Solved

Email server blacklisted but scans clean

Posted on 2008-10-08
4
297 Views
Last Modified: 2012-05-05
My email server has been put on a blacklist.  However, when I scan my email server for viruses/bots/etc., it scans clean.

My email server is Exchange 5.5 which I am going to upgrade asap.

Since my server scans clean right now, and since I will be upgrading it to a supported version of Exchange, after the upgrade I will still be unsure if I have actually fixed the source of the spam problem.

It would be nice to have something on my local network that can identify a source of spam.

It would also be nice to be able to look at real-time statistics of any spam that supposedly comes from my network.  For example, something that says "On January 1, 2008, we received 100 spam messages originating from ip adress xxx on your domain,  On January 2, 2008, we received 50 spam messages originating from ip adress xxx on your domain,", etc.  This would be a good monitor for me - after upgrading my email server (that I can't seem to find a problem on), I could then see if the number of spam messages originating from my domain has decreased, etc.

Thank you.

0
Comment
Question by:brianp111
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 22675773
Have you looked into getting a Barracuda Spam Firewall? http://www.barracudanetworks.com/ns/products/spam_overview.php
It does everything that you mentioned and more.

In regards to your original problem, have you checked to see if your exchange server is acting as an open relay? http://www.spamhelp.org/shopenrelay/shopenrelaytest.php. If it is acting as a relay then you have to secure your server so it does not act as a relay. Here is a exchange 5.5 walk-through, http://unixwiz.net/techtips/exchange55-antirelay.html. Unfortunately there is not a way to setup RBLs in exchange 5.5 without using some third party software or device. Let us know how things go!
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22676032
As far as monitoring goes you can setup wireshark (a free network sniffing software) on a PC with a small hub in line with your router.  

The layout would be the firewall/router connected to a hub.  The Hub connected to your network and to the PC with wireshark.  This would pick up all traffic heading out to the internet and into the network.  You can setup  the wireshark to filter for outbound SMTP packets only so you don't pick up all the other crap going through.

Set it up during the evening and let it run for a whole day.  Then review the logs the next day.  This should tell you if you're sending out spam and which computer it's coming from.
0
 
LVL 6

Expert Comment

by:xfreddie
ID: 22700967
Additionaly i would setup the firewall to only allow the mailserver in your network to sent and receive mail protocols.

Goodluck,
Xfreddie
0
 

Author Closing Comment

by:brianp111
ID: 31504550
Got a Barracuda, works great.  Thanks.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now