- Plesk for Linux
- Plesk for Windows
An IP address of a Plesk mail server got blacklisted. What to do?
Note: The following article covers cases when a local mail server is used by Plesk.
Table of Contents
- What are the symptoms if a local Plesk IP address is blacklisted?
- What is a blacklist?
- Why an IP address is blacklisted?
- What to do if a server IP address is blacklisted?
- How to unblock a server IP address?
What are the symptoms if a local Plesk mail server is blacklisted?
Mail cannot be sent to external mail addresses with bounce messages:
Note: In the output below, the IP address 203.0.113.2 belongs to a Plesk server:
PLESK_INFO: 550 SC-001
(SNT004-MC4F35) Unfortunately, messages from 203.0.113.2 weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140).
PLESK_INFO: [203.0.113.2] The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError h1si7104782plt.44 - gsmtp (in reply to end of DATA command))
On Linux servers with Postfix installed, the output of the
mailqcommand shows a lot of deferred email messages:
(delivery temporarily suspended: host mx2.recepient-server.com [203.0.113.8] refused to talk to me: mx1.sender-server.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
On Windows servers with the MailEnable mail server, the following entries can be found in the SMTP activity logfile at MailEnable Management > Servers > localhost > Services and Connectors > SMTP > Logs > Activity:
CONFIG_TEXT: Remote server returned a response indicating a permanent error. Server Response:(550 Mail content denied. http://mail.example.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726**)
When checking a server IP address using the MXToolbox blacklist checker, it shows that the IP address is in one of the DNS-based email blacklists (Commonly called Realtime blacklist, DNSBL or RBL).
What is a blacklist?
Real-time blacklists or DNS blacklists (RBL, DNSBL) are publicly available services that stores a list of IP addresses known to be involved in spam activities. Nowadays all of the most popular mail servers can be configured to query DNSBL servers and reject or flag messages if the sender's site is listed in one of these lists. For example, Plesk has the DNS Blackhole Lists feature that allows to specify the DNSBL host name that Plesk mail server should query and reject spam mails based on the response.
Additionally, recipient's mail server can have setup its own blacklisting service as a part of anti-spam solutions installed.
Why a server IP address got blacklisted?
It is not uncommon for an IP address to end up on a public blacklist, especially on a shared server. It could be due to overall volume of mail coming from that server, or messages seem to have characteristics of spam in them.
Another common cause is mail forwarders. If there is a firstname.lastname@example.org email account in Plesk that is forwarding mail to the mailbox on some mail service like Gmail user@gmail and if email@example.com is spammed, Plesk mail server could forward all the spam to Gmail. As a result, Gmail mail server can consider Plesk mail server IP address as a source of spam or relay server for spam messages and add it to its own list of spammers.
Gmail servers might see sender's mail IP address as relaying the spam message to their server, even though it wasn't the originating server of the spam.
What to do if a server IP address is blacklisted?
If the IP address/hostname/domain were added to a blacklist, it means that the server is/was considered as a source of spam.
If spam emails are still being sent, find scripts that are responsible for this:
As a part of troubleshooting, try to disable mail() function: How to disable mail() function for a spamming domain?
To avoid outbound spam issues in future, configure protection from outbound spam.
Make sure all mail settings are set up in Plesk according to this KB article.
How to remove server's IP address from a blacklist?
Once you verified that the source of spam is found and all precautions to avoid this behavior are set, it is time to remove the Plesk mail server IP address from the blacklists:
Send a removal request to exclude the IP address from blacklist. Most of the DNSBL services have Removal Request form on their websites, e.g.:
Contact support of Gmail and Outlook to remove your IP address from blacklists: