• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

Blacklisted Help

Hello I work for a small consulting company and earlier today we got a call from a client who said their ISP called them to let them know that spam was being sent from their network. I went to the client and ran some scans using wireshark and did not see any mail traffic being sent from anything other than the mail server. The mail server is running Groupwise 7 on a Windows 2003 server. We have an adtran netvanta 2054 firewall and I looked at the allowed connections and did not see anything out of the ordinary. Just to be safe I locked down port 25 outbound on the firewall for everything except the mail server. I looked at our CA Etrust ITM 8.1 logs and did not see any new virus or pest activity on the network(That CA knows about anyway).  I updated signatures and ran manual virus and pest scans on the mail server which did not find anything. I made sure message relaying was turned off which it was. I then sat there and scratched my head. I called the ISP thinking maybe they could give me some helpful information and they couldn't. By now they had been blacklisted by spamhaus and most of their sent messages were undeliverable. I sent a request for removal to spamhaus and went to iptools.com and checked our MX records and everything was in order. Anyone have any ideas of what else to look into?  Thanks. Also nothing has changed recently. We did upgrade to a new mail server but that was 2-3 months ago. Also it was not my idea to put groupwise on a windows server. lol
0
cwilhelm83
Asked:
cwilhelm83
4 Solutions
 
ChiefITCommented:
You may have a server that is a comprimised open relay.
 http://en.wikipedia.org/wiki/Open_mail_relay

How to use IIS to configure DNS relay of mail.
http://support.microsoft.com/kb/230235
0
 
Justin DurrantCommented:
0
 
billmercerCommented:
"did not see any mail traffic being sent from anything other than the mail server."

Definitely sounds like an open relay to me.
0
 
upul007Commented:
use www.dnsstuff.com to run a report on your domain. I think they still give you five free trial runs. the tool is DNS report

This can also happen if your domain is spoofed by someone. set up a SPF record for the domain (www.openspf.org)

Also, you are not responsible if the receiving side cannot do a thorough check from their side but you may suffer is they list you as an openrelay, specially on to a hared DB. Then you need to prove your domains good and get them to set up specific checks when accepting email.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now