SmallPrint
asked on
our domain is blacklisted on Tiopan,,,,help!
Any advice on how to get us removed? I spoke to someone and they said they Tiopan is a hard one to get removed from. I have already emailed them to have us removed. Any tips?
We believe a specific PC was infected with a virus and was sending out spam. We have removed the PC from the network.
We believe a specific PC was infected with a virus and was sending out spam. We have removed the PC from the network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not ever seen them used before - but you never know.
Check on all the blacklists by visiting www.mxtoolbox.com/blacklists.aspx and if you are listed, follow the links to the relevant sites and make sure the listings and not current.
Note the date time of the last report and if that changes to a newer time in a few hours, you still have a problem.
If not, then you probably have solved the problem.
Locking down your firewall to only allow port 25 out from your server is also a worthwhile measure to take (as EndureKona has advised), so that if you get infected again, the infection should not be able to send out mail. If you cannot do this with your router - change it to one that can block outbound traffic by internal IP.
Check on all the blacklists by visiting www.mxtoolbox.com/blacklists.aspx and if you are listed, follow the links to the relevant sites and make sure the listings and not current.
Note the date time of the last report and if that changes to a newer time in a few hours, you still have a problem.
If not, then you probably have solved the problem.
Locking down your firewall to only allow port 25 out from your server is also a worthwhile measure to take (as EndureKona has advised), so that if you get infected again, the infection should not be able to send out mail. If you cannot do this with your router - change it to one that can block outbound traffic by internal IP.
ASKER
Thanks everyone. I have been checking mxtoolbox,robtex.com, and now kloth....all say we are clear EXCEPT for Tiopan (via mxtoolbox).
I think I might fax tiopan and see if that helps. Wishful thinking I know...but its worth I try.
I think I might fax tiopan and see if that helps. Wishful thinking I know...but its worth I try.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mail flow seems to be getting back to normal....but on top of submitted requests for delisting to all the RBLs we were on, I also reached out directly to Hotmail, ATT, Comcast, via phone or webform.
I have a phone call in with the university of texas Austin and bellsouth.net...our emails are not reaching them...but we also receive a totally different error message then this morning.
The blacklist emails specifically stated the IP and that we were blacklisted. These 2 domais i just stated time out (i force them to time out with a NDR in ESM) with an error
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<Server.domainK #4.7.1 smtp;450 4.7.1 <Server.Domain>: Helo command rejected: Host not found>
I have a phone call in with the university of texas Austin and bellsouth.net...our emails are not reaching them...but we also receive a totally different error message then this morning.
The blacklist emails specifically stated the IP and that we were blacklisted. These 2 domais i just stated time out (i force them to time out with a NDR in ESM) with an error
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<Server.domainK #4.7.1 smtp;450 4.7.1 <Server.Domain>: Helo command rejected: Host not found>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will give it a read. Im just glad it not saying the IP is blocked.
Are there any other sites I should utilize to check if we are on a RBL? MXtoolbox was saying we were okay (very early this morning), while at the same time another site we were listed.
Are there any other sites I should utilize to check if we are on a RBL? MXtoolbox was saying we were okay (very early this morning), while at the same time another site we were listed.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mxtoolbox does list Tiopan though. This sucks, its like i'm at their mercy.
I was on Tipoan about a month ago - I tried to email them and got a bounce back - I emailed them from Hotmail and got bounced back.
I ignored them and had no problems and they eventually dropped my IP off their lists.
I had an authenticated relay atack from a compromised account. As soon as I had isolated the problem account, and changed the password I started to get off the Blacklists (some by request), but Tiopan was not one that I could do anything about.
If you are clear on the rest and mail is flowing freely - ignore the Tiopan listing and you will drop off it after a while.
I ignored them and had no problems and they eventually dropped my IP off their lists.
I had an authenticated relay atack from a compromised account. As soon as I had isolated the problem account, and changed the password I started to get off the Blacklists (some by request), but Tiopan was not one that I could do anything about.
If you are clear on the rest and mail is flowing freely - ignore the Tiopan listing and you will drop off it after a while.
ASKER
Perhaps this is extreme, but would it be worth forcing all users to change their passwords? I think we got the correct pc,.... But won't know unless it happens again
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Such a slow email day. The queue was not packed , and I believe some domains were getting through.
ASKER
Most emails just bounced back right away, and were not in the ram queue
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Some items were leaving the server
Okay - then my last link should help you.
Also, as you only have 40 users - it would be advisable to change ALL passwords, including Administrator.
Do a good search through AD for all Users and make sure you change the lot.
Also, as you only have 40 users - it would be advisable to change ALL passwords, including Administrator.
Do a good search through AD for all Users and make sure you change the lot.
ASKER
Very difficult issue to troubleshoot. The tips from these experts helped out a lot!
ASKER