We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How should I deal with custom RBL or Barracuda Reputation false positives on my Email Security Gateway?

  • Type: Knowledgebase
  • Date changed: 9 months ago
Solution #00003433

Scope:
All Email Security Gateways, firmware versions 3.5.11.020 and above.

Answer:
If a legitimate email message is blocked by the Email Security Gateway because of a custom RBL or Barracuda Reputation, you should be able to find that block in the Email Security Gateway's message log on the Basic > Message Log page.

If you know the source IP address of the mail server being blocked, select the Source IP Contains: filter from the Filter drop down menu, enter the sending mail server's IP address, and click the Apply Filter button.

After locating the message, look to the Reason column to see which IP address the RBL blocked. It might not be the source IP, depending on how the Barracuda has been configured. It usually looks like this:

External Blacklist (x.customrbl.org[71.17.81.18])

This tells you both the custom RBL blocking the message, and the IP address that it used to block the message. If the IP address shown here matches the source IP address, then the sending mail server has been blacklisted by this custom RBL and may need to be exempted on the Email Security Gateway (if you still wish to receive mail from this sender). If the IP address does not match the source IP address, the Email Security Gateway is checking an IP address listed in the headers, and you may want to either disable this option (on the Block/Accept > IP Reputation page) or exempt the specific IP address.

To exempt an IP address from RBL scanning go to the Block/Accept > IP Reputation page, and enter in the IP address that you would like to exempt from RBL checks. Any IP address or IP range entered here will be skipped when scanning incoming mail against any RBLs configured on the Email Security Gateway.

If you are receiving a number of custom RBL false positives where the offending IP address is contained in the headers of the email but is not the source IP itself, you may want to remove the custom RBL.

Link to This Page:
https://campus.barracuda.com/solution/50160000000HCoVAAW