Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Email server blacklisted but scans clean

Posted on 2008-10-08
4
Medium Priority
?
309 Views
Last Modified: 2012-05-05
My email server has been put on a blacklist.  However, when I scan my email server for viruses/bots/etc., it scans clean.

My email server is Exchange 5.5 which I am going to upgrade asap.

Since my server scans clean right now, and since I will be upgrading it to a supported version of Exchange, after the upgrade I will still be unsure if I have actually fixed the source of the spam problem.

It would be nice to have something on my local network that can identify a source of spam.

It would also be nice to be able to look at real-time statistics of any spam that supposedly comes from my network.  For example, something that says "On January 1, 2008, we received 100 spam messages originating from ip adress xxx on your domain,  On January 2, 2008, we received 50 spam messages originating from ip adress xxx on your domain,", etc.  This would be a good monitor for me - after upgrading my email server (that I can't seem to find a problem on), I could then see if the number of spam messages originating from my domain has decreased, etc.

Thank you.

0
Comment
Question by:brianp111
4 Comments
 
LVL 7

Accepted Solution

by:
namol earned 1500 total points
ID: 22675773
Have you looked into getting a Barracuda Spam Firewall? http://www.barracudanetworks.com/ns/products/spam_overview.php
It does everything that you mentioned and more.

In regards to your original problem, have you checked to see if your exchange server is acting as an open relay? http://www.spamhelp.org/shopenrelay/shopenrelaytest.php. If it is acting as a relay then you have to secure your server so it does not act as a relay. Here is a exchange 5.5 walk-through, http://unixwiz.net/techtips/exchange55-antirelay.html. Unfortunately there is not a way to setup RBLs in exchange 5.5 without using some third party software or device. Let us know how things go!
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22676032
As far as monitoring goes you can setup wireshark (a free network sniffing software) on a PC with a small hub in line with your router.  

The layout would be the firewall/router connected to a hub.  The Hub connected to your network and to the PC with wireshark.  This would pick up all traffic heading out to the internet and into the network.  You can setup  the wireshark to filter for outbound SMTP packets only so you don't pick up all the other crap going through.

Set it up during the evening and let it run for a whole day.  Then review the logs the next day.  This should tell you if you're sending out spam and which computer it's coming from.
0
 
LVL 6

Expert Comment

by:xfreddie
ID: 22700967
Additionaly i would setup the firewall to only allow the mailserver in your network to sent and receive mail protocols.

Goodluck,
Xfreddie
0
 

Author Closing Comment

by:brianp111
ID: 31504550
Got a Barracuda, works great.  Thanks.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question