exchange black list??

Hi,

I got a couple of undeliverables that directs me to this web site which I assume means they have my domain listed as blacklist.

The site I'm directed to is:

http://njabl.org/

The undeliverable is:

usa@cox-domain.com on 7/7/2005 3:20 PM
            The message cannot be delivered due to a configuration error on the server. Please contact your Administrator.
            <mail.domain.com #5.3.0 smtp;553 5.3.0 Message from 61.145.145.14 rejected - see http://njabl.org/>

I am not running open relay on my exchage 2003 server.

I am reluctant to enter my domain info into this site.

Any Ideas?

Thanks,

Donnie
LVL 12
Donnie4572Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
It isn't blocking your domain, but your IP address.
You are on a dynamic IP address range.
If you are on DSL or cable connection then these will be considered to by dynamic even if you have a static IP. In most cases all the ISP does on these types of connections is reserve an IP address for your account. It isn't a genuine static IP, more like a reservation in DHCP.

That IP address is also registered to China Telecom. This means it is flagged as being Chinese and therefore is considered a source of spam. A large number of sites will block all messages from Chine if they don't do business with China.

Finally it is also reported that IP address doesn't have a PTR - aka reverse DNS. If you are on a dynamic IP then this would be the case.

Fix?
SMTP Connector.
http://www.amset.info/exchange/smtp-connector.asp

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Donnie4572Author Commented:
Sorry Simon. I gave you bogus ip address. My mail server is 65.198.198.215

Thanks
SembeeCommented:
That IP address is listed as an open relay.
It was tested on 27th June.

I am little wary of using the online open relay testers, so I would suggest that you try it for yourself from outside your network.
I have instructions on how to do so on my web site: http://www.amset.info/exchange/spam-cleanup.asp

Simon.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Donnie4572Author Commented:
Thanks

I have tested using these same instructions but I will test again tonight. I have esafe box which was mentioned in one of the online test.

Thanks for your help
Donnie

From relaytestsend@mktalliance.com  Mon Jun 27 08:58:56 2005
Return-Path: <relaytestsend@mktalliance.com>
Received: from esafe.mktalliance.com (gateway.mktalliance.com [65.198.198.211])
      by rt.njabl.org (8.11.6/8.11.6) with SMTP id j5RCwsT25195
      for <relaytest@rr.njabl.org>; Mon, 27 Jun 2005 08:58:54 -0400
Date: Mon, 27 Jun 2005 08:58:54 -0400
Received: from rt.njabl.org ([IP=209.208.0.15]) by eSafe SMTP Relay 1119854418; Mon Jun 27 09:24:16 2005
X-RT-Subject: relaytest: 65.198.198.215
X-RT-From: relaytestsend@mktalliance.com
X-RT-To: relaytest@rr.njabl.org
From: relaytestsend@rt.njabl.org
To: relaytest@rr.njabl.org
Message-id: <1119877128.14443.0@rt.njabl.org>
Subject: relaytest: 65.198.198.215

This is an automated test message for the purpose of finding and
adding open relays to our dnsbl.  If you have any questions, see
http://njabl.org/
Donnie4572Author Commented:
Simon,

I am having problems connecting via telnet 25 as your directions here http://www.amset.info/exchange/spam-cleanup.asp

after the ehlo domain it sits there awhile then connection lost.
I also tried helo and same result
This connection is to 65.198.198.215 and a pix515 is my firewall.
Do you think the pix could be blocking this?
I'm using xp pro with lan interface firewall off.

SembeeCommented:
A quick look at that IP address clearly shows the PIX is "protecting" the SMTP port.

Turn off the FIXUP SMTP - aka mailguard and try again.

The other thing that could be causing the problem is antivirus. Most of the modern AV software will block certain ports, and 25 is one of the ports blocked. McAfee Enterprise 8.0 does that as I have been caught by it in the past.

Simon.
Donnie4572Author Commented:
Thanks, That worked. Do I need the fixup smtp or can I leave it off?

This telnet test......
http://www.amset.info/exchange/spam-cleanup.asp
returned "unable to relay"

Both of these sites think I am an open relay
http://www.abuse.net/relay.html
http://members.iinet.net.au/~remmie/relay/

I have followed your detailed instructions for closing open relay and these sites think I'm open. My problem still exist I am blacklisted at http://njabl.org/ and this is big problem for me. I have about 25 users that are getting NDR like this
 There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <#5.5.0 smtp;554 Service unavailable; Client host [65.198.198.215] blocked using combined.njabl.org; relay tested -- 1121099675>

Thanks for any help.

Donnie


Donnie4572Author Commented:
Simon,

This from this site
http://www.amset.info/exchange/spam-cleanup.asp

says....
If you don't have users sending email through your email server with Outlook Express or another POP3 client then you can disable "Allow all users that successfully authenticate to relay regardless of the list above".

I do not use pop3 or outlook express but I do use imap can I disable "Allow all users that successfully authenticate to relay regardless of the list above".


Thanks
Donnie
SembeeCommented:
I presume that you were trying this from outside your network?

You can leave fixup SMTP off. It causes nothing but problems.

Short term fix is to use an SMTP Connector to route email for those domains that you have problems with via your ISP.

Simon.
SembeeCommented:
When you configure your IMAP clients, what do you put in for the outbound server?
Your server or the ISP?

Simon.
Donnie4572Author Commented:
I have added one of the trouble domains to route through my ISP. Hope that works. I will know shortly.

The IMAP clients use my internal exchange for their incomming and outgoing mail server.
Donnie4572Author Commented:
Yes, I have two circuits to the internet and I went out one and in the other for telnet port 25
SembeeCommented:
If you have IMAP clients using your server for outbound, make sure that they are configured for SMTP authentication.
Then take a look at my web site to secure the authentication process:

http://www.amset.info/exchange/smtp-relaysecure.asp

Simon.
Donnie4572Author Commented:
Thanks for all Simon.

Donnie
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.