tiffinIT
asked on
Exchange 2003 blacklisted
I am new to exchange 2003, Since we have made the cut to it I have been blacklisted about every 3 days or so. I need help in trying to track down the problem. I have tested for open relays and have found none. when i was using exchange 2000 I never had any issues. Please Help!!!!
Thanks
Chad Logan
Network Administrator
Tiffin Motorhomes Inc.
Thanks
Chad Logan
Network Administrator
Tiffin Motorhomes Inc.
ASKER
I am recieving bounce messages that give me the listing site, but I went to the mx toolbox site and did a quey and it displayed anll of the listing sites that i have been listed on. We do not do mass mailing or anything of that nature. Can you elaborate more on securing the server. I am checking the queues now to see how the message loads look. I am not sending Ndr's . Is it possilbe that it is not coming from my servers? Maybe spoofing or someone internally has spyware that is sending out of that external ip
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've been thru a similar problem. We changed the Global Public address for port 25 on the firewall to a different address. Once that was changed, the black lists do not have that address and you are no longer black listed. However you may get blacklisted again...so locking down port 25 so that only 1 or 2 exchange bridgehead servers can send outbound email is a great idea.
This prevents any potentially infected machines with SMTP engines from sending email. Also be sure that SMTP is set to send mail for only "authenticated" users. If you already checked for an open relay that is good becuase you don't want an open relay internally or especially externally.
If you do need to relay internally, then add the IP addresses of those machines that cannot authenticate and need to relay to the SMTP virtual server.
This prevents any potentially infected machines with SMTP engines from sending email. Also be sure that SMTP is set to send mail for only "authenticated" users. If you already checked for an open relay that is good becuase you don't want an open relay internally or especially externally.
If you do need to relay internally, then add the IP addresses of those machines that cannot authenticate and need to relay to the SMTP virtual server.
I would also lock down 587. Some bots use that because most network guys worth half their weight in salt know to check 25 and to lock it.
I would also add a SPF to your DNS record. So that anyone doing RDNS can see that what is your authorized sending server. MS got a wizard here for doing so http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx
I would also add a SPF to your DNS record. So that anyone doing RDNS can see that what is your authorized sending server. MS got a wizard here for doing so http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx
ASKER
i have locked down port 25 a long time ago i will try to lock down port 587. I went into the pix and did a show port on port 25 and found 2 internal ips flooding it with traffic. SO i am going to look at those machines first and see if that is the cause of my problems.
SPF won't help in this case, since all traffic is coming from the pix. Still good to have it.
Has the server been secured?
Do you have lots of messages in your queues?
Are you trying to send NDRs for non-valid users?
Simon.