MX Messaging Resources

Seems we are experiencing alot of alert traffic due to MXTOOLBOX's IP address being blacklisted with CBL?
We use Mailwatch for filtering mail and also use public lists for our inhouse Exchange server!

Here is what our alerts show:
MXToolBox.com detected the change at: 3/18/2008 10:27:09 PM CT
Service unavailable; Client host [64.20.227.132] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=64.20.227.132 [3094 ms]

Can this be true?

 Mike

We do have trouble from time to time with that IP address being listed. Our diagnostics that the tool performs angers some sys admins. We attempt to perform an open relay which is not a nice thing to do, but is the point of the test. This IP will be cleared shortly.

---

Peter
Product Development Engineer
peter@MXToolBox.com
512-637-8762

What are all the IP addresses used for testing so that we can whitelist them? Seems different tests are used for the public diagnostic and internal, or multiple are used based on round robin, and availability.

 At any rate. The down messages are daunting.

Hello Peter:

We are checking back with you as we are still receiving numerous false alerts due to the Blacklisting of MXTOOLBOX's IP address as stated in this Forum earlier this month.
Any proactive Mail administrator would subscribe to these Blacklists as we do for mail filtering and to provide better quality and less risk for their mail users.
The MXTOOLBOX Monitoring tool and service use here is essentially useless as false alerts overwhelm us and real alerts (if any) become less visible in the midst of all the false alert traffic!

Here again is the message being displayed from our MXTOOLBOX Monitoring Dashboard and that is triggering the false alerts:

Service unavailable; Client host [64.20.227.132] blocked using sbl-xbl.spamhaus.org;  http://www.spamhaus.org/query/bl?ip=64.20.227.132 [3062 ms]

The Blacklist tool available on this site actually lists '64.20.227.132' at two listed blacklists:
CBL and SPAMHAUS

Any permanent remedy forthcoming? Or perhaps you can do monitoring from another IP address that is not Blacklisted?

Mike

 

If I may, I'd like to suggest getting whitelisted. I think you have a perfectly valid argument for it. Most blacklists check the whitelists before adding a record to their lists, This would greatly reduce or even permanently block your being listed in the major BLs.

 I disagree with the assertion that blacklisting is a bad practice as long as it's done with something to balance it out, such as spf, or whitelist checking. Blacklist use is effective, and is here to stay.

 I know you frequently get auto-reported by hardware devices inadvertantly when admins sign up for your monitoring service, and forget to whitelist you on their hardware. Unless this admin is a dolt, he will usually realize his mistake, and whitelist you from reporting and blacklisting, however might not report his mistake to the BLs. This might fix that.

 Regards,

Rich

Peter:
We posted to this forum again last week with the hope of hearing from you and you supplying some sort of resolution.
Any chance of getting an answer on where the blacklisting of MXTOOLBOX's IP address stands and whether the suggestion provided by the other participant in this message thread regarding 'whitelisting' of the IP address is being considered?

It appears that CBL is the main reporting database in the circumstance and there would be a good place to start to have the IP address 'whitelisted'. And, as the other forum participant suggested, a request from MXTOOLBOX should be allowed considering your status as a legitimate service provider.

Please read this post, as it explains the situation very well.

http://mxtoolbox.com/cs/forums/thread/1702.aspx

---

Peter
Product Development Engineer
peter@MXToolBox.com
512-637-8762

Link above does not work -

 

Also blocked by Barracuda Central now:

 
Server Type: Barracuda (Appliance)
Last Banner: Service unavailable; Client host [mxtb-pws2.mxtoolbox.com] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=64.20.227.132 [406 ms]

 

Time to change IP number used? 

Anonymous:

Also blocked by Barracuda Central now:

Server Type: Barracuda (Appliance)
Last Banner: Service unavailable; Client host [mxtb-pws2.mxtoolbox.com] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=64.20.227.132 [406 ms]

 

Time to change IP number used? 

As Peter mentioned above, this does happen to MxToolBox from time to time. The diagnostics tool that we use to perform tests does trip up some alarms with other system administrators. The IP will be cleared shortly and should not cause any other problems.

Thank you,
Wendy

---

Wendy
MXToolBox Support
support@mxtoolbox.com

Wendy:

I see your May '08 message does attempt to provide resolution to the MX Toolbox IP address being Blacklisted. However, we still are receiving reports via your monitoring tool that your IP address is blacklisted at spamhaus. If it makes any difference, and as the above forum user indicated, we have a Barracuda appliance situated in our network topography that filters mail, in addition to the "pay for" filtering we receive from MailWatch.
That being said, it would seem MX Toolbox would be right on top of this situation of its own IP address being Blacklisted and take remedial and ongoing continuous steps to prevent it from occuring.

Sorry for the broken link before, here is the "official" post on how and why our IP gets put on blacklists from time to time: http://mxtoolbox.com/cs/forums/permalink/1702/1705/ShowThread.aspx#1705.

I'm sorry if you are getting false alarms because of BLs you are using. Please whitelist our IP to prevent this in the future. We are partners with Barracuda and should be in their whitelist, but if you do see a problem from them or any other vendors, please contact me (peter@mxtoolbox.com) and I will take care of that quickly.  We do not respond to public blacklists when we get listed because they hardly ever have humans to speak with to get permanently whitelisted. We cannot take "steps to prevent it from occuring" becuase we are getting listed because of the consious and deliberate actions taken from that IP. Most namely checking for open relays. This IP address is not the IP of a mail server and therefore we don't really care if it's listed. If you are getting alarms from your systems, a whitelist or exception will clear that up.

We appreciate that you use the monitor and always welcome feedback,

Peter