• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1365
  • Last Modified:

Our Exchange Server is blacklisted

Our Exchange Server's IP address appears to be blacklisted. Whenever emails are sent to specific domains they get delayed and eventually bounce back. I have tried to do an SMTP connection to the MX servers used by these domains and the connection times out. However, if I make the same connection from a different server on our network the connection is successful.

These are the MX servers I am unable to connect to:
athena.hosts.co.uk, hermes.hosts.co.uk

Do you know what spam lists these MX servers use and how we can remove our server's IP address from them?

Also, is it possible to shorten the length of time an email tries to be delivered before an NDR is generated?
0
jpguillebaud
Asked:
jpguillebaud
  • 6
  • 6
  • 2
  • +1
1 Solution
 
Ken FayalCommented:
First, it may be a good investment to get a subscription to DNSStuff.com, but you can do one free test initially I think.  They have a nice test to see where you might be blacklisted on many many blacklist servers.  If you are blacklisted, usually it is because you have had SMTP relaying on and someone has abused it.  In order to get removed from those blacklist servers, you have to submit a request to be removed, but they want to  test you before removing.  Each blacklist has a different process.  I feel for you, it is a time consuming process to be removed.

It sounds as if you are being bombarded with spam - the reason I say this is because you are asking about NDRs.

I would temporarily turn off all NDR's for the next couple of days and then turn them back on and monitor for any more bombardments.  And turn off Relaying.  DNSStuff.com (along with others) has a tool for testing of you are allowing SMTP relaying.  Microsoft has an knowledgebase article on how to test if Exchange is open for relaying as well.

Hope this helps.
0
 
gupnitCommented:
Hi,
  • First things first go to www.mxtoolbox.com and verify that your domain has a RDNS and SPF record, if not then ask your ISP or who ever is responsible to create one.
  • Now make sure that you are not an open relay: http://www.amset.info/exchange/smtp-openrelay.asp as it would result in you being blacklisted.
  • Also on www.mxtoolbox.com verify if you are on any Blacklists
  • As far as those 2 domains is concerned, best thing is to talk to Admins of those domains and find out if they have also blocked you
Let me know
Thanks
Nitin Gupta (gupnit)
0
 
jpguillebaudAuthor Commented:
KaptainKenbo,
You seem to have misunderstood my second question. Because some of our outgoing emails are being blocked, we would like to receive the NDR reports for such emails sooner. It is currently taking 48 hours before we receive such a report, hence we assume that the email has already reached the destination. Is it possible to change something in Exchange 2003 to cause it generate an NDR sooner, say after 6 hours?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Ken FayalCommented:
Ah.. ok.  I see what you mean.  I think you can change the message delivery retry level.  Instructions are here:

http://technet.microsoft.com/en-us/library/aa998772.aspx
0
 
jpguillebaudAuthor Commented:
I think I have found the reason for the problem. We have recently been using our Exchange Server to send emails from a different domain since we are sharing it with a different company in the same building! Is this likely to explain it?

Is there a way to configure Exchange 2003 to allow emails to be sent from different domains without resulting in this blockage?
0
 
Ken FayalCommented:
Yes, you can enable SMTP Relaying from only certain IP Addresses.  This allows the relaying, but only for a select set of IP addresses, which would be acceptable by blacklist servers, but most likely you did not get blacklisted because of your legitimate use of the server.  Most likely someone took advantage of the fact that you had SMTP relaying open and was sending SPAM out of your exchange server's IP address.

To restrict SMTP relaying, here is a good article for it:

http://technet.microsoft.com/en-us/library/dd277329.aspx

0
 
Ken FayalCommented:
You can also restrict it to certain domains.  But this is more risky than restricting it to certain IP addresses.
0
 
gupnitCommented:
I have already covered Relay in my previous comment. Anyway, seems jpguillebaud, is not keen on responding.
Enjoy, I am out of this question
Thanks
Nitin
0
 
jpguillebaudAuthor Commented:
Again, you have not understood my question! Our server is configured for domain1.co.uk and recently we have allowed someone to send emails with a FROM address on domain2.co.uk through this same server. I expect that the destination SMTP server(s) expect to see emails with a FROM address of the form: user@domain1.co.uk and hence has blocked our server's IP address since it recently sent emails with a FROM address of the form: user@domain2.co.uk.
0
 
MesthaCommented:
Allowing another domain to relay through your server would not cause it to be blacklisted, as long as you didn't turn the server in to an open relay when you did so.
However if that other domain then sent out a large number of email messages through your server which were deemed to be spam, then that would cause a blacklisting.

You need to establish whether your IP address is listed on any of the major public blacklists. http://www.robtex.com/ is one such resource that will query the blacklists for you. If it is listed then you need to look at each blacklist to see why.

-M
0
 
Ken FayalCommented:
I think I understood your question.  
0
 
jpguillebaudAuthor Commented:
Our server's IP address is not listed on any blacklists, so do you know why there is no response if I make an SMTP connection from our Exchange Server to the following MX servers: athena.hosts.co.uk / hermes.hosts.co.uk, but if I make the same connection from a different IP address on our network I get the usual SMTP response?
0
 
MesthaCommented:
For me, I get a black telnet session for a long time, then eventually it throws up this:

220-hermes.hosts.co.uk ESMTP Exim
220 Spamming and unauthorised relaying not allowed
554 SMTP synchronization error
Connection to host lost.
C:\>

That probably means they are trying to do some kind of check to confirm whether you are valid or not and cannot.

Not really a lot you can do. If you are trying to email someone who uses that service provider (Namesco) then they need to contact them to find out what is happening.

-M
0
 
jpguillebaudAuthor Commented:
I have used a TCP packet scanner and I notice that after the initial handshaking to the exchange server, a FIN ACK response is immediately sent by the server closing the connection. Does this kind of response suggest a firewall is blocking our connection?
0
 
Ken FayalCommented:
Wow that was a misleading question.  What made you write the initial question saying that your server has been blacklisted?
0
 
jpguillebaudAuthor Commented:
Because it initally appeared to be blacklisted!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 6
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now