Solved

Blacklisted Help

Posted on 2008-10-01
5
481 Views
Last Modified: 2013-11-12
Hello I work for a small consulting company and earlier today we got a call from a client who said their ISP called them to let them know that spam was being sent from their network. I went to the client and ran some scans using wireshark and did not see any mail traffic being sent from anything other than the mail server. The mail server is running Groupwise 7 on a Windows 2003 server. We have an adtran netvanta 2054 firewall and I looked at the allowed connections and did not see anything out of the ordinary. Just to be safe I locked down port 25 outbound on the firewall for everything except the mail server. I looked at our CA Etrust ITM 8.1 logs and did not see any new virus or pest activity on the network(That CA knows about anyway).  I updated signatures and ran manual virus and pest scans on the mail server which did not find anything. I made sure message relaying was turned off which it was. I then sat there and scratched my head. I called the ISP thinking maybe they could give me some helpful information and they couldn't. By now they had been blacklisted by spamhaus and most of their sent messages were undeliverable. I sent a request for removal to spamhaus and went to iptools.com and checked our MX records and everything was in order. Anyone have any ideas of what else to look into?  Thanks. Also nothing has changed recently. We did upgrade to a new mail server but that was 2-3 months ago. Also it was not my idea to put groupwise on a windows server. lol
0
Comment
Question by:cwilhelm83
5 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 125 total points
ID: 22621459
You may have a server that is a comprimised open relay.
 http://en.wikipedia.org/wiki/Open_mail_relay

How to use IIS to configure DNS relay of mail.
http://support.microsoft.com/kb/230235
0
 
LVL 23

Assisted Solution

by:Justin Durrant
Justin Durrant earned 125 total points
ID: 22624193
0
 
LVL 19

Assisted Solution

by:billmercer
billmercer earned 125 total points
ID: 22741772
"did not see any mail traffic being sent from anything other than the mail server."

Definitely sounds like an open relay to me.
0
 
LVL 17

Assisted Solution

by:upul007
upul007 earned 125 total points
ID: 23110618
use www.dnsstuff.com to run a report on your domain. I think they still give you five free trial runs. the tool is DNS report

This can also happen if your domain is spoofed by someone. set up a SPF record for the domain (www.openspf.org)

Also, you are not responsible if the receiving side cannot do a thorough check from their side but you may suffer is they list you as an openrelay, specially on to a hared DB. Then you need to prove your domains good and get them to set up specific checks when accepting email.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question