Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2003 is blacklisted (spamtrap mail???)

Posted on 2006-04-09
13
Medium Priority
?
728 Views
Last Modified: 2008-03-17
Hey all,

I've encountered al problem lately, at the beginning of the week I received several emails like this when sending mails...

Your message did not reach some or all of the intended recipients.

      Subject:      Test
      Sent:      9/04/2006 14:37

The following recipient(s) could not be reached:
      rec1@dom.com on 9/04/2006 14:37
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mydomain.be #5.5.0 smtp;551 Mail from your IP is currently blocked based on RBL listing>


I've contacted my ISP and apparantly my IP has been blocked so I requested to unblock it and to be sure I changed the IP of my mail server onto another one. To be sure that my exchange wasn't an open relay I performed some tests (as described in other topics as well) and apparantely only authenticated users can connect to the mail-server... (Tests from autside using telnet gave the "connection failed" error).

But now, a few days later, I get these error mails again... but now for the second (fixed btw) IP-address. When checking several blacklists (http://www.robtex.com/r/195.162.193.76.html) I saw that it was listed again.... But now I have no clue what to do to prevent from being blocked again...

I'm quite desperate as my mailserver has been up and running several months now without any error uptil now... I don't get it.


Thanks for the help !
0
Comment
Question by:MichaelVH
  • 6
  • 4
11 Comments
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411492
And before I forget....

When trying to figure out why I was blacklisted I saw that it had to do with "spamtrap mail received", but I have no clue what it means... Thanks!

Michael
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16411582
Assuming your not relaying, and generally your SMTP queues dont have a couple hundred lines of connections that liik illegetimate (indicating that you might be relaying spam) your problem is that use of these blocking mechanisms are on the rise.  You may not be able to directly send email from exchange connected via your internet service.  Does the ISP say that it is a business connection?  Is it a static IP address?  If you change IP's and the new one is still blocked it means that a whole range of IP's have been added to RBL's to prevent the ISP who does primarly offer safe haven to spammers from moving IP's around as they are blocked.

It is probably best to setup an SMTP connector to finish sending your messages.  Every ISP has to offer it's customers a SMTP server, and it is not going to be blocked.  http://www.amset.info/exchange/smtp-connector.asp

0
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411591
Hi,

The other Ip's in my range aren't blocked... and they are all fixed ip's.

Indeed it is a business-line that I've got so that shouldn't be the problem.

What I forgot to mention is that I do use an smtp-connector to send my mails... (that's wy I don't understand how this could have happened)

When I change IP it worked for 3 days fine, up till now that is...
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 104

Expert Comment

by:Sembee
ID: 16411672
My instinct is that you may have an infected machine inside your network. If you use a single IP address for the entire LAN then all connections coming out of your network will appear to come from the same IP address.
You can keep changing your IP address, but if a machine inside is infected, then you will continue to get listed (and annoy your ISP)

First thing I would do is configure your firewall to block all connections on port 25 - SMTP, except your Exchange server.
If the firewall can do it, then I would also configure Exchange to use an SMTP Connector, then configure the firewall to only allow OUTBOUND SMTP connections to the ISPs server. Inbound should be left alone.
Turn up the logging and wait. An infected machine will show up pretty quickly because it is trying to send messages out.

You aren't on any of the open relay lists, so I don't think it is that, although you could test the machine - see http://www.amset.info/exchange/spam-cleanup.asp for instructions.

You could also scan your entire network for port 25. No workstations should have anything on port 25. If you find anything then you should investigate.

Simon.
0
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411726
I'm running a full-scaled scan on the entire network as we speak. Hope this helps...

But now a quick question... :
i've got 5 available IP's from my ISP. Would it be better to assign my Exchange and external IP? But the problem resides in this: I've got an SBS2003 running on the server which is also used for print & file sharing... What is the best solution to do so than????

Is this correct?

                        Modem
                            |
                      Switch
                           |
             -----------------------------
             | (195.162.193.74)        | (195.162.193.75)
        Router                           Server SBS2003 (+exchange)
             |  (192.168.10.1            | (192.168.10.200)
        Switch-------------------------
             |
         ----------------------------
             |(192.168.10.5)        | (192.168.10.6)
          Computer 1        Computer 2


If I desing my network as above, won't this make a huge security-risk because my server is exposed directly to the internet? Any suggestions?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16411736
It depends on whether your firewall can do a one-to-one NAT. If it can, and you can give the Exchange server its own IP address, then I would do that.
You would then need to get DNS and reverse DNS configured correctly. I like to give the Exchange server its own IP address so that it the email flow is separate from the other traffic - particularly web browsing. If the firewall is then advanced enough you can make further restrictions on what can come and go.

Simon.
0
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411750
Where in the picture does the firewall come in? My router has a built-in firewall... Do I need to implement another one?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16411755
Router and firewalls are often the same thing.
I usually deploy the Cisco PIX 501/505 which is a firewall with routing capabilities. It depends on what the router is capable of. If it is a consumer level router then you may not have the control that you need.

Simon.
0
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411763
Okay, I'm a bit confused now :p

I've got an cisco 876 router, configured with 2 vlans (one for the cable-internet and one for the internal network)... I've got a sonicwall somewhere I've never used. Would it be better to deploy it as following? :

                                      Cisco
                                         |
                                   SonicWall
                                         |
                                     Switch
                                         |
                                  --------------
                                 |                |
                                PC1(.5)       Server1 (.200)


If I'm correct than the one-to-one nat make Server1 appear as 195.162.193.75 and all other trafic as 195.162.193.74, right?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16411783
With NAT, if you have a single IP address then all traffic coming out of the network appears to come from that single IP. The router will translate the return traffic to send it to the correct internal IP address.

A one to one NAT does pretty much as you have said - it is an external IP address that is exclusive to a single device.

I haven't worked with a Cisco 876, but a quick look at the Cisco web site looks like it would do everything that you need. You shouldn't need to configure anything else.

It will just be a matter of getting in to the configuration of the device and setting the rules as required. If you have the device on a support contract from Cisco, then I would give Cisco support a call. Their support is the best I have ever worked with.

Simon.
0
 
LVL 11

Author Comment

by:MichaelVH
ID: 16411808
Thanks for the tips, I'll try that and get back to you tonight/tomorrow ! Thank you !
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question