I have an internal Exchange server that keeps getting put on a blacklist. I have checked and verified that it is not an open relay. I have scanned the computers on the network and placed a GPO preventing port 25 from being used.
However I still seem to be having this issue. I have 2 gateways, all of the desktops are using a FIOS connection, and then servers are using a T1 line. The IP address that is being blocked is on the T1 line. I have NAT'ing setup on a Netopia router so the IP runs to the front end Exchange server.
Any ideas on what could be causing this? How can I check how many emails are being sent from the Excahnge server so I can see if it is being used to send out spam? I am programming a firewall now so only the Exchange server will be able to use port 25, but how can I find the source of the problem?
I looked in the logs and found this record, however I am thinking that this is my server blocking spam?
This is an SMTP protocol warning log for virtual server ID 1, connection #28. The remote host "188.8.131.52", responded to the SMTP command "rcpt" with "451 http://www.spamhaus.org/query/bl?ip=184.108.40.206 ". The full command sent was "RCPT TO:<firstname.lastname@example.org
For more information, click http://www.microsoft.com/contentredirect.asp.