We help IT Professionals succeed at work.

Hello, how do we problem solve being on a blacklist?

605 Views
Last Modified: 2013-12-09
Hello, how do we problem solve being on a blacklist? Our anti-virus (symantec corporate v.10) and spyware detector are reporting no errors. We have changed our i.p to a static one and got blacklisted immediately with the new one.
Comment
Watch Question

Top Expert 2007

Commented:
Contact the organization the put you on their blacklist and see what you need to do to verify for them that you should not be on it.  If you could provide more information on the specific blacklist on which you have been placed it would be helpful.
Expert of the Year 2007
Expert of the Year 2006

Commented:
That usually means you have a compromised client on the network that is sending out spam. Block port 25 on the firewall for all traffic except the Exchange server and see what happens to the logs. A compromised machine will quickly show in the logs.

If the Exchange server itself is being abused then you can usually tell because the queues will be full of email messages.

The fact that your AV has come up clean means nothing, particularly with the Symantec product. Bot nets are dynamic and constantly updating. They design their "products" not be detected by AV software. Which AV software do you think they will test against? Symantec's.

Simon.
hello
1.please find details of blacklist
Blacklist name: fivetenxxx (ten counts of this blacklist)
miscellaneous address blocks that have sent spam here
Return codes were: 127.0.0.2
ttl 56898

2.Also we are getting this in the application event viewer:
Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      SMTP Protocol
Event ID:      7010
Date:            18/12/2007
Time:            16:35:13
User:            N/A
Computer:      xxxxx
Description:
This is an SMTP protocol log for virtual server ID 1, connection #37. The client at "83.70.170.55" sent a "rcpt" command, and the SMTP server responded with "501 5.5.4 Invalid Address  ". The full command sent was "rcpt TO: <delmer@dreweatt-neate.co.uk:>".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.

3.We have blocked port 25 to all except the exchange server as sambee suggested
There is nothing unusual in the logs of the firewall either.Other than event viewer and the firewall logs is there other logs we should check??
4.The queues are empty in system manager.
5.As far as we can make out there is no open relay as we are getting:
>>> RCPT TO:
<<< 550 5.7.1 Unable to relay for ConfirmedOpenRelay1@mob.net

Q.Can you suggest what we could try next considering we are on a blacklist and can't find any reason why??



Expert of the Year 2007
Expert of the Year 2006
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Top Expert 2007

Commented:
tigermatt - I actually think that Sembee's answer 20501510 should be accepted as the full and complete answer to the post.  My post was really nothing more than a request for more information.  Poster provided additional information and Sembee provided a complete and valid answer.  I won't object to getting partial credit, but in this case I believe full credit should go to Sembee.
Thanks.
michko
Forced accept.

Computer101
EE Admin
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.