Plesk Mail Server is blacklisted. What to do?
What are the symptoms if local mail server on Plesk server is blacklisted?
Note: The following article covers cases for the local mail server installed on the server with Plesk.
The mail cannot be sent to external mail addresses with the bounce messages like the one below:
CONFIG_TEXT: 550 SC-001
(SNT004-MC4F35) Unfortunately, messages from 203.0.113.2 weren't sent.
Please contact your Internet service provider since part of their network
is on our block list
In the output above, the IP address
203.0.113.2belongs to Plesk server
On Linux servers with Postfix installed, the output of the
mailqcommand shows a lot of deferred mail messages:
(delivery temporarily suspended: host mx2.recepient-server.com [203.0.113.8] refused to talk to me: mx1.sender-server.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)
On Windows server with MailEnable mail server the following entries can be found in MailEnable > Servers > localhost > Connectors > SMTP > Logs > Activity > Log file:
CONFIG_TEXT: Remote server returned a response indicating a permanent error. Server Response:(550 Mail content denied. http://mail.example.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726**)
Lookup for the server's IP address with MXToolbox shows that it is in one of the DNS based email blacklists (Commonly called Realtime blacklist, DNSBL or RBL).
What is a blacklist?
Real-time blacklists or DNS blacklists (RBL, DNSBL) are publicly available services that stores a list of IP addresses known to be involved in spam activities. Nowadays all of the most popular mail servers can be configured to query DNSBL servers and reject or flag messages if the sender's site is listed in one of these lists. For example, Plesk has DNS Blackhole Lists feature that allows to specify the DNSBL host name that Plesk mail server should query and reject spam mails based on the response.
Additionally, recipient's mail server can have setup its own blacklisting service as a part of anti-spam solutions installed.
Why the server's hostname or IP address can be blacklisted?
It's not uncommon for a mail IP address to end up on a public blacklist, especially on a shared server. It could be due to overall volume of mail coming from that server, or messages seem to have characteristics of spam in them.
Another common cause is email forwarders. If there is a firstname.lastname@example.org mail box on Plesk server that forwarding mail to the mail box on some mail service like GMail user@gmail and if email@example.com is spammed, Plesk mail server could forward all the spam to GMail. As a result, GMail's mail server can consider Plesk mail server's IP address as a source of spam or relay server for spam messages and add it to its own list of spammers.
GMail servers might see sender's mail IP address as relaying the spam message to their server, even though it wasn't the originating server of the spam.
What to do if the server is blacklisted?
Note: Maintaining of the shared hosting server with Plesk installed as a hosting management solution is a responsibility of the server's administrator and the actions below is a part of such duties.
- According to the info about, if the IP address/hostname/domain were added to a blacklist, it means that the server is considered as a source of spam. So the first step is to find scripts that can send tons of outgoing spam messages.
As a part of the troubleshooting, try to disable mail() function - How to disable mail() function for a spamming domain?
- To avoid outbound spam issues in future, set up the Plesk features that help to configure Protection from Outbound Spam
Once it is verified that source of the spam is found and all precautions to avoid this behavior are set, it is time to remove the Plesk mail server IP address from the blacklists:
Send a removal request to exclude the IP address from blacklist. Most of the DNSBL services have Removal Request form on their websites, e.g.: