Loading ...
Sorry, an error occurred while loading the content.
 

Re: barracuda and relayhost

Expand Messages
  • Noel Jones
    ... That was unclear from your original description. ... Barracuda has the ability to parse Received: headers and reject mail based on previous hops. Some
    Message 1 of 7 , May 1, 2011
      On 5/1/2011 10:47 AM, James wrote:
      > On 04/30/11 18:04, Noel Jones wrote:
      >> On 4/30/2011 4:19 PM, James wrote:
      >>> My client is ISP1.
      >>> I submit mail to the postfix server for my domain (server running on
      >>> ISP2).
      >>> I use relayhost=smtp.ISP2 on the server for my domain.
      > The recipient is on ISP3 which uses a barracuda.

      That was unclear from your original description.

      >>>
      >>>
      >>>> <<< 554 Service unavailable; Client host [smtp.ISP2] blocked using
      >>>> Barracuda Reputation;
      >>>> http://www.barracudanetworks.com/reputation/?r=1&ip=IP.of.my.doman
      >>>> 554 5.0.0 Service unavailable
      >>>
      >>> Is there a way to make relayhost work in this case?
      >>>
      >>
      >> Contact the postmaster in charge of ISP2 to whitelist you.
      >>
      >> -- Noel Jones
      > Why does the barracuda think the "Client host" is ISP2.smtp but it
      > blocks the IP of my server?
      > Shouldn't relayhost make the barracuda see the "Client host" AND IP as
      > ISP2.smtp?

      Barracuda has the ability to parse Received: headers and
      reject mail based on previous hops. Some barracuda owners
      unwisely enable this feature.

      The offending header is added by your relayhost. If you also
      control the relayhost, you can add postfix header_checks rules
      to mangle or remove the offending header. See a discussion
      from a couple days ago about this same issue.

      If you do not control the relayhost, you'll need to contact
      the recipient domain postmaster via an alternate channel and
      try to convince them to whitelist your domain or (better) turn
      off the "deep inspection" feature of the barracuda. It's
      likely they are rejecting a significant amount of legit mail
      with this setting, with little impact on overall spam.


      -- Noel Jones
    • Wietse Venema
      ... They look at the message header to find out where ISP2.smtp received the message from, and that s how they find your server s IP address. Some DNSBLs are
      Message 2 of 7 , May 1, 2011
        James:
        > Why does the barracuda think the "Client host" is ISP2.smtp but it
        > blocks the IP of my server?
        > Shouldn't relayhost make the barracuda see the "Client host" AND IP as
        > ISP2.smtp?

        They look at the message header to find out where ISP2.smtp received
        the message from, and that's how they find your server's IP address.

        Some DNSBLs are designed to block *DIRECT* mail from residential
        IP addresses, but the Barracuda is mis-configured - it uses this
        DNSBL also for correctly *RELAYED* mail.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.