For an ISP who offers email relay services, its a tricky business avoiding blacklisting. This is because you have all types of users behind your network using your servers and a good number of them could have their machine infected with trojans that send out spam. Options are available such as using port 587 for mail submission instead of 25 but the support involved with that would be a nightmare or  having relay servers as anti-spam gateways but also this comes at the risk of false positives.

I also have a problem with companies with internal servers using smart relay to ISP relay server. Someone needs to educate me why this is necessary step if all other necessary measures like rDNS and security have been taken care of.

NB: You can always check if your ISP is blacklisted and in which blacklist here http://www.mxtoolbox.com/blacklists.aspx to avoid myths. Some blacklist like sorbs, spamhaus are more popular and would worry any sys admin more that others.





-----Original Message-----
From: Odhiambo Washington <odhiambo@gmail.com>
Reply-to: Skunkworks Mailing List <skunkworks@lists.my.co.ke>
To: Skunkworks Mailing List <skunkworks@lists.my.co.ke>
Subject: Re: [Skunkworks] Blacklisted mail servers
Date: Thu, 29 Apr 2010 16:28:18 +0300



On Thu, Apr 29, 2010 at 12:38 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,

I've been receiving complaints lately from my users about messages not getting to them and on investigating, I have found that a number of local ISPs have blacklisted mail servers. Is it just me or is it common among admins on the list? I have configured my mail server to reject messages relayed by mailservers blacklisted by spamcop, spamhaus and barracuda and respond with a message explaining that action. Now this has got me wondering whether I have made my security settings too tight or what...

Is that too drastic a security measure that I have taken?



I used to do the same when I used to be Sysadmin, with one exception: I'd find out ALL the subnets used by ISPs in KE and exempt those from the filtering. I'd still monitor and look at my stats for culprits and contact them to address the issues, and yes, I was very much willing to cooperate with them towards addressing the issues.

I have a friend who is using Onecom's mail servers for outbound, and quite often the servers are blacklisted. One mail I shot to onecom's support about three weeks ago still remains unanswered to date! Demographics have changed, I believe.

 
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"If you have nothing good to say about someone, just shut up!."
              -- Lucky Dube 
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke