you needed one and it worked perfectly for almost 2 months up until today. They must have caught on and shut me down!

    After signing up there was no indication that there would be an account confirmation email so I added the RBL back in as soon as I registered my IP's. Turns out I did have to confirm my account so I was in a temporary catch 22.

    TL;DR - MAKE SURE YOU REGISTER ON BARRACUDACENTRAL.ORG!!

    We're back to no spam as of 3PM today!