[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 711
  • Last Modified:

Exchange Server 2003 on SBS 2003 Sending Spam

I have an SBS 2003 with exchange 2003 and I keep getting blacklisted for spamming.
I have blocked relaying as much as I think it needs to be and cant find these sent spam on exchange manager anywhere.
Can anyone help me first to find if I really am sending spam then help me block it.

Thanks
0
easiman
Asked:
easiman
  • 5
  • 3
  • 2
  • +1
1 Solution
 
plug1Commented:
If your getting blacklisted then your spamming, simple as. You say you have blocked relaying as much as you think it needs to be? It should be blocked full stop, the only computers that should be allowed to relay are computers that have authenticated and any other servers that you 100% trust?

The other option is that its not your servers sending the spam but a client PC doing it. If this is the case then you need to virus check all your pcs's but in the short term you can block outging connections on port 25 from everywhere other than your server.
0
 
Hedley PhillipsCommented:
Try:

You could set it to not accept messages for non existant users:

http://www.amset.info/exchange/filter-unknown.asp

and run through these:

a) Check the mail smtp queues in Exchange System Manager to see if there is unusual activity.

b) Do a DNS test at http://member.dnsstuff.com/pages/dnsreport.php

c) See if you are blacklisted at http://www.robtex.com/

d)  In case you need to secure your server:
http://technet.microsoft.com/en-us/library/bb123843.aspx
http://www.microsoft.com/technet/security/prodtech/exchangeserver/excrelay.mspx

e) Run a relay check, eg: www.checkor.com/
0
 
vsalyanCommented:
You should also get yourself a good e-mail scanning / spam control solution.  There are several good ones online like Appriver (www.appriver.com) and Postini (www.postini.com).  If you want to manage it yourself you could look in to one of the software or hardware solutions out there like Brightmail.

Most of these will scan both inbound and outbound mail.  The hosted solutions act as Smarthosts for you to send your mail through.  You configure your Exchange server to deliver all mail to the Smarthost, you set your SMTP virtual server to ONLY receive e-mail from the spam service and then they are 100% responsible for making sure no spam comes IN or OUT of your organization.

Their fees are reasonable and they're really good at filtering out just the spam most of the time.  The other benefit here is that if your e-mail server or internet connection go down, the spam service acts as a primary mail server for you, holding your mail, until your system comes back up.  In this way, your customers/partners don't receive non-delivery messages... which makes you look bad.

Mr-Madcowz had good information on getting off the blacklists, but if you want to just bypass the whole issue and not have to deal with blacklisting anymore then outsource using an anti-spam service.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
easimanAuthor Commented:
Thanks Guys,
I've checked all Madcows recommendations and we have everything as it's supposed to be. The only thing I noticed was that My ISP had no reverse DNS for us. But I would have assumed that if this was the reason we were blacklisted before and were allowed to be removed, this could not be a reason to be relisted. Is this correct?

The only other thing I can think of is if PC's are infected as plug suggests. We are currently running AV on all pc's to find out.

Finally I would like to configure plug1's suggestion to block all outgoing mail on port 25 except from server. Is this possible if all PC's are connected to the internet through the server?
0
 
Hedley PhillipsCommented:
You should be able to set up a rule in your LAN -> WAN on the Firewall and have it so that only the Exchange server can route through Port 25.  
0
 
plug1Commented:
If all traffic is router through youir server then the rule would have to be applied at the server level, this might not be possible if your only using routing and remote access on the server.
0
 
easimanAuthor Commented:
Our Setup is Adsl internet connection through linksys router firewalled, to sbs 2003, to all PCs.
So if any PC sends mail via port 25 surely it will go to server first then router so any rule at router is invalid. This is what I would assume.?
Our sbs 2003 is the standard version we dont have any 3rd party firewall installed on it, just RRA as plug1 suggested.
Anyone any ideas where I can go from here?
I do accept I can go third party as vsalyan suggest but I would prefer to get my own system set up as best as it can be.
Thanks
0
 
plug1Commented:
You could stop the pcs from using ther server for weba ccessa by putting the router directly onto the network and changing the dhcp lease to reflect the router as the default gateway. you would need to alter the lan settings of the router and then create your rules.
0
 
plug1Commented:
Even if you go 3rd party it ouldnt solve your current problem tbh, just mask it.
0
 
easimanAuthor Commented:
Hi guys sorry for the delay in responce on this one. I've been back and forward many times but have got sorted. Turns out we aren't sending spam the prob is completely with ISP in not giving us a reverse dns entry. (their policy, so I'm told) My ISP by the way is 'TALK TALK' in the UK, so if anyone in the UK has this Prob I hope this entry saves you a lot of time. The only way to get around the problem is to relay all smtp mail through the ISP mail servers so it is their server and IP that are tested not ours. Thanks for all your help folks.
0
 
plug1Commented:
Thanks for the update. At least its sorted. We have customers on talk talk so Ill bear this in mind.

Cheers
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now