Solved

Blacklisting is becoming a problem

Posted on 2009-05-04
7
419 Views
Last Modified: 2013-11-29
I have 1 corporate office and 8 remote locations. The corporate office has approx 12 Xp boxes. The remote locations have 2-4 Boxes. Our email is hosted by AT&T (Neomail). We use a combination of outlook and outlook express set up for pop3. DSL internet connections with NAT.

I currently have 3 seperate locations (IP's) that are blacklisted. 2 locations have been blacklisted numerouse times. All of the computers have antispyware and antivirus protection(mostly the free stuff). Each time a location gets blacklisted, I either run the scans and find the bugs or re-image completely. We come off the blacklist for a month or so then get blacklisted again.

Do most spambots come via spam emails? I know it is my responsibility to keep my boxes clean but does the hosting mail server have some responsibilty in this also? If so, what can I resonably expect from them?  Does anyone know of a way to narrow down the exact box that is spamming?

This is a small retail chain and IT budget is limited to non existent. I would greatly appreciate some advice.

Thanks!
0
Comment
Question by:markrn
  • 3
  • 3
7 Comments
 
LVL 16

Expert Comment

by:warturtle
ID: 24296165
Do you have MalwareBytes Anti-Malware (www.malwarebytes.org) installed?? Try a scan with that to being with. Trend Micro RUBotted is also another tool, but its in beta phase, so false positives are likely.

http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

Hope it helps.
0
 

Author Comment

by:markrn
ID: 24296235
Thanks for the reply Warturtle!

I do use Malwarebytes. Cleaning the boxes isn't so much my problem as finding a pemanent solution (if there is one). I can get them cleaned but after a month or two we end up back on the blacklists. I am looking for an inexpensive way to stop the infections BEFORE they happen.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24296288
What internet security programs do you use? AVG??
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:markrn
ID: 24296376
Warturtle,

We used to use Trendmicro Intenet Security. We were blacklisted twice within a 6 month period while we had Trend Micro active. It has since expired but we have not renewed because it didn't seem to help so we have no current internet security at the moment. I have Clamwin that runs nightly and I have the aforementioned Malwarebytes. I also have superantispyware installed as well as Spybot. Most machines also have the free zonealarm firewall. On computers that do not need email I use port blocker to block port 25.

We still end up getting infected and blacklisted ever so often.

Thanks!
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24296469
Clamwin isn't something that will protect your computers effectively because it doesn't include real-time protection, so if you get a virus now and your scan in the night doesn't pick it up then you have a big problem in your hands.

I suggest moving to another vendor like Kaspersky. It has the highest rates of detection and comes with an administration kit allowing you to monitor the whole network effectively and see security logs from different computers as well.

I am not sure if ZoneAlarm free firewall is actually free for corporate use, I suggest reading the license terms properly and getting an enterprise security solution to protect your organisation.
0
 
LVL 31

Accepted Solution

by:
moorhouselondon earned 500 total points
ID: 24298301
I take it that you are touting your outgoing emails through AT&T's SMTP server?

What I would recommend is that you setup all of your Firewalls to Block all Port 25 Outgoing traffic.  Before doing this, find out from AT&T which Port they will accept SMTP traffic from you on (something like Port 587, but you need to contact them to find out for definite).  Set this alternative Port up in Outlook and Outlook Express in the SMTP Server settings.
0
 

Author Comment

by:markrn
ID: 24325282
Moorhouselondon,

Good suggestion that I am sure would work. They will not use any other port other than 25 for smtp traffic. I have talked to another mail server provider who will. Accepted solution.

Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
domain name email 3 68
Outlook Rule removing emails from GMail Server? 4 57
Dealing with Locky ransomware... 13 99
Endpoint security products 4 51
What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now