Solved

Blacklisting is becoming a problem

Posted on 2009-05-04
7
418 Views
Last Modified: 2013-11-29
I have 1 corporate office and 8 remote locations. The corporate office has approx 12 Xp boxes. The remote locations have 2-4 Boxes. Our email is hosted by AT&T (Neomail). We use a combination of outlook and outlook express set up for pop3. DSL internet connections with NAT.

I currently have 3 seperate locations (IP's) that are blacklisted. 2 locations have been blacklisted numerouse times. All of the computers have antispyware and antivirus protection(mostly the free stuff). Each time a location gets blacklisted, I either run the scans and find the bugs or re-image completely. We come off the blacklist for a month or so then get blacklisted again.

Do most spambots come via spam emails? I know it is my responsibility to keep my boxes clean but does the hosting mail server have some responsibilty in this also? If so, what can I resonably expect from them?  Does anyone know of a way to narrow down the exact box that is spamming?

This is a small retail chain and IT budget is limited to non existent. I would greatly appreciate some advice.

Thanks!
0
Comment
Question by:markrn
  • 3
  • 3
7 Comments
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Do you have MalwareBytes Anti-Malware (www.malwarebytes.org) installed?? Try a scan with that to being with. Trend Micro RUBotted is also another tool, but its in beta phase, so false positives are likely.

http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

Hope it helps.
0
 

Author Comment

by:markrn
Comment Utility
Thanks for the reply Warturtle!

I do use Malwarebytes. Cleaning the boxes isn't so much my problem as finding a pemanent solution (if there is one). I can get them cleaned but after a month or two we end up back on the blacklists. I am looking for an inexpensive way to stop the infections BEFORE they happen.
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
What internet security programs do you use? AVG??
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:markrn
Comment Utility
Warturtle,

We used to use Trendmicro Intenet Security. We were blacklisted twice within a 6 month period while we had Trend Micro active. It has since expired but we have not renewed because it didn't seem to help so we have no current internet security at the moment. I have Clamwin that runs nightly and I have the aforementioned Malwarebytes. I also have superantispyware installed as well as Spybot. Most machines also have the free zonealarm firewall. On computers that do not need email I use port blocker to block port 25.

We still end up getting infected and blacklisted ever so often.

Thanks!
0
 
LVL 16

Expert Comment

by:warturtle
Comment Utility
Clamwin isn't something that will protect your computers effectively because it doesn't include real-time protection, so if you get a virus now and your scan in the night doesn't pick it up then you have a big problem in your hands.

I suggest moving to another vendor like Kaspersky. It has the highest rates of detection and comes with an administration kit allowing you to monitor the whole network effectively and see security logs from different computers as well.

I am not sure if ZoneAlarm free firewall is actually free for corporate use, I suggest reading the license terms properly and getting an enterprise security solution to protect your organisation.
0
 
LVL 31

Accepted Solution

by:
moorhouselondon earned 500 total points
Comment Utility
I take it that you are touting your outgoing emails through AT&T's SMTP server?

What I would recommend is that you setup all of your Firewalls to Block all Port 25 Outgoing traffic.  Before doing this, find out from AT&T which Port they will accept SMTP traffic from you on (something like Port 587, but you need to contact them to find out for definite).  Set this alternative Port up in Outlook and Outlook Express in the SMTP Server settings.
0
 

Author Comment

by:markrn
Comment Utility
Moorhouselondon,

Good suggestion that I am sure would work. They will not use any other port other than 25 for smtp traffic. I have talked to another mail server provider who will. Accepted solution.

Thanks!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now