Solved

MS Exchange black listed with CBL

Posted on 2007-03-19
5
220 Views
Last Modified: 2010-03-06
How does one check and see what is causing a domain to be cbl listed.

I did notice there is no MX record for the mail server. Could that be the cause of the domain being cbl listed?

Thanks
0
Comment
Question by:john_s99
  • 2
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 18753032
Do you receive your email directly by SMTP? If so then you need an MX record.
If you don't, then you are probably blacklisted on either lack of reverse DNS, what the machine is announcing itself as or being on a dynamic IP address.

Simon.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753051
I'm not certain, but if you go to their site and lookup your IP (http://cbl.abuseat.org/lookup.cgi) it should provide a link with some possibilities as to why it may have been listed.

Here's another good site if you want to make sure you haven't drifted onto other blacklists as well http://www.robtex.com/rbls.html
0
 

Author Comment

by:john_s99
ID: 18753187

Further to this, the x.x.x.185 is being  reported as cbl listed. Which is the router and not MS Exchange. Is it possible that a workstation is sending out spam or causing the problem of the public ip x.x.x.185 as being cbl listed. The router has nat enabled and any address within the network from x.x.x.50 to x.x.x.100 is mapped to the x.x.x.185 public ip address of the router.
0
 
LVL 19

Expert Comment

by:aissim
ID: 18753213
Very likely. I saw this just last week....a client's laptop had a worm that was sending spam - it didn't take too long for the external IP address of their firewall to get blacklisted with CBL. (the person had travelled to a branch office and got their firewall's IP blacklisted as well =)

I'd use some sort of packet sniffer on the internal network and see if any workstations are creating a lot of traffic.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 18753215
If the router has been blacklisted then that sounds like a compromised machine.
Block port 25 on the router and stop SMTP on Exchange. A compromised machine will quickly fill the logs.

Simon.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now