Solved

Blacklisted Help

Posted on 2008-10-01
5
478 Views
Last Modified: 2013-11-12
Hello I work for a small consulting company and earlier today we got a call from a client who said their ISP called them to let them know that spam was being sent from their network. I went to the client and ran some scans using wireshark and did not see any mail traffic being sent from anything other than the mail server. The mail server is running Groupwise 7 on a Windows 2003 server. We have an adtran netvanta 2054 firewall and I looked at the allowed connections and did not see anything out of the ordinary. Just to be safe I locked down port 25 outbound on the firewall for everything except the mail server. I looked at our CA Etrust ITM 8.1 logs and did not see any new virus or pest activity on the network(That CA knows about anyway).  I updated signatures and ran manual virus and pest scans on the mail server which did not find anything. I made sure message relaying was turned off which it was. I then sat there and scratched my head. I called the ISP thinking maybe they could give me some helpful information and they couldn't. By now they had been blacklisted by spamhaus and most of their sent messages were undeliverable. I sent a request for removal to spamhaus and went to iptools.com and checked our MX records and everything was in order. Anyone have any ideas of what else to look into?  Thanks. Also nothing has changed recently. We did upgrade to a new mail server but that was 2-3 months ago. Also it was not my idea to put groupwise on a windows server. lol
0
Comment
Question by:cwilhelm83
5 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 125 total points
ID: 22621459
You may have a server that is a comprimised open relay.
 http://en.wikipedia.org/wiki/Open_mail_relay

How to use IIS to configure DNS relay of mail.
http://support.microsoft.com/kb/230235
0
 
LVL 23

Assisted Solution

by:Justin Durrant
Justin Durrant earned 125 total points
ID: 22624193
0
 
LVL 19

Assisted Solution

by:billmercer
billmercer earned 125 total points
ID: 22741772
"did not see any mail traffic being sent from anything other than the mail server."

Definitely sounds like an open relay to me.
0
 
LVL 17

Assisted Solution

by:upul007
upul007 earned 125 total points
ID: 23110618
use www.dnsstuff.com to run a report on your domain. I think they still give you five free trial runs. the tool is DNS report

This can also happen if your domain is spoofed by someone. set up a SPF record for the domain (www.openspf.org)

Also, you are not responsible if the receiving side cannot do a thorough check from their side but you may suffer is they list you as an openrelay, specially on to a hared DB. Then you need to prove your domains good and get them to set up specific checks when accepting email.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Regular maintenance of GroupWise Mailbox keeps it running flawlessly. Sometimes, it is also seen that mailbox maintenance is needed for resolving various issues of mailbox and other Novell GroupWise database. By using the ‘Repair Mailbox’ feature, a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now