?
Solved

Email rejected by many organization (SPAM) after changing my DNS server for my domain name.

Posted on 2009-02-09
17
Medium Priority
?
961 Views
Last Modified: 2012-05-06
Hi !

Yesturday, I had changed my public DNS servers for my domain name from
ns1-no-ip.com to ns1.yourhostdns.com
ns2-no-ip.com to ns2.yourhostdns.com
for testing purpose

Then I changed them back to no-ip within 24hours.

This morning mostly all email getting out of my exchange organisation are rejected from many organization (like hotmail, yahoo, private servers) because of spam.

How can I fix that. I did not had this problem before changing my DNS but anyway they are back to the original config.


someoneemail@hotmail.com
bay0-mc4-f13.bay0.hotmail.com #550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support ##
 
and 
 
someoneemail@remax-ducartier.qc.ca
osci.qc.ca #591 someoneemail@remax-ducartier.qc.ca your host [69.70.158.xxx] is blacklisted by sbl-xbl.spamhaus.org. Veuillez envoyer vos question a blacklist-admin@osci.qc.ca ##

Open in new window

0
Comment
Question by:martinlebel
  • 8
  • 5
  • 4
17 Comments
 
LVL 32

Accepted Solution

by:
nappy_d earned 2000 total points
ID: 23591730
go here and do a blacklist search for your IP.  Does it appear on any of the lists?  http://www.mxtoolbox.com/blacklists.aspx?AG=GBL&gclid=CNjz96ryz5gCFRFWagod7TG92A

if it does appear here what is the policy reason that it appears.


0
 

Author Comment

by:martinlebel
ID: 23592654
it does appear
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 23592685
What is the error message that is reported back to you?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 17

Expert Comment

by:Suraj
ID: 23593021

Ok .. here you have a small confusion.......
Mx and other things are used for receiving email and has nothng to do with sending Mails Out...
I guess you are getting Blackilsted ..and that too by spamhaus..
Check if your server is Open for relay....
i guess it would be....

Is this Exchange 2003 or 2007 ?
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23593057
to check if the server is open for relay.
 --> Go to properties of Default smtp virtual server ->access tab--> relay
you should have the first option selected there. "Only the list Below"
and there should be nothng Listed below...
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 23593071
Yeah but what is the reason he is blacklisted.  I bet any money his PTR record is not setup or setup properly.  I would also look at creating an SPF record.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23593127
I agree that some domains require PTR Record to receive emails [IT should be there as per MS recomendation].. BUT if you dont have PTR .. it will never be a reason for Blacklisting...
its setting on the exchange server coz of which exchagne server is sending out spams
SPAM HAUS is a RBL... and it only Blocks iffff it finds some one spamming Out...
so we have to work on that....
0
 

Author Comment

by:martinlebel
ID: 23593144
This is not a new setup here. Exchange Server 2007 is in production since 10 month now and was working perfectly.

I guess two things could have happen here: 1. I got a virus that was sending a lot of spam email during the week-end. or 2. Because I "played" in my DNS records.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 23593162
What is the error that is reported from the mx lookup? Click on it, it will take you to the black list.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23593168
Yups.. thats what i said....

it could be a virus spamming Out.. Or... your server is Open for relay........
please check what i had asked you to.. earlier and let me know...
i will tell u how to stop Spams........
0
 

Author Comment

by:martinlebel
ID: 23593354
I have blocked port 25 from inside to outside on my network (except for my exchange server)

My Exchange Server 2007 server has a "send connector" that "use domain name system (DNS) "MX" records to route mail automatically" and "use the external DNS Lookup settings on the transport server"

I can receive all email so I guess my MX records are okay.

On MXtoolbox.com I am blacklisted on 3 servers (CBL, DNSBLNETAUT1, Spamhaus-ZEN) with error code 127.0.0.2


0
 
LVL 17

Expert Comment

by:Suraj
ID: 23593947
I understand.. that... and thats what i said... MX is for receiving mail... and its is perfect at your end...
can  you tell me what all settings are there on the receive connector ?

if there is any misconfiguration in it.. your server can be open for relay...
Make sure on the receive connector "Externally secured" option is Unchecked.................
and
then follow this :

1)  installed the Agents :
           C:\Program Files\Microsoft\Exchange Server\Script\ Install-AntispamAgents,ps1
2) RESTART THE TRANSPORT SERVICE

3) +> Check if they are installed By : get-TransportAgent

4)  Then go to exchange management console.
Under org configuration..chlck on Hub transport
click on Anti spam tab
And you need to  configure the following:
+> on the IPBlock List provider added

1) Spam Haus
       zen.spamhaus
2) open relay test
       dnsbl.sorbs.net

3) abusive host
      dnsbl.ahbl.org

+> on the Recipient filtering -> Blocked Recipient->checked the option - Block
Message sent to recipient not listed in the Global Address List.
+> on the Sender filtering -> Blocked sender -> checked the option - Block message
from Blank sender.

5) Stop the Microsoft exchange transport service
6) Now open My computer... DRIVE\PROGRAM FILE\MICROSOFT\EXCHANGE SERVER\.... DATA
RENAME THE DATA FOLDER...TO DATAold
7) Restart the Transport service again.........
0
 

Author Closing Comment

by:martinlebel
ID: 31544576
IP address was blocked by CBL and Symantec so many more follow symantec and blocked me. I called my ISP and they did remove the block for me.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23628206
How did your Issue resolved ???
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23628222
nappy_d said its PTR

I Said Black list.... so what resolved the issue ? please reply
0
 

Author Comment

by:martinlebel
ID: 23633015
IP address was blocked by CBL and Symantec so many more follow symantec and blocked me. I called my ISP and they did remove the block for me.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23634921
Then if its Black list.. then points should be given to me right.. coz i had told you that..
the other Expert told you PTR...
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Integration Management Part 2

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question