?
Solved

MS Exchange black listed with CBL

Posted on 2007-03-19
5
Medium Priority
?
241 Views
Last Modified: 2010-03-06
How does one check and see what is causing a domain to be cbl listed.

I did notice there is no MX record for the mail server. Could that be the cause of the domain being cbl listed?

Thanks
0
Comment
Question by:john_s99
  • 2
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18753032
Do you receive your email directly by SMTP? If so then you need an MX record.
If you don't, then you are probably blacklisted on either lack of reverse DNS, what the machine is announcing itself as or being on a dynamic IP address.

Simon.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753051
I'm not certain, but if you go to their site and lookup your IP (http://cbl.abuseat.org/lookup.cgi) it should provide a link with some possibilities as to why it may have been listed.

Here's another good site if you want to make sure you haven't drifted onto other blacklists as well http://www.robtex.com/rbls.html
0
 

Author Comment

by:john_s99
ID: 18753187

Further to this, the x.x.x.185 is being  reported as cbl listed. Which is the router and not MS Exchange. Is it possible that a workstation is sending out spam or causing the problem of the public ip x.x.x.185 as being cbl listed. The router has nat enabled and any address within the network from x.x.x.50 to x.x.x.100 is mapped to the x.x.x.185 public ip address of the router.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753213
Very likely. I saw this just last week....a client's laptop had a worm that was sending spam - it didn't take too long for the external IP address of their firewall to get blacklisted with CBL. (the person had travelled to a branch office and got their firewall's IP blacklisted as well =)

I'd use some sort of packet sniffer on the internal network and see if any workstations are creating a lot of traffic.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 18753215
If the router has been blacklisted then that sounds like a compromised machine.
Block port 25 on the router and stop SMTP on Exchange. A compromised machine will quickly fill the logs.

Simon.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question