Our MX IP / SES rejecting our own server / SORBS IP range blacklisted


ISSUE: Amazon SES is not delivering email alerts to our own email server. States that our Static IP is in the SORBS DNSBL database.

 Reporting-MTA: dns; a8-13.smtp-out.amazonses.com
 Action: failed
 Final-Recipient: rfc822; web.admin@xxxxxxx.xxx
 Diagnostic-Code: smtp; 550 5.7.0 Your server IP address is in the SORBS DNSBL database, bye
 Status: 5.7.0

We use Spectrum Business Cable with STATIC IP for six web servers and one email server. We've had this static IP for probably 4-5 years now. Our setup is that we forward all OUTGOING email to Amz SES for delivery to avoid any potential spam blocking. But, we use our own email server directly for all INCOMING messages. We do not use SES for incoming messages.

Well, it looks like Amazon itself is blocking us from RECEIVING our web server alerts (and order notifications). When the web server sends an alert email, or order notification to us the process looks like this:

 Our Web Server (x.x.x.x/30) ---> AmzSES SMTP-IN ---> AmzSES SMTP-OUT ---> Our eMail Server (x.x.x.x/30)

This seems to be a relatively new problem...

Checking with SORBS directly... we get this IP blacklist query result:

 "Static" entries [15:50:45 27 Feb 2012 GMT-05]
 x.x.x.0/17 - 1 entries [15:50:45 27 Feb 2012 GMT-05]
 Note: Active "exDUHL" entries mean that the IP/Network has been unblocked for some or all IPs from the DUHL.

The issue seems to be that our IP is x.x.x.x/30 and is getting caught up in this x.x.x.x/17 range block.

Running a blacklist test on several test sites does not show anything for the actual IP (x.x.x.x) but SORBS shows it as the entire x.x.x.x/17 range.

We've opened several support tickets with SORBS and none of them have any movement whatsoever. It's been almost a week now.

Is there anything AMZ SES folks can do about this issue??

Any suggestions are welcomed. Thanks in advance.

1 Answer

In my previous experience, it was pretty hard to get out of RBL thing if our IP has already been listed somewhere. I'd rather use SES API than SMTP method when sending Email to avoid RBL issue. You can take a look below doc if you want to change your sending method. https://docs.aws.amazon.com/ses/latest/dg/send-email-api.html

or you can place your proxy SMTP server (your sending machine) into AWS VPC and assign Elastic IP to be able to talk to internet. You must request support case to release port 25 limit to use EC2 as a SMTP server.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions