Question

How to disable Backscatter - get delisted from backscatterer.org

Asked by: GFCU

Our external IP address for our email has been listed with http://www.backscatterer.org/.  We've paid to get delisted and when doing that I've disabled any NDR's from going out (in ESM under Globa Settings -> Internet Message Formats -> properties of Default -> Advanced tab uncheck allow non delivery reports)  Since then we have been re-listed on http://www.backscatterer.org/.  Any suggestions??  We need to be delisted ASAP!

I've also tried this:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21570983.html

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-09-17 at 13:50:47ID24741444
Tags

backscatter

Topics

Spam Black Holes

,

Exchange Email Server

,

Email Servers

Participating Experts
3
Points
500
Comments
12

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. ESM Message Queue
    Hi All, I am running Win2k server (SP4 with all updates) with Exchange. Just install SAVCE 10 over version 9. Now I get pop-ups saying that my message was rejected by MY server. One said it was classified as SPAM and that if it was legit remove the word lavitra <sp> f...
  2. NDR disabled but Exchange 2003 still sends NDR
    Hi, I have Exchange 2003 running on Windows Server 2000 and an IIS SMTP gateway in front running GFI. NDR is completely disable but I still get a NDR back to my yahoo account when I test with a fake email address, fake@mydomain.com 1) NDR is Disabled on all GFI filters 2) ...
  3. Disable NDR??
    I manage an exchange server 2007 that receives a ton of SPAM. This server is contantly sending NDR reports to these spammers and I wanted to know how I could disable NDR entirely on this server. It is currently running RTM, But I plan to install service pack 1 today. Thank...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: GFCUPosted on 2009-09-17 at 13:54:04ID: 25360975

Also,

our current setup is a exchange server within the trusted network and email is routed to the email filter server that is located on a DMZ zone.  The outside ip address that is listed with backscatterer is the ip address of the internet email filter server. - FYI:)

 

by: alvedenPosted on 2009-09-17 at 13:57:46ID: 25361007

Go to this link

http://www.backscatterer.org/?target=test

Put your external ip address here and test. This will force a manual check on your ip. If everything is okay, you should be delisted after awhile

 

by: GFCUPosted on 2009-09-17 at 14:02:29ID: 25361047

Testresult for xxx.xxx.xxx.xxx:

This IP IS CURRENTLY LISTED in our Database.
Please note that this listing does not mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
If you don't know what BACKSCATTER or Sender Callouts are, click the links above to get clue how to stop that kind of abuse.


To track down what happened investigate your smtplogs near 07.09.2009 16:10 CEST +/-10 minutes.

You will either find that your system tried to send bounces or autoresponders to claimed but in reality faked senders, or your system tried sender verify callouts against our members near that time.

So you should look for outgoing emails that have a NULL SENDER or POSTMASTER in MAIL FROM and which got rejected at remote systems.

Read the rejection texts carefully and it shouldn't be a big deal to figure out what caused or renewed your listing.


History:09.05.2008 21:30 CEST listed  
06.06.2008 22:30 CEST expired  
25.11.2008 01:20 CET listed  
23.12.2008 02:00 CET expired  
08.02.2009 09:00 CET listed  
31.08.2009 20:30 CEST delisted 109 Impacts were seen while it was listed.  
07.09.2009 16:10 CEST listed  

A total of 1 Impacts were detected during this listing. Last was 07.09.2009 16:10 CEST +/- 10 minutes.
Earliest date this IP can expire is 05.10.2009 16:10 CEST.

 


--------------------------------------------------------------------------------

This IP is temporary listed.
The listing will expire automatically and free of charge 4 weeks after the last abuse is seen from that IP.
Expedited manual expressdelisting is available as an option if you do not want to wait for the automatic and free expiration.
You will be charged 50 Euro's using one of the following payment services.
WARNING: Before requesting expressdelisting make sure the problem which caused the listing is fixed, otherwise you are at risk to get listed again if new abuse becomes known.







Also - I didn't have smtplogs logging enabled at that time so there was nothing to check.  

 

by: GFCUPosted on 2009-09-17 at 14:07:01ID: 25361093

I've also checked my firewall traffic monitor and this is the entries that are coming back:

2009-09-17 17:06:33 proxy[1966] 1:1253221593: smtp response '421 mail.mydomain.com has refused your connection as your mail server appears to be blacklisted\x0d\x0a' msg_id="1B03-0211"       Debug

 

by: alanhardistyPosted on 2009-09-17 at 14:16:50ID: 25361182

Turn on Recipient Filtering (if it is not already) to drop messages destined for invalid recipients:

http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html

Also - check your IP on www.mxtoolbox.com/blacklists.aspx to see if you have popped up elsewhere.

What are you using for Spam filtering?

 

by: GFCUPosted on 2009-09-17 at 14:27:05ID: 25361260

Receipient Filtering is turned on and tar pitting has been enabled.  I have restarted the SMTP Service after that.  (This was done earlier today, but I did just verfy the configuration)  The exchange server has not been rebooted.

Results from mxtoolbox:
Backscatter.org  LISTED Sorry 68.248.135.132 is blacklisted at Detail
Return codes were: 127.0.0.2 2100 140

For spam filtering I am using Surf Control - Email Filter.

 

by: GFCUPosted on 2009-09-17 at 14:27:31ID: 25361269

Sender filtering has not been enabled.

 

by: GFCUPosted on 2009-09-17 at 14:30:10ID: 25361290

we are able to send emails out but we can not receive any from the outside world.

 

by: GFCUPosted on 2009-09-17 at 14:31:14ID: 25361301

in regards to enabling the tar pitting function, how well does that protect from directory harvest attacks?

 

by: MesthaPosted on 2009-09-17 at 15:17:12ID: 25361598

The recipient filtering needs to be done by whatever is accepting email from the internet. If that is Surf Control then that product needs to it. Doing it on Exchange is too late and will cause back scatter.
You need to reject the email at the point of delivery, at the edge.

If Surf Control cannot do recipient validation then you will have to put something in front of it that can.

Simon.

 

by: GFCUPosted on 2009-09-18 at 07:49:46ID: 25366557

I wasn't able to find any place to do this within surf control.  Is there a way to just add all of our users to a whitelist and have all of the other emails go into a folder that eventually gets deleted?  Would we still get NDR's if that was the case?

Or do you have any other ideas on something else that would do what you mentioned?

 

by: MesthaPosted on 2009-09-18 at 08:30:18ID: 25366990

I would speak to whoever supplies surf control, because recipient validation should be a basic part of any antispam solution. I have sites that drop 10,000 messages a day to non valid users.

Otherwise you are looking at either an antispam appliance or SMTP gateway in front of the machine that can do LDAP lookups. I wrote an article on building an SMTP gateway here: http://www.amset.info/exchange/gateway.asp
You would use a Windows machine and then a copy of Vamsoft ORF.

Simon.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...