BlackList removal

Posted on 2007-08-08
Medium Priority
Last Modified: 2008-01-09
I have SBS2003 and we keep getting put on a blacklist for spam.  The network has 10 pc and 1 server.  How can I find out where the spam is coming from?  Is their something I can log on my server?
Question by:vincew35
LVL 28

Accepted Solution

peakpeak earned 672 total points
ID: 19654933
The spam is most probably relayed from your server, i.e you have an open relay. That's something not good. You need to close the open relay:
LVL 19

Assisted Solution

aissim earned 664 total points
ID: 19654949
First step would be to go to the site that is blacklisting you - many times they will provide details of the message(s) that caused the listing.

Secondly, more often than not it's a client machine on your network that is infected with some sort of mass mailing worm. These worms rarely relay spam through your server - they simply use their own SMTP engine and broadcast messages direct from the client PC, through your firewall, out to the Internet (which is why your external IP winds up on the blacklist).

You're probably better off checking traffic at the firewall, or some sort of packet sniffer to see where the traffic is originating from.
LVL 23

Expert Comment

ID: 19655108
No matter if you can find the offending PC or PCs you need to clean them anyway. So I would suggest investing on a decent AV software (server & clients) and scan each PC to clean any virus.
LVL 104

Assisted Solution

Sembee earned 664 total points
ID: 19655360
If your server is being abused you can tell. There will be lots of messages stuck in the queues as the lists spammers use are not that clean.
However if you send email via your ISPs server then the queues will be clean, so it is not a 100% foolproof test unless you know how your server delivers email.

The most likely cause is a compromised workstation. The quick and dirty method to find the workstation is to block port 25 on the firewall, and then stop Exchange from sending email and wait. A compromised machine will quickly show in the logs.


Expert Comment

ID: 20212124
Forced accept.

EE Admin

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question