Blacklisted Help

Hello I work for a small consulting company and earlier today we got a call from a client who said their ISP called them to let them know that spam was being sent from their network. I went to the client and ran some scans using wireshark and did not see any mail traffic being sent from anything other than the mail server. The mail server is running Groupwise 7 on a Windows 2003 server. We have an adtran netvanta 2054 firewall and I looked at the allowed connections and did not see anything out of the ordinary. Just to be safe I locked down port 25 outbound on the firewall for everything except the mail server. I looked at our CA Etrust ITM 8.1 logs and did not see any new virus or pest activity on the network(That CA knows about anyway).  I updated signatures and ran manual virus and pest scans on the mail server which did not find anything. I made sure message relaying was turned off which it was. I then sat there and scratched my head. I called the ISP thinking maybe they could give me some helpful information and they couldn't. By now they had been blacklisted by spamhaus and most of their sent messages were undeliverable. I sent a request for removal to spamhaus and went to and checked our MX records and everything was in order. Anyone have any ideas of what else to look into?  Thanks. Also nothing has changed recently. We did upgrade to a new mail server but that was 2-3 months ago. Also it was not my idea to put groupwise on a windows server. lol
Who is Participating?
ChiefITConnect With a Mentor Commented:
You may have a server that is a comprimised open relay.

How to use IIS to configure DNS relay of mail.
Justin DurrantConnect With a Mentor Sr. Engineer - Windows Server/VirtualizationCommented:
billmercerConnect With a Mentor Commented:
"did not see any mail traffic being sent from anything other than the mail server."

Definitely sounds like an open relay to me.
upul007Connect With a Mentor Commented:
use to run a report on your domain. I think they still give you five free trial runs. the tool is DNS report

This can also happen if your domain is spoofed by someone. set up a SPF record for the domain (

Also, you are not responsible if the receiving side cannot do a thorough check from their side but you may suffer is they list you as an openrelay, specially on to a hared DB. Then you need to prove your domains good and get them to set up specific checks when accepting email.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.