Solved

Email server blacklisted but scans clean

Posted on 2008-10-08
4
298 Views
Last Modified: 2012-05-05
My email server has been put on a blacklist.  However, when I scan my email server for viruses/bots/etc., it scans clean.

My email server is Exchange 5.5 which I am going to upgrade asap.

Since my server scans clean right now, and since I will be upgrading it to a supported version of Exchange, after the upgrade I will still be unsure if I have actually fixed the source of the spam problem.

It would be nice to have something on my local network that can identify a source of spam.

It would also be nice to be able to look at real-time statistics of any spam that supposedly comes from my network.  For example, something that says "On January 1, 2008, we received 100 spam messages originating from ip adress xxx on your domain,  On January 2, 2008, we received 50 spam messages originating from ip adress xxx on your domain,", etc.  This would be a good monitor for me - after upgrading my email server (that I can't seem to find a problem on), I could then see if the number of spam messages originating from my domain has decreased, etc.

Thank you.

0
Comment
Question by:brianp111
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 22675773
Have you looked into getting a Barracuda Spam Firewall? http://www.barracudanetworks.com/ns/products/spam_overview.php
It does everything that you mentioned and more.

In regards to your original problem, have you checked to see if your exchange server is acting as an open relay? http://www.spamhelp.org/shopenrelay/shopenrelaytest.php. If it is acting as a relay then you have to secure your server so it does not act as a relay. Here is a exchange 5.5 walk-through, http://unixwiz.net/techtips/exchange55-antirelay.html. Unfortunately there is not a way to setup RBLs in exchange 5.5 without using some third party software or device. Let us know how things go!
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22676032
As far as monitoring goes you can setup wireshark (a free network sniffing software) on a PC with a small hub in line with your router.  

The layout would be the firewall/router connected to a hub.  The Hub connected to your network and to the PC with wireshark.  This would pick up all traffic heading out to the internet and into the network.  You can setup  the wireshark to filter for outbound SMTP packets only so you don't pick up all the other crap going through.

Set it up during the evening and let it run for a whole day.  Then review the logs the next day.  This should tell you if you're sending out spam and which computer it's coming from.
0
 
LVL 6

Expert Comment

by:xfreddie
ID: 22700967
Additionaly i would setup the firewall to only allow the mailserver in your network to sent and receive mail protocols.

Goodluck,
Xfreddie
0
 

Author Closing Comment

by:brianp111
ID: 31504550
Got a Barracuda, works great.  Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now