Ted Williamson
asked on
CBL Blocked Again
A site that I adminster was blocked again by CBL.
That site has Exchange Server 2003 with the latest service packs.
They also run the new version of Antigen 9.0 (anti virus and anti SPAM) on the Exchange server.
They use DSL and have a Cayman Router with the firewall turned on. The only ports open are for mail, web (for outlook web access), VPN and Terminal Server.
When a block list provider blocks a server, it would be nice if they list a specific reason. I don't see any SPAM going out, nor is the server being hijacked (relaying is not allowed).
What am I missing?
CBL mentioned that we should apply the MS06-040 patch from Microsoft (which I did).
That's the only change I made before asking that we be taken off the list.
It would really be nice if CBL said "On this date xx-xx-xxxx, your server sent spam from this account" etc.
Anyways, what else should I look for in terms of why this server was blocked? When I look for other blockers like DNSSTUFF, it only says "CBL blocked you"
For a rather unprofessional looking site with a rooster with a clothespin on its beak, they seem to weild a lot of power. I just wish they weren't so ambiguous.
Any help on this is greatly appreciated.
Thanks,
-Ted
That site has Exchange Server 2003 with the latest service packs.
They also run the new version of Antigen 9.0 (anti virus and anti SPAM) on the Exchange server.
They use DSL and have a Cayman Router with the firewall turned on. The only ports open are for mail, web (for outlook web access), VPN and Terminal Server.
When a block list provider blocks a server, it would be nice if they list a specific reason. I don't see any SPAM going out, nor is the server being hijacked (relaying is not allowed).
What am I missing?
CBL mentioned that we should apply the MS06-040 patch from Microsoft (which I did).
That's the only change I made before asking that we be taken off the list.
It would really be nice if CBL said "On this date xx-xx-xxxx, your server sent spam from this account" etc.
Anyways, what else should I look for in terms of why this server was blocked? When I look for other blockers like DNSSTUFF, it only says "CBL blocked you"
For a rather unprofessional looking site with a rooster with a clothespin on its beak, they seem to weild a lot of power. I just wish they weren't so ambiguous.
Any help on this is greatly appreciated.
Thanks,
-Ted
ASKER
The problem is that many of their clients use this blacklist and they cannot send mail to them.
When you say ensure that the server is tight, I've doine everything I can to ensure only the necessary ports are turned on.
The only other change I made today was to turn off "NDRs" since many NDRs are sent to spammers in response to a message not being delivered to a recepient on our network.
Have NDRs caused blacklisting?
Thanks,
-Ted
When you say ensure that the server is tight, I've doine everything I can to ensure only the necessary ports are turned on.
The only other change I made today was to turn off "NDRs" since many NDRs are sent to spammers in response to a message not being delivered to a recepient on our network.
Have NDRs caused blacklisting?
Thanks,
-Ted
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I followed your tips on your web site. I also turned NDRs back on. I emailed the CBL. I ran all of their freeware trojan horse detectors (even though we have the latest CA eTrust, with XP, Win 2003 with the latest service packs - they were all updated last night). I don't know what else do to. I know we'll end up back on the black list. Any other tips are appreciated.
Thanks,
-Ted
Thanks,
-Ted
The only other thing I can suggest is to lock your network down.
Block port 25 outbound for everything but the Exchange server. If something is sending junk it will quickly fill the event logs of the firewall.
Simon.
Block port 25 outbound for everything but the Exchange server. If something is sending junk it will quickly fill the event logs of the firewall.
Simon.
ASKER
Thanks. I'll look it down some more. I appreciate all your help.
They also claim that they will not tell you why you were blocked because that aids the spammers.
Does your organisation do anything that could be seen as questionable? Marketing sending out large numbers of email messages etc? Remember that one person's marketing message is another's spam message and most blacklists operate on a shoot first ask questions later policy.
The only thing I can suggest is to ensure that the server is tight, restrict as much as yo can, ensure that everything matches and then see if you can get off their list.
Simon.