Solved

How do I fix the MTA poor reputation?

Posted on 2008-06-10
12
12,921 Views
Last Modified: 2012-06-27
When certain users in my network send outgoing emails I get this message back:

Tue, 10 Jun 2008 15:48:37 -0400
Failed to send to identified host,
*******@cdw.com: [12.32.91.180], 554-mail3.cdw.com
554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
--- Message non-deliverable.


Any ideas?



0
Comment
Question by:GFCU
  • 7
  • 5
12 Comments
 
LVL 23

Accepted Solution

by:
Stacy Spear earned 500 total points
ID: 21759101
You have been identified as sending spam. First thing is secure your server:

http://www.amset.info/exchange/smtp-openrelay.asp
http://www.amset.info/exchange/filter-unknown.asp
http://www.amset.info/exchange/spam-cleanup.asp

The next thing is to ensure that nothing on your network can send port 25 traffic other than your exchange server at your firewall. Also, ensure port 587 is blocked.

After all that is done, go find out where you are blacklisted, www.mxtoolbox.com can help there and follow the procedures to remove yourself. Once removed from the blacklists, that should greatly increase your reputation scores.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21778755
I tried to telnet and in this step:

You should get a response back similar to the following:

220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at

I didn't get anything back.  It said that the connection was lost.  Also I looked up my mail server on mxtoolbox.com and it said:

Relay Check: OK - This server is not an open relay.

That's  right, right?

********************
Also,
The filter check box is not checked, but I don't necessarily want to check it if it opens you up to directory harvest attacks.  Even if you can do that "tar pitting" thing.  What are your thoughts?


********************
Also,
I did that "Check whether you are under an NDR Attack" thing and that came back good - all those other things on the third link that you gave, should I check?

0
 
LVL 1

Author Comment

by:GFCU
ID: 21779027
I can see that I am still listed in the blacklists.

Also, on a side note:
My setup is an internal exchange server, and then off an optional port on my firewall I have a mail filter server that all mail get routed through.  The mail filter server is the server that is blacklisted.  I ran virus checks, took care of all threats, updated the OS, and updated the mail filter app.  Within the mail filter app there is a place where you can check connecting IP Addresses against specified realtime blackhole lists.  Might this be the cause of my problem?  It says that: "This feature can block legitimate mail servers."  And this is checking against three different blacklist sites.

I found where you can put in exclusion servers.  Is this the right track to follow?

0
 
LVL 1

Author Comment

by:GFCU
ID: 21780773
**Is it possible to get put on those blacklists if people that you just send normal email to report you as spam??**
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21781213
No, your server is sending spam, not receiving it. where did you try to connect from? Try it from an external location or via mxtoolbox.com will also show the connection.

Once you lock down your server, then you need to request from each blacklist site to get removed. Some have online forms to do so, but some you may have to call. If you haven't locked it down properly however, you will be back.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21782440
I tried connecting from an outside connection but it was on dial-up and I am wondering if the connection was so slow that it just dropped off.  I am going to try this again as soon as I can - maybe find a higher speed connection.


I did that thing where you can see events in the event viewer and I got this:

This is an SMTP protocol log for virtual server ID 1, connection #2. The client at "<INTERNAL IP ADDRESS>" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for support@domain.com  ". The full command sent was "rcpt TO: <support@domain.com>".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.


Is this supporting evidence that the server is indeed relaying spam?  
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21804820
Was it trying to relay for your own domain or another?

Dialup connection should be plenty fast to allow a hand jammed SMTP test.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21813621
I think that this may be a server inside my organization trying to relay out.


I put where it was not my domain.

This is an SMTP protocol log for virtual server ID 1, connection #2. The client at "<MY DOMAIN INTERNAL IP ADDRESS>" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for support@NOT_MY_DOMAIN.com  ". The full command sent was "rcpt TO: <support@NOT_MY_DOMAIN.com>".  This will probably cause the connection to fail.



I'm working on that telnet test again - I'll let you know what I come up with as soon as the dial-up line here becomes available to me again.  Thanks for your help so far!
0
 
LVL 1

Author Comment

by:GFCU
ID: 21814980
The telnet connection keeps dropping.  I found a website that checks if you are relaying or not and the results looked ok.

I checked all of the things in the articles that you told me about (everything checked out good), updated that server with os updates, filter app updates, anti-virus updates, and also installed other anti-spyware apps and updated them.  I ran scans using the anti-virus software and the anti-spyware software and I deleted/quarantined whatever needed to be.  A couple of days ago I saw that we were not listed on the black list any more.  I did not contact them in anyway asking them to take us off, they just did it automatically.

I think that we are alright for now.    
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21815044
You need to add that internal server to the allowed relay list under the SMTP virtual server properties.
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21815057
Great on the blacklisting. Some of them are pretty asinine on removing server, but as you've seen most are not.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21816285
I think that that IP for that server is already listed within that list.  You mean that relay restriction exception list, right?

Well I really appreciate your help.  Thank you very much.

I'm going to keep a close eye on this issue and the blacklist and see what happens within the next week or so and if I have any issues or get and calls on email issues regarding this, I'm sure you'll most likely be hearing from me again.  Thanks again darkstar3d!
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now