Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2265 Views 3 Replies Latest reply: Dec 11, 2012 10:40 AM by Brad McGarr RSS
paf-skov Newcomer 1 posts since
Dec 10, 2012
Currently Being Moderated

Dec 10, 2012 7:30 AM

Mxlogic still denies hours after Spamhaus has delisted

Hi,

 

Even several hours after beeing de-listed at Spamhaus.org, we still get the error below when sending mails to several of our customers who seems to be using mxlogic.

When we click the Spamhaus link below, the ip address is shown as not listed, but it was blocked some hours ago due to a infected pc in our network.

But even Spamhaus has been showing "not listed" for hours, mxlogic is still blocking our mails.

What are McAfee doing to speed up the mxlogic de-listing process?

 

Regards,

Peter - www.skov.com

 

p01c12m006.mxlogic.net udløste denne fejl:
Denied [SHXBL] - Denied by Spamhaus XBL - See http://www.spamhaus.org/query/bl?ip=217.198.210.234 (Mode: normal)

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012

    Greetings Peter,

     

    The McAfee SaaS Email Protection uses a replicated copy of the Spamhaus database, so it is not real time. It updates once every 24 hours so the IP should be removed within about 24 hours of the removal on Spamhaus, depending on when the removal occured.

     

    Regards,


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • rnikolich Newcomer 1 posts since
    Dec 11, 2012

    I think Peters question is can McAfee speed up that replication? 

     

    From my own experiance as a customer on the reciepient side trying to receive email from clients who were blacklisted or even fingerprinted,  We've actually had to call & request the fingerprint to be reset or on occastion whitelist those domains manually.

     

    What I did hear recently was that in the event it's truly blacklisted its sometimes not even making it to our filter but getting blocked before that, in which case your kind of "up a creek".  Thoughts on that Brad?  If that is true then others ( not just McAfee ) protected reciepients would be blocking that email.  Correct?

     

    Maybe an explaination on how/where & who blocks blacklisted emails/domains/sender ip's if its not the reciepient email protection service/appliance or application.

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012

    rnikolich,

     

    The SaaS Product does have multiple layers of filtering. It generally flows in this pattern:

     

    McAfee SaaS Firewall > Spamhaus RBLs > Global Rolling Block Lists and IP Reputation Blocks> Virus, Spam, Content, Etc. Filters

     

    Or, in terms of time it takes to remove an entry:

     

    24 hours > 24 hours > 2-4 hours (automatic listing/delisting based on traffic patterns) > Spam fingerprint entries vary greatly based on many factors and can take up to 24 hours

     

    In many cases where the message is being denied by the McAfee SaaS Spam Filter level, issuing a "554 Denied" or "554 Denied [CS]", we can in many cases clear the fingerprint. This differs from Spamhaus though, which is largely outside of the control of McAfee. Listing and Delisting is managed by Spamhaus, and McAfee replicates their database on our system during low traffic periods to reduce customer impact from updating that large of a database. So, depending on how Spamhaus picked up the IP, it could be a server infection, configuration problem, or just poor sending practices. This is common practice, as polling Spamhaus databases for millions of messages a day is very resource intensive, not just to McAfee but Spamhaus as well.

     

    Here are some KB articles that provide some additional information:

     

    Bounce "554 Denied"

    551 Mailhost is on our global blacklist error

    Best Practices for Organizations Sending to McAfee SaaS Email Protection Customers

     

    Hope this information helps clarify things.

     

    Regards,


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points