Autor: Ron White Data: Para: Emmanuel Noobadmin CC: exim-users Asunto: Re: [exim] Problem with Barracuda Networks
On Thu, 2010-07-08 at 13:16 +0800, Emmanuel Noobadmin wrote: > I have a problem with Barracuda Networks blocking various dynamically
> assigned IP addresses that my clients have the misfortune to be
> assigned to every few weeks or so.
>
> No other blacklist has the "offending" IP. AFAIK, neither had the mail
> servers IP serving those clients domain ever been blacklisted by any
> other lists in the years the domains had been active.
>
> Neither is Barracuda blocking the mail server IP, based on the bounce
> message, it's simply picking up on the sender's IP that is sent in the
> mail header.
>
> Initially I thought it was possible to use EmailReg.org to deal with
> this as Barracuda suggests on their site. However, looking it through,
> it seems that
>
> 1. EmailReg only works on per IP per domain.
> In other words, everytime my client is unfortunate enough to get a
> blocked IP when their current DHCP lease expires, they got to shell
> out US$20
>
> 2. Subscription is for live and cannot be terminated
> Googling about this, turns up user anecdote that EmailReg
> automatically renews the subscription and charges the credit card, and
> seemingly impossible to unsubscribe.
>
> In other words, if my client get a new IP every 2 weeks and 1/4 of the
> time they get a "bad" IP, they would have to pay US$20 every 2 months
> (it's happened twice this year already). In a year, that's US$120 and
> incrementing by US$120 every year. Some folks on the net call it a
> racket/scam.
>
> Currently, the practical solution is to ask my client to reboot their
> modem so they get a new IP. But since Barracuda's list is likely to
> grow, it may be possible that one day they will end up list the entire
> public range our ISP provides, so this tactic becomes unusable.
>
> So I'm thinking, perhaps the easiest way here is to strip/modify the
> headers for outgoing emails so that Barracuda can't pick up on that.
>
> Is this possible to do in Exim and are there any ramifications of
> altering the sender IP say to a hash that I can track back for
> investigating actual abuse?
> Call Barracuda - they are actually pretty good and will be able to
discuss any evidence files of spam they have from that IP. They have
quite a sensible way of building their RBL and in addition to the usual
'honeypot' systems, they include a feedback loop from users of Barracuda
appliances marking messages as spam. They won't just list for being
dynamic (that would be the domain of a PBL) but will pretty accurately
list spammers. They will also *not* remove the IP if they are happy it
is spam related.
Number in UK +44 (0)1256 300 100 ask to open a 'non customer BBL case'
to take the matter further.