Loading ...
Sorry, an error occurred while loading the content.

Re: barracuda and relayhost

Expand Messages
  • James
    ... The recipient is on ISP3 which uses a barracuda. ... Why does the barracuda think the Client host is ISP2.smtp but it blocks the IP of my server?
    Message 1 of 7 , May 1 8:47 AM
    • 0 Attachment
      On 04/30/11 18:04, Noel Jones wrote:
      > On 4/30/2011 4:19 PM, James wrote:
      >> My client is ISP1.
      >> I submit mail to the postfix server for my domain (server running on
      >> ISP2).
      >> I use relayhost=smtp.ISP2 on the server for my domain.
      The recipient is on ISP3 which uses a barracuda.
      >>
      >>
      >>> <<< 554 Service unavailable; Client host [smtp.ISP2] blocked using
      >>> Barracuda Reputation;
      >>> http://www.barracudanetworks.com/reputation/?r=1&ip=IP.of.my.doman
      >>> 554 5.0.0 Service unavailable
      >>
      >> Is there a way to make relayhost work in this case?
      >>
      >
      > Contact the postmaster in charge of ISP2 to whitelist you.
      >
      > -- Noel Jones
      Why does the barracuda think the "Client host" is ISP2.smtp but it
      blocks the IP of my server?
      Shouldn't relayhost make the barracuda see the "Client host" AND IP as
      ISP2.smtp?
    • Jim Wright
      ... My experience is that the barracude will look at where the message originated, and if it doesn t like that, it can reject it. There are multiple levels
      Message 2 of 7 , May 1 9:18 AM
      • 0 Attachment
        On May 1, 2011, at 10:47 AM, James wrote:

        > Why does the barracuda think the "Client host" is ISP2.smtp but it
        > blocks the IP of my server?
        > Shouldn't relayhost make the barracuda see the "Client host" AND IP as
        > ISP2.smtp?

        My experience is that the barracude will look at where the message originated, and if it doesn't like that, it can reject it. There are multiple levels that can be configured on how messages can be rejected, their strongest levels are pretty brain dead. Your task will be to convince the admin of that other system that they are missing legitimate mail by using settings that are overly strict.
      • Noel Jones
        ... That was unclear from your original description. ... Barracuda has the ability to parse Received: headers and reject mail based on previous hops. Some
        Message 3 of 7 , May 1 11:09 AM
        • 0 Attachment
          On 5/1/2011 10:47 AM, James wrote:
          > On 04/30/11 18:04, Noel Jones wrote:
          >> On 4/30/2011 4:19 PM, James wrote:
          >>> My client is ISP1.
          >>> I submit mail to the postfix server for my domain (server running on
          >>> ISP2).
          >>> I use relayhost=smtp.ISP2 on the server for my domain.
          > The recipient is on ISP3 which uses a barracuda.

          That was unclear from your original description.

          >>>
          >>>
          >>>> <<< 554 Service unavailable; Client host [smtp.ISP2] blocked using
          >>>> Barracuda Reputation;
          >>>> http://www.barracudanetworks.com/reputation/?r=1&ip=IP.of.my.doman
          >>>> 554 5.0.0 Service unavailable
          >>>
          >>> Is there a way to make relayhost work in this case?
          >>>
          >>
          >> Contact the postmaster in charge of ISP2 to whitelist you.
          >>
          >> -- Noel Jones
          > Why does the barracuda think the "Client host" is ISP2.smtp but it
          > blocks the IP of my server?
          > Shouldn't relayhost make the barracuda see the "Client host" AND IP as
          > ISP2.smtp?

          Barracuda has the ability to parse Received: headers and
          reject mail based on previous hops. Some barracuda owners
          unwisely enable this feature.

          The offending header is added by your relayhost. If you also
          control the relayhost, you can add postfix header_checks rules
          to mangle or remove the offending header. See a discussion
          from a couple days ago about this same issue.

          If you do not control the relayhost, you'll need to contact
          the recipient domain postmaster via an alternate channel and
          try to convince them to whitelist your domain or (better) turn
          off the "deep inspection" feature of the barracuda. It's
          likely they are rejecting a significant amount of legit mail
          with this setting, with little impact on overall spam.


          -- Noel Jones
        • Wietse Venema
          ... They look at the message header to find out where ISP2.smtp received the message from, and that s how they find your server s IP address. Some DNSBLs are
          Message 4 of 7 , May 1 11:09 AM
          • 0 Attachment
            James:
            > Why does the barracuda think the "Client host" is ISP2.smtp but it
            > blocks the IP of my server?
            > Shouldn't relayhost make the barracuda see the "Client host" AND IP as
            > ISP2.smtp?

            They look at the message header to find out where ISP2.smtp received
            the message from, and that's how they find your server's IP address.

            Some DNSBLs are designed to block *DIRECT* mail from residential
            IP addresses, but the Barracuda is mis-configured - it uses this
            DNSBL also for correctly *RELAYED* mail.

            Wietse
          Your message has been successfully submitted and would be delivered to recipients shortly.