Symantec mail security for SMTP 5.0.1 Blacklisting

Posted on 2009-04-29
Last Modified: 2013-12-09
I am running Symantec Mail Security for SMTP 5.0.1 on Windows Server 2003. I have recently been put on a  blacklist because of SPAM. I have removed my servers from the list and one was added back. I ran the malicious software removal tool on the systems and nothing was found. I did find some viruses in the bamail queue which I have removed. Not sure if some of my settings on the Secure mail gateway are correct.


Question by:TKGreen
    LVL 15

    Expert Comment


    The following checklist is your best friend to fight spam-bots and keep your MX record away from blacklists:

    1) Authorized servers only: Allow your authorized mail server or anti-spam solution (ex. ironmail/ironport/barracuda..etc) to send SMTP (tcp/25) traffic outside your network. Otherwise, you'll face the blacklisting penalty and it would take a while to clear your IP.

    2) Don't leave the Wifi LAN un-firewalled: I found many customers who got blacklisted becuase they forgot to secure the Wifi LAN and allowed Any traffic to leave. They didn't calculated the risk of infected laptops. Start with allowing common protocols such as HTTP/HTTPS/POP3/, turn on AV scanning, DPI (Deep Packet Inspection), Web Filtering (ex. SurfControl).

    3) Know your traffic: You should be aware of every inbound/outbound bit in your network. There are a lot of solutions which will sniff and study the type of generated traffic on the wire, so you can get a full picture of what's going on at the moment. Check the following vendors and their solutions:

    4) MX reputation monitoring: This is a very nice way for early warning before they blacklist your IP. These monitoring services will evaluate the "reputation" level and warn you. For instance,

    5) Antivirus & HIPS: I don't need to discuss too much about this point. Many MX blacklisting incidents happened due to a computer left without installing antivirus scanner. So, always scan your network and push the AV client.  Don't allow untrusted laptops to use your network unless they are protected and clean. Some companies follow the rule of: keep your laptop off, we will give your ours !. HIPS is an excellent layer of defense that complements the AV scanner.

    6) FW/Router Logs: You need to enable logging of any rule that allow outbound SMTP traffic, so you can later check the source of any suspicious spam traffic from inside-to-outside.

    You should use a combination of sniffers and port scanners to detect spam bots, Check the following

    1) Wireshark, download it from (

    You need to connect it to a managed switch with the support of monitoring port (Cisco calls it SPAN). Or use a Hub. The last option is to use a network TAP ( from some vendor like NetOptics (

    2) Another sniffing tool is Tcpick (linux based), download it from (

    Here how to sniff port 25:

    #tcpick -i eth0 -C -bCU -T1 "port 25"

    3) Nmap is the best port scanning tool, download it from (

    here how to scan for port 25 (change with your network range)

    #nmap -sS -p 25

    4) TCPDump is another good sniffer, download it from (

    Here how to sniff port 25

    #tcpdump -i eth0 port 25

    A Symantec Certified Specialist @ your service

    Accepted Solution

    Please close question
    LVL 15

    Expert Comment

    How did you manage to solve the problem?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
    OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now