sdeblock
asked on
Exchange Message Queues...
Good Morning,
I have an enterprise environment running MS Windows Server 2003 (fully patched) & MS Exchange Server 2003 (fully patched).
We were black listed the other day thanks to an employee who needed to have a cute little virus infected background picture of hearts on her computer. Our company was listed on multiple key blacklists across the globe. As of yesterday morning, we have cleared up the black list problems but there are several exchange queues such as airfrance.fr, volvo.com, faa.gov & dell.com in which we can not send messages to. The undeliverable reports point to not being able to deliver the message in the time specified. I've enabled all sorts of smtp and exchange logging which isn't really helping much.
Our exchange server has an r-dns entry, it's SMTP outbound settings match the r-dns record. Mail flows to a Majority of companies just fine, there are a few (listed above) that will not accept email from us, however, those companies are very important to us.
I am at a loss right now - any additional ideas would be appreciated.
TIA - Steve
I have an enterprise environment running MS Windows Server 2003 (fully patched) & MS Exchange Server 2003 (fully patched).
We were black listed the other day thanks to an employee who needed to have a cute little virus infected background picture of hearts on her computer. Our company was listed on multiple key blacklists across the globe. As of yesterday morning, we have cleared up the black list problems but there are several exchange queues such as airfrance.fr, volvo.com, faa.gov & dell.com in which we can not send messages to. The undeliverable reports point to not being able to deliver the message in the time specified. I've enabled all sorts of smtp and exchange logging which isn't really helping much.
Our exchange server has an r-dns entry, it's SMTP outbound settings match the r-dns record. Mail flows to a Majority of companies just fine, there are a few (listed above) that will not accept email from us, however, those companies are very important to us.
I am at a loss right now - any additional ideas would be appreciated.
TIA - Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Red,
Will the connector through the ISP actually avoid the RBL entirely? Wouldn't this cause other agencies to block them as the resolution on the domain will be a different IP than the actual relayer? Not saying it isn't the best solution given his circumstances, just curious.
Will the connector through the ISP actually avoid the RBL entirely? Wouldn't this cause other agencies to block them as the resolution on the domain will be a different IP than the actual relayer? Not saying it isn't the best solution given his circumstances, just curious.
sde:
It certainly sounds to me as if you are still on those companies' block lists.
It certainly sounds to me as if you are still on those companies' block lists.
ASKER
We are checking into the rating system from SenderBase/ironport right now. We are also attempting to get in touch with IT contacts at the other companies to see if they use similar RBL ratings block security services.
Would you be willing to put your e-mail domain up here? If not, I understand.
ASKER
The exchange server checks out A-Ok, re-tested everything from open relays, port security, etc.
After further researching SenderBase/IronPort, it would appear that they are a high level, no joke ratings center used by government agencies and enterprise organizations across the world. Our current rating there would explain the problems we have with the various companies. I would be willing to bet that this is the last remaining obstacle. I will post the conclusion follow up when it's confirmed.
After further researching SenderBase/IronPort, it would appear that they are a high level, no joke ratings center used by government agencies and enterprise organizations across the world. Our current rating there would explain the problems we have with the various companies. I would be willing to bet that this is the last remaining obstacle. I will post the conclusion follow up when it's confirmed.
Excellent. Hope it goes well.
>>Will the connector through the ISP actually avoid the RBL entirely?
Yes, RBLs work on the sending server - using the ISP as a smart host bypasses it entirely.
No, it will not get the ISP listed, as the ISP is not an open relay.
Yes, RBLs work on the sending server - using the ISP as a smart host bypasses it entirely.
No, it will not get the ISP listed, as the ISP is not an open relay.
ASKER
Per my earlier message - Friday night and this weekend it was confirmed that the virus infection that we caught on a single computer sent out a large volume of email that it was flagged by SENDERBASE.ORG. Because we are a low volume email shop dealing with a high volume email issue, it was necessary to setup a mass mail script (of good email) to various high volume targets at GOOGLE & HOTMAIL. This reduced our rating on SENDERBASE so the IRON PORT spam protection in place at our major clients started to allow mail flow late last night. We did some rough calculations and this virus infection sent out of a 1 million emails.
Thanks for you help and suggestions in solving this matter!
Steve
Thanks for you help and suggestions in solving this matter!
Steve
Yikes, glad to hear you got it solved in the end,
If you need help closing this question, you can click the split points button just above the comment box, or you can click the accept button next to an answer if you choose not to split.
-red
If you need help closing this question, you can click the split points button just above the comment box, or you can click the accept button next to an answer if you choose not to split.
-red
1 Million e-mails eh? So that's where all this new spam is coming from ;)
Careful, he knows splitting is optional :))
Heh. :D
ASKER
I've just heard from somebody over in Germany. Have you heard of a company called SenderBase? They have us listed as a 2.2 and one of the companies in question blocks anything that's higher than 2.0. I'm assuming this rating will adjust over time, but I'd like to speed it up if possible.