Sent emails from our Exchange server 2003 email is being seen as spam

Sent emails from our Exchange server 2003 email is being seen as spam.  This just happened today.  we can't send anything out extenally to most people.  Here are some of the errors we're getting:

Your message did not reach some or all of the intended recipients.

      Subject:      email trouble
      Sent:      4/2/2010 1:57 PM

The following recipient(s) cannot be reached:

      Scott, Stacey (Lifescan) on 4/2/2010 1:57 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <icominc.com #5.7.1 smtp;550 5.7.1 Service unavailable; Client host [209.232.112.4] blocked using Spamhaus XBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.>


Your message did not reach some or all of the intended recipients.

      Subject:      RE: job opening
      Sent:      4/2/2010 2:25 PM

The following recipient(s) cannot be reached:

      'tod holsenbeck' on 4/2/2010 2:25 PM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <icominc.com #5.5.0 smtp;550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>



Please help.  We need to get this resolved asap.  Thanks in advance.
Steelin_ItAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Please have a read of my article and check you are not an open relay / authenticated relay:

http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

if you have become blacklisted, you need to find out why and clean up the problem.
0
Steelin_ItAuthor Commented:
I'll double check that we're not an open relay but I'm 99% positive that I took care of that years ago.

I'm not real familiar with blacklisting.  How do I find how, why and if I am?
0
B HCommented:
you are listed on 2 of the major spam blacklists...
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a209.232.112.4

you can remove yourself from those 2 by using these links:
http://cbl.abuseat.org/lookup.cgi?ip=209.232.112.4
http://www.spamhaus.org/query/bl?ip=209.232.112.4

BUT you need to find out why you're listed... you might have a machine on your network that is sending spam because it's infected by a virus

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Alan HardistyCo-OwnerCommented:
The sites such as www.mxtoolbox.com/blacklists.aspx usually provide a link to the relevant blacklist site and the site should tell you why you are listed.

Which sites from mxtoolbox are you listed on?
0
B HCommented:
spamhaus has you blocked because you're blocked by the CBL

using the link above, i couldnt help but request removal (just clicked the button at the bottom)

CBL Removal Requested
Removal of the IP address:
209.232.112.4
from the CBL is now pending

so it should be fixed soon... but you WILL be relisted if you have an infected machine on your network.  you can check this out by logging into your firewall/router, hopefully it has a section that shows what machines are sending traffic out what ports... look for any internal ip sending outbound port 25 (other than your server) and check that machine

alternatively, you might consider setting a firewall rule in your router that says ONLY (your server) can send traffic out port 25.. everyone else, block.  all of your workstations should be using exchange to send mail, so they would not be affected by this policy.  but it will stop a virus from sending mail using someone's workstation
0
Alan HardistyCo-OwnerCommented:
According to the CBL website, you are infected and sending out spam.

Block outbound tcp port 25 on your router for all ip's apart from your mailserver and then scan your machines with Malwarebytes www.malwarebytes.org
0
Alan HardistyCo-OwnerCommented:
Requesting a de-listing without tackling the problem is not advisable as the chances are it will get immediately re-listed.

You only get a certain number of automatic de-listings before you need to make phone calls, so the best advice is to resolve the issue first then de-list IMHO.
0
Steelin_ItAuthor Commented:
Thanks for all the help.  Hopefully "Un-Blacklisting" will take care of the problem for now.  I'll let you know.  Any ideas on how long it takes for the "Un-Blacklisting" to kick in so we can send email?
0
B HCommented:
just unblacklisting it won't fix the problem... you were blacklisted for a reason... have to find out why... HAVE to... or you'll be blacklisted again tomorrow.

is your ip address static, or does it change (ask your internet provider if unsure)

un-blacklisting takes less than an hour usually... but you'll be blacklisted again in 12-24 hours if the problem isnt fixed.

0
Steelin_ItAuthor Commented:
If I do this:

"Block outbound tcp port 25 on your router for all ip's apart from your mailserver"

Will sent emails still go out from the user's computers, both internally and using  OWA?
0
B HCommented:
absolutely yes
0
Alan HardistyCo-OwnerCommented:
Most viruse that send mass mail out will use their own SMTP engine and thus blocking TCP port 25 will stop most usual spam sending viruses dead.  There are a few that exploit your own Mail Server so depending on what you have got, will determine on if blocking port 25 works or not, but 99% of cases it will.
0
Steelin_ItAuthor Commented:
Thanks for the help guys.  So far so good all weekend long.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.