Solved

How do I fix the MTA poor reputation?

Posted on 2008-06-10
12
12,989 Views
Last Modified: 2012-06-27
When certain users in my network send outgoing emails I get this message back:

Tue, 10 Jun 2008 15:48:37 -0400
Failed to send to identified host,
*******@cdw.com: [12.32.91.180], 554-mail3.cdw.com
554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
--- Message non-deliverable.


Any ideas?



0
Comment
Question by:GFCU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 23

Accepted Solution

by:
Stacy Spear earned 500 total points
ID: 21759101
You have been identified as sending spam. First thing is secure your server:

http://www.amset.info/exchange/smtp-openrelay.asp
http://www.amset.info/exchange/filter-unknown.asp
http://www.amset.info/exchange/spam-cleanup.asp

The next thing is to ensure that nothing on your network can send port 25 traffic other than your exchange server at your firewall. Also, ensure port 587 is blocked.

After all that is done, go find out where you are blacklisted, www.mxtoolbox.com can help there and follow the procedures to remove yourself. Once removed from the blacklists, that should greatly increase your reputation scores.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21778755
I tried to telnet and in this step:

You should get a response back similar to the following:

220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at

I didn't get anything back.  It said that the connection was lost.  Also I looked up my mail server on mxtoolbox.com and it said:

Relay Check: OK - This server is not an open relay.

That's  right, right?

********************
Also,
The filter check box is not checked, but I don't necessarily want to check it if it opens you up to directory harvest attacks.  Even if you can do that "tar pitting" thing.  What are your thoughts?


********************
Also,
I did that "Check whether you are under an NDR Attack" thing and that came back good - all those other things on the third link that you gave, should I check?

0
 
LVL 1

Author Comment

by:GFCU
ID: 21779027
I can see that I am still listed in the blacklists.

Also, on a side note:
My setup is an internal exchange server, and then off an optional port on my firewall I have a mail filter server that all mail get routed through.  The mail filter server is the server that is blacklisted.  I ran virus checks, took care of all threats, updated the OS, and updated the mail filter app.  Within the mail filter app there is a place where you can check connecting IP Addresses against specified realtime blackhole lists.  Might this be the cause of my problem?  It says that: "This feature can block legitimate mail servers."  And this is checking against three different blacklist sites.

I found where you can put in exclusion servers.  Is this the right track to follow?

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:GFCU
ID: 21780773
**Is it possible to get put on those blacklists if people that you just send normal email to report you as spam??**
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21781213
No, your server is sending spam, not receiving it. where did you try to connect from? Try it from an external location or via mxtoolbox.com will also show the connection.

Once you lock down your server, then you need to request from each blacklist site to get removed. Some have online forms to do so, but some you may have to call. If you haven't locked it down properly however, you will be back.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21782440
I tried connecting from an outside connection but it was on dial-up and I am wondering if the connection was so slow that it just dropped off.  I am going to try this again as soon as I can - maybe find a higher speed connection.


I did that thing where you can see events in the event viewer and I got this:

This is an SMTP protocol log for virtual server ID 1, connection #2. The client at "<INTERNAL IP ADDRESS>" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for support@domain.com  ". The full command sent was "rcpt TO: <support@domain.com>".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.


Is this supporting evidence that the server is indeed relaying spam?  
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21804820
Was it trying to relay for your own domain or another?

Dialup connection should be plenty fast to allow a hand jammed SMTP test.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21813621
I think that this may be a server inside my organization trying to relay out.


I put where it was not my domain.

This is an SMTP protocol log for virtual server ID 1, connection #2. The client at "<MY DOMAIN INTERNAL IP ADDRESS>" sent a "rcpt" command, and the SMTP server responded with "550 5.7.1 Unable to relay for support@NOT_MY_DOMAIN.com  ". The full command sent was "rcpt TO: <support@NOT_MY_DOMAIN.com>".  This will probably cause the connection to fail.



I'm working on that telnet test again - I'll let you know what I come up with as soon as the dial-up line here becomes available to me again.  Thanks for your help so far!
0
 
LVL 1

Author Comment

by:GFCU
ID: 21814980
The telnet connection keeps dropping.  I found a website that checks if you are relaying or not and the results looked ok.

I checked all of the things in the articles that you told me about (everything checked out good), updated that server with os updates, filter app updates, anti-virus updates, and also installed other anti-spyware apps and updated them.  I ran scans using the anti-virus software and the anti-spyware software and I deleted/quarantined whatever needed to be.  A couple of days ago I saw that we were not listed on the black list any more.  I did not contact them in anyway asking them to take us off, they just did it automatically.

I think that we are alright for now.    
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21815044
You need to add that internal server to the allowed relay list under the SMTP virtual server properties.
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 500 total points
ID: 21815057
Great on the blacklisting. Some of them are pretty asinine on removing server, but as you've seen most are not.
0
 
LVL 1

Author Comment

by:GFCU
ID: 21816285
I think that that IP for that server is already listed within that list.  You mean that relay restriction exception list, right?

Well I really appreciate your help.  Thank you very much.

I'm going to keep a close eye on this issue and the blacklist and see what happens within the next week or so and if I have any issues or get and calls on email issues regarding this, I'm sure you'll most likely be hearing from me again.  Thanks again darkstar3d!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question