Solved

MS Exchange black listed with CBL

Posted on 2007-03-19
5
229 Views
Last Modified: 2010-03-06
How does one check and see what is causing a domain to be cbl listed.

I did notice there is no MX record for the mail server. Could that be the cause of the domain being cbl listed?

Thanks
0
Comment
Question by:john_s99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18753032
Do you receive your email directly by SMTP? If so then you need an MX record.
If you don't, then you are probably blacklisted on either lack of reverse DNS, what the machine is announcing itself as or being on a dynamic IP address.

Simon.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753051
I'm not certain, but if you go to their site and lookup your IP (http://cbl.abuseat.org/lookup.cgi) it should provide a link with some possibilities as to why it may have been listed.

Here's another good site if you want to make sure you haven't drifted onto other blacklists as well http://www.robtex.com/rbls.html
0
 

Author Comment

by:john_s99
ID: 18753187

Further to this, the x.x.x.185 is being  reported as cbl listed. Which is the router and not MS Exchange. Is it possible that a workstation is sending out spam or causing the problem of the public ip x.x.x.185 as being cbl listed. The router has nat enabled and any address within the network from x.x.x.50 to x.x.x.100 is mapped to the x.x.x.185 public ip address of the router.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753213
Very likely. I saw this just last week....a client's laptop had a worm that was sending spam - it didn't take too long for the external IP address of their firewall to get blacklisted with CBL. (the person had travelled to a branch office and got their firewall's IP blacklisted as well =)

I'd use some sort of packet sniffer on the internal network and see if any workstations are creating a lot of traffic.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 18753215
If the router has been blacklisted then that sounds like a compromised machine.
Block port 25 on the router and stop SMTP on Exchange. A compromised machine will quickly fill the logs.

Simon.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question