BlackList removal

I have SBS2003 and we keep getting put on a blacklist for spam.  The network has 10 pc and 1 server.  How can I find out where the spam is coming from?  Is their something I can log on my server?
vincew35Asked:
Who is Participating?
 
peakpeakConnect With a Mentor Commented:
The spam is most probably relayed from your server, i.e you have an open relay. That's something not good. You need to close the open relay:
http://support.microsoft.com/kb/324958
0
 
aissimConnect With a Mentor Commented:
First step would be to go to the site that is blacklisting you - many times they will provide details of the message(s) that caused the listing.

Secondly, more often than not it's a client machine on your network that is infected with some sort of mass mailing worm. These worms rarely relay spam through your server - they simply use their own SMTP engine and broadcast messages direct from the client PC, through your firewall, out to the Internet (which is why your external IP winds up on the blacklist).

You're probably better off checking traffic at the firewall, or some sort of packet sniffer to see where the traffic is originating from.
0
 
ormerodrutterCommented:
No matter if you can find the offending PC or PCs you need to clean them anyway. So I would suggest investing on a decent AV software (server & clients) and scan each PC to clean any virus.
0
 
SembeeConnect With a Mentor Commented:
If your server is being abused you can tell. There will be lots of messages stuck in the queues as the lists spammers use are not that clean.
However if you send email via your ISPs server then the queues will be clean, so it is not a 100% foolproof test unless you know how your server delivers email.

The most likely cause is a compromised workstation. The quick and dirty method to find the workstation is to block port 25 on the firewall, and then stop Exchange from sending email and wait. A compromised machine will quickly show in the logs.

Simon.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.