How to deal with "host blocked using Barracuda reputation"

Problem

Occasionally CSAIL users receive email bouncebacks like the following:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

recipient@their-domain.edu
SMTP error from remote mail server after end of data:
host email-in.their-domain.edu [MMM.MM.MMM.MM]: 554 Service unavailable; Client host 
[outgoing.csail.mit.edu] blocked using Barracuda Reputation; http://www.barracudanetworks.com
/reputation/?r=1&ip=NN.NNN.NN.NNN

where the second IP address NN.NNN.NN.NNN does not actually match the outgoing.csail's IP address of 128.30.2.149.

Explanation

The problem lies not with anything at CSAIL, but with the Barracuda filtering appliance that your recipient's mail servers (here, their-domain.edu) are using.

CSAIL's outgoing mail server is following standard RFC practice by adding a Received: line reflecting the IP address from which you submitted your message. The Barracuda appliance at their-domain.edu is doing two things wrong: they are using Received: lines as evidence of malicious origin when quite frequently they correspond to authenticated SMTP submission, and their error message is conflating "outgoing.csail.mit.edu" with the IP address they really have a beef with (here, NN.NNN.NN.NNN).

What to do about it

If possible, please contact your recipient by alternate means, and suggest they refer their system administrators to this page. Alternatively, TIG can try to contact postmaster@ their-domain.edu which should bypass spam filters (but is not guaranteed to get anyone's attention in a timely fashion).

For further assistance, please email help@csail.mit.edu including the full bounce message.

Further detail

  • Over the past year, between 5 and 10 cases matching this pattern have come to TIG's attention.
  • To our knowledge, a temporary workaround is to add outgoing.csail.mit.edu to the remote site's Barracuda whitelist, but this will not be a permanent fix.
  • It would be preferable if the behavior of Barracuda appliance could be changed -- ideally the default behavior.
  • As of May 2011, Comcast and GMail add Received: lines listing the IP addresses for message submission agents in the same way we do.

-- ArthurProkosch - 31 May 2011
Topic revision: 31 May 2011, ArthurProkosch
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology