Cannot send emails anymore due to Barracuda networks

By lavola
Nov 4, 2008
  1. I am in desperate need of help... My husband inadvertently opened up an attacchemnt (ARGHH) and downloaded who knows what. I am not sure if whatever he downloaded is creating this problem or if the email problem is due to some other bigger issue..
    These are the facts: we have 4 computers on a network. We use exchange server for emails. Yesterday we noticed emails were coming back due to our IP address having a bad reputation on barracuda networks. After reading about it it seems that we can not send emails until the problem has been resolved. I called my tech who asked me to go to a cmd prompt and type netstat_ on and see which of the pcs had any ip addresses that show :25. My husband's pc was found to be the only culprit. Then the tech asked me to download AVG and update it, isolate the pc from the network and scan. Done that. It found a slew of infections and viruses whic I placed in the vault. AFter reading a few posts, I get the impression that the system, though shows clean in AVG is porbably not.
    What now? How do I get off this Barracuda list and get on with my emails?
    Can anyojne out there help? My technician is great but he's just too busy and I need to go back to work, thanks
  2. jobeard

    jobeard TS Ambassador Posts: 9,148   +597

    hum; the :25 is the port number for outbound email and it will be seen ONLY when
    it is active :(

    With Exchange Server(ES), this should be the only system that is sending to your ISP
    (all the clients will send to ES), so run netstat -on that system.

    Meanwhile, I'll do some research on getting your ES to be more secure ...
  3. jobeard

    jobeard TS Ambassador Posts: 9,148   +597

  4. lavola

    lavola TS Rookie Topic Starter

    Hi Jobeard, Before beginning the whole process, I did look in the ES for the :25 and the server did not show any :25. Then I started the computer in safe mode, and ran AVG while in safe mode. it scanned the C hard drive and according to what I read it removed many infected files to the vault. After that I restarted normally, ran the netstat -on and behold... all the 25's were still there!!!
  5. jobeard

    jobeard TS Ambassador Posts: 9,148   +597

    YES!!! :25 is the port number used for sending email -- it must be there to have it work.

    Port 110 or 143 is used for reading email from your ISP.

    The Tech was trying to get you to see the ip numbers associated with port 25, eg

    the xxx.yyy.zzz.123 portion is what has been 'blacklisted' by Barracuda, due to
    the virus's you had on your ES.

    You need to call them back, describe the maintenance you have performed and
    get them to remove your IP address from the list :)
  6. lavola

    lavola TS Rookie Topic Starter

    Good morning! So the :25 should be there.. I'm not sure I understand ..Are the numbers I am to look for the 110 or 143 before the :25? And on what pc, the server or my husband's pc hard drive?
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thought I'd leave this info here. I stopped by because "Barracuda Networks" was a new one on me. Here's the description:

    I'm going to take a guess here and say that whatever attachment was opened had script in it to induce a mass mailing, so his IP got put on the spam list. Of course, the mailings went out over his IP!

    I wouldn't think it was a port issue, but rather than finding a way to have the IP removed from the spammer list.

    You might find this interesting also:
    Bet he won't do that again!
  8. jobeard

    jobeard TS Ambassador Posts: 9,148   +597

    netstat -on
    TCP    [COLOR="Blue"][/color][COLOR="Red"]4313[/COLOR]  [COLOR="Magenta"][/COLOR][COLOR="Red"]:53[/COLOR]        TIME_WAIT
    TCP         TIME_WAIT
    TCP        LAST_ACK
    your ip address or the far-end address are noted and the port number follows the ':'
    In this display, I've connected to (my ISPs dns address) on port 53 (which is the dns port)

    ASSUMING that all your computers contact the Exchange Server for email, then
    you need to run netstat on the ES machine.

    Frankly, if your address has been blocked, it should be your public ip address,
    not any address behind your router/lan.
    You can determine your public ip address with this URL:
  9. lavola

    lavola TS Rookie Topic Starter

    Yes, all our emails do go through the ES - I did run netstat on the ES yesterday, and I did not find any :25, however there are a slew of others on there, the problem is I am not sure what I am looking for. I checked all computers and our ip is . Yesterday I disconnected his pc form the network so no spam could go out. Then I went to mxtoolbox
    to see where I was blacklisted, and wherever I could I asked to be removed from their list. We need to access his emails but I'm afraid I have not done enough to stop the spam....
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I was stopping by to tell you to either remove or disguise the IP, but decided to check it first: according to the ArinWhois database, it's not a valid IP. Please don't leave you IP.
  11. lavola

    lavola TS Rookie Topic Starter

    ok, well now how do i remove it from here?
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well it doesn't make too much difference since it's showing as invalid. But there is an Edit feature for posts.

    Did you understand that I was telling you the IP is not a valid IP?
  13. lavola

    lavola TS Rookie Topic Starter

    good morning Bobbye, I found the edit button... thanks. I had searched for the ip address on each pc including the ES, all pc 's had the same number. Now I may have made a mistake transcribing it, so in a bit I'll be back at the office and check it again. I'll get back to you in a few hours...
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Don't post the IP here. Check to make sure it's valid here:

    For instance, if you type the IP from momok in the example, it shows the TechSpot server at The Internet Services, Inc. When I typed yours in, I got 'no IP with that listing'.
  15. lavola

    lavola TS Rookie Topic Starter

    Well I ''m stumped. I know every computer has the number mentioned. I know we exist because we get emails every day and we run a business. I just pinged and the repsonse is the same at mxtoolbox. what now?
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you can't unblock the IP until you know the IP! So at this point, I'm thinking there is some malware on the system causing the problem. I suggest you follow the guidelines on:

    Run the programs, attach the logs. That way not only will malware be removed, but we can see what's running.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...