Hello, how do we problem solve being on a blacklist?
Hello, how do we problem solve being on a blacklist? Our anti-virus (symantec corporate v.10) and spyware detector are reporting no errors. We have changed our i.p to a static one and got blacklisted immediately with the new one.
michko
Contact the organization the put you on their blacklist and see what you need to do to verify for them that you should not be on it. If you could provide more information on the specific blacklist on which you have been placed it would be helpful.
That usually means you have a compromised client on the network that is sending out spam. Block port 25 on the firewall for all traffic except the Exchange server and see what happens to the logs. A compromised machine will quickly show in the logs.
If the Exchange server itself is being abused then you can usually tell because the queues will be full of email messages.
The fact that your AV has come up clean means nothing, particularly with the Symantec product. Bot nets are dynamic and constantly updating. They design their "products" not be detected by AV software. Which AV software do you think they will test against? Symantec's.
Simon.
If the Exchange server itself is being abused then you can usually tell because the queues will be full of email messages.
The fact that your AV has come up clean means nothing, particularly with the Symantec product. Bot nets are dynamic and constantly updating. They design their "products" not be detected by AV software. Which AV software do you think they will test against? Symantec's.
Simon.
hello
1.please find details of blacklist
Blacklist name: fivetenxxx (ten counts of this blacklist)
miscellaneous address blocks that have sent spam here
Return codes were: 127.0.0.2
ttl 56898
2.Also we are getting this in the application event viewer:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 18/12/2007
Time: 16:35:13
User: N/A
Computer: xxxxx
Description:
This is an SMTP protocol log for virtual server ID 1, connection #37. The client at "83.70.170.55" sent a "rcpt" command, and the SMTP server responded with "501 5.5.4 Invalid Address ". The full command sent was "rcpt TO: <delmer@dreweatt-neate.co.
For more information, click http://www.microsoft.com/contentredirect.asp.
3.We have blocked port 25 to all except the exchange server as sambee suggested
There is nothing unusual in the logs of the firewall either.Other than event viewer and the firewall logs is there other logs we should check??
4.The queues are empty in system manager.
5.As far as we can make out there is no open relay as we are getting:
>>> RCPT TO:
<<< 550 5.7.1 Unable to relay for ConfirmedOpenRelay1@mob.ne
Q.Can you suggest what we could try next considering we are on a blacklist and can't find any reason why??
1.please find details of blacklist
Blacklist name: fivetenxxx (ten counts of this blacklist)
miscellaneous address blocks that have sent spam here
Return codes were: 127.0.0.2
ttl 56898
2.Also we are getting this in the application event viewer:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 18/12/2007
Time: 16:35:13
User: N/A
Computer: xxxxx
Description:
This is an SMTP protocol log for virtual server ID 1, connection #37. The client at "83.70.170.55" sent a "rcpt" command, and the SMTP server responded with "501 5.5.4 Invalid Address ". The full command sent was "rcpt TO: <delmer@dreweatt-neate.co.
For more information, click http://www.microsoft.com/contentredirect.asp.
3.We have blocked port 25 to all except the exchange server as sambee suggested
There is nothing unusual in the logs of the firewall either.Other than event viewer and the firewall logs is there other logs we should check??
4.The queues are empty in system manager.
5.As far as we can make out there is no open relay as we are getting:
>>> RCPT TO:
<<< 550 5.7.1 Unable to relay for ConfirmedOpenRelay1@mob.ne
Q.Can you suggest what we could try next considering we are on a blacklist and can't find any reason why??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tigermatt - I actually think that Sembee's answer 20501510 should be accepted as the full and complete answer to the post. My post was really nothing more than a request for more information. Poster provided additional information and Sembee provided a complete and valid answer. I won't object to getting partial credit, but in this case I believe full credit should go to Sembee.
Thanks.
michko
Thanks.
michko
Forced accept.
Computer101
EE Admin
Computer101
EE Admin