BlackList removal

Posted on 2007-08-08
Last Modified: 2008-01-09
I have SBS2003 and we keep getting put on a blacklist for spam.  The network has 10 pc and 1 server.  How can I find out where the spam is coming from?  Is their something I can log on my server?
Question by:vincew35
    LVL 28

    Accepted Solution

    The spam is most probably relayed from your server, i.e you have an open relay. That's something not good. You need to close the open relay:
    LVL 19

    Assisted Solution

    First step would be to go to the site that is blacklisting you - many times they will provide details of the message(s) that caused the listing.

    Secondly, more often than not it's a client machine on your network that is infected with some sort of mass mailing worm. These worms rarely relay spam through your server - they simply use their own SMTP engine and broadcast messages direct from the client PC, through your firewall, out to the Internet (which is why your external IP winds up on the blacklist).

    You're probably better off checking traffic at the firewall, or some sort of packet sniffer to see where the traffic is originating from.
    LVL 23

    Expert Comment

    No matter if you can find the offending PC or PCs you need to clean them anyway. So I would suggest investing on a decent AV software (server & clients) and scan each PC to clean any virus.
    LVL 104

    Assisted Solution

    If your server is being abused you can tell. There will be lots of messages stuck in the queues as the lists spammers use are not that clean.
    However if you send email via your ISPs server then the queues will be clean, so it is not a 100% foolproof test unless you know how your server delivers email.

    The most likely cause is a compromised workstation. The quick and dirty method to find the workstation is to block port 25 on the firewall, and then stop Exchange from sending email and wait. A compromised machine will quickly show in the logs.

    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Easy CSR creation in Exchange 2007,2010 and 2013
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now