Solved

Blacklisting is becoming a problem

Posted on 2009-05-04
7
425 Views
Last Modified: 2013-11-29
I have 1 corporate office and 8 remote locations. The corporate office has approx 12 Xp boxes. The remote locations have 2-4 Boxes. Our email is hosted by AT&T (Neomail). We use a combination of outlook and outlook express set up for pop3. DSL internet connections with NAT.

I currently have 3 seperate locations (IP's) that are blacklisted. 2 locations have been blacklisted numerouse times. All of the computers have antispyware and antivirus protection(mostly the free stuff). Each time a location gets blacklisted, I either run the scans and find the bugs or re-image completely. We come off the blacklist for a month or so then get blacklisted again.

Do most spambots come via spam emails? I know it is my responsibility to keep my boxes clean but does the hosting mail server have some responsibilty in this also? If so, what can I resonably expect from them?  Does anyone know of a way to narrow down the exact box that is spamming?

This is a small retail chain and IT budget is limited to non existent. I would greatly appreciate some advice.

Thanks!
0
Comment
Question by:markrn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 16

Expert Comment

by:warturtle
ID: 24296165
Do you have MalwareBytes Anti-Malware (www.malwarebytes.org) installed?? Try a scan with that to being with. Trend Micro RUBotted is also another tool, but its in beta phase, so false positives are likely.

http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

Hope it helps.
0
 

Author Comment

by:markrn
ID: 24296235
Thanks for the reply Warturtle!

I do use Malwarebytes. Cleaning the boxes isn't so much my problem as finding a pemanent solution (if there is one). I can get them cleaned but after a month or two we end up back on the blacklists. I am looking for an inexpensive way to stop the infections BEFORE they happen.
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24296288
What internet security programs do you use? AVG??
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 

Author Comment

by:markrn
ID: 24296376
Warturtle,

We used to use Trendmicro Intenet Security. We were blacklisted twice within a 6 month period while we had Trend Micro active. It has since expired but we have not renewed because it didn't seem to help so we have no current internet security at the moment. I have Clamwin that runs nightly and I have the aforementioned Malwarebytes. I also have superantispyware installed as well as Spybot. Most machines also have the free zonealarm firewall. On computers that do not need email I use port blocker to block port 25.

We still end up getting infected and blacklisted ever so often.

Thanks!
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24296469
Clamwin isn't something that will protect your computers effectively because it doesn't include real-time protection, so if you get a virus now and your scan in the night doesn't pick it up then you have a big problem in your hands.

I suggest moving to another vendor like Kaspersky. It has the highest rates of detection and comes with an administration kit allowing you to monitor the whole network effectively and see security logs from different computers as well.

I am not sure if ZoneAlarm free firewall is actually free for corporate use, I suggest reading the license terms properly and getting an enterprise security solution to protect your organisation.
0
 
LVL 31

Accepted Solution

by:
moorhouselondon earned 500 total points
ID: 24298301
I take it that you are touting your outgoing emails through AT&T's SMTP server?

What I would recommend is that you setup all of your Firewalls to Block all Port 25 Outgoing traffic.  Before doing this, find out from AT&T which Port they will accept SMTP traffic from you on (something like Port 587, but you need to contact them to find out for definite).  Set this alternative Port up in Outlook and Outlook Express in the SMTP Server settings.
0
 

Author Comment

by:markrn
ID: 24325282
Moorhouselondon,

Good suggestion that I am sure would work. They will not use any other port other than 25 for smtp traffic. I have talked to another mail server provider who will. Accepted solution.

Thanks!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question