Solved

Email server blacklisted but scans clean

Posted on 2008-10-08
4
301 Views
Last Modified: 2012-05-05
My email server has been put on a blacklist.  However, when I scan my email server for viruses/bots/etc., it scans clean.

My email server is Exchange 5.5 which I am going to upgrade asap.

Since my server scans clean right now, and since I will be upgrading it to a supported version of Exchange, after the upgrade I will still be unsure if I have actually fixed the source of the spam problem.

It would be nice to have something on my local network that can identify a source of spam.

It would also be nice to be able to look at real-time statistics of any spam that supposedly comes from my network.  For example, something that says "On January 1, 2008, we received 100 spam messages originating from ip adress xxx on your domain,  On January 2, 2008, we received 50 spam messages originating from ip adress xxx on your domain,", etc.  This would be a good monitor for me - after upgrading my email server (that I can't seem to find a problem on), I could then see if the number of spam messages originating from my domain has decreased, etc.

Thank you.

0
Comment
Question by:brianp111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 500 total points
ID: 22675773
Have you looked into getting a Barracuda Spam Firewall? http://www.barracudanetworks.com/ns/products/spam_overview.php
It does everything that you mentioned and more.

In regards to your original problem, have you checked to see if your exchange server is acting as an open relay? http://www.spamhelp.org/shopenrelay/shopenrelaytest.php. If it is acting as a relay then you have to secure your server so it does not act as a relay. Here is a exchange 5.5 walk-through, http://unixwiz.net/techtips/exchange55-antirelay.html. Unfortunately there is not a way to setup RBLs in exchange 5.5 without using some third party software or device. Let us know how things go!
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22676032
As far as monitoring goes you can setup wireshark (a free network sniffing software) on a PC with a small hub in line with your router.  

The layout would be the firewall/router connected to a hub.  The Hub connected to your network and to the PC with wireshark.  This would pick up all traffic heading out to the internet and into the network.  You can setup  the wireshark to filter for outbound SMTP packets only so you don't pick up all the other crap going through.

Set it up during the evening and let it run for a whole day.  Then review the logs the next day.  This should tell you if you're sending out spam and which computer it's coming from.
0
 
LVL 6

Expert Comment

by:xfreddie
ID: 22700967
Additionaly i would setup the firewall to only allow the mailserver in your network to sent and receive mail protocols.

Goodluck,
Xfreddie
0
 

Author Closing Comment

by:brianp111
ID: 31504550
Got a Barracuda, works great.  Thanks.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question