Steelin_It
asked on
Sent emails from our Exchange server 2003 email is being seen as spam
Sent emails from our Exchange server 2003 email is being seen as spam. This just happened today. we can't send anything out extenally to most people. Here are some of the errors we're getting:
Your message did not reach some or all of the intended recipients.
Subject: email trouble
Sent: 4/2/2010 1:57 PM
The following recipient(s) cannot be reached:
Scott, Stacey (Lifescan) on 4/2/2010 1:57 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<icominc.com #5.7.1 smtp;550 5.7.1 Service unavailable; Client host [209.232.112.4] blocked using Spamhaus XBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.>
Your message did not reach some or all of the intended recipients.
Subject: RE: job opening
Sent: 4/2/2010 2:25 PM
The following recipient(s) cannot be reached:
'tod holsenbeck' on 4/2/2010 2:25 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<icominc.com #5.5.0 smtp;550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>
Please help. We need to get this resolved asap. Thanks in advance.
Your message did not reach some or all of the intended recipients.
Subject: email trouble
Sent: 4/2/2010 1:57 PM
The following recipient(s) cannot be reached:
Scott, Stacey (Lifescan) on 4/2/2010 1:57 PM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<icominc.com #5.7.1 smtp;550 5.7.1 Service unavailable; Client host [209.232.112.4] blocked using Spamhaus XBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.>
Your message did not reach some or all of the intended recipients.
Subject: RE: job opening
Sent: 4/2/2010 2:25 PM
The following recipient(s) cannot be reached:
'tod holsenbeck' on 4/2/2010 2:25 PM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<icominc.com #5.5.0 smtp;550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>
Please help. We need to get this resolved asap. Thanks in advance.
ASKER
I'll double check that we're not an open relay but I'm 99% positive that I took care of that years ago.
I'm not real familiar with blacklisting. How do I find how, why and if I am?
I'm not real familiar with blacklisting. How do I find how, why and if I am?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The sites such as www.mxtoolbox.com/blacklists.aspx usually provide a link to the relevant blacklist site and the site should tell you why you are listed.
Which sites from mxtoolbox are you listed on?
Which sites from mxtoolbox are you listed on?
spamhaus has you blocked because you're blocked by the CBL
using the link above, i couldnt help but request removal (just clicked the button at the bottom)
CBL Removal Requested
Removal of the IP address:
209.232.112.4
from the CBL is now pending
so it should be fixed soon... but you WILL be relisted if you have an infected machine on your network. you can check this out by logging into your firewall/router, hopefully it has a section that shows what machines are sending traffic out what ports... look for any internal ip sending outbound port 25 (other than your server) and check that machine
alternatively, you might consider setting a firewall rule in your router that says ONLY (your server) can send traffic out port 25.. everyone else, block. all of your workstations should be using exchange to send mail, so they would not be affected by this policy. but it will stop a virus from sending mail using someone's workstation
using the link above, i couldnt help but request removal (just clicked the button at the bottom)
CBL Removal Requested
Removal of the IP address:
209.232.112.4
from the CBL is now pending
so it should be fixed soon... but you WILL be relisted if you have an infected machine on your network. you can check this out by logging into your firewall/router, hopefully it has a section that shows what machines are sending traffic out what ports... look for any internal ip sending outbound port 25 (other than your server) and check that machine
alternatively, you might consider setting a firewall rule in your router that says ONLY (your server) can send traffic out port 25.. everyone else, block. all of your workstations should be using exchange to send mail, so they would not be affected by this policy. but it will stop a virus from sending mail using someone's workstation
According to the CBL website, you are infected and sending out spam.
Block outbound tcp port 25 on your router for all ip's apart from your mailserver and then scan your machines with Malwarebytes www.malwarebytes.org
Block outbound tcp port 25 on your router for all ip's apart from your mailserver and then scan your machines with Malwarebytes www.malwarebytes.org
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the help. Hopefully "Un-Blacklisting" will take care of the problem for now. I'll let you know. Any ideas on how long it takes for the "Un-Blacklisting" to kick in so we can send email?
just unblacklisting it won't fix the problem... you were blacklisted for a reason... have to find out why... HAVE to... or you'll be blacklisted again tomorrow.
is your ip address static, or does it change (ask your internet provider if unsure)
un-blacklisting takes less than an hour usually... but you'll be blacklisted again in 12-24 hours if the problem isnt fixed.
is your ip address static, or does it change (ask your internet provider if unsure)
un-blacklisting takes less than an hour usually... but you'll be blacklisted again in 12-24 hours if the problem isnt fixed.
ASKER
If I do this:
"Block outbound tcp port 25 on your router for all ip's apart from your mailserver"
Will sent emails still go out from the user's computers, both internally and using OWA?
"Block outbound tcp port 25 on your router for all ip's apart from your mailserver"
Will sent emails still go out from the user's computers, both internally and using OWA?
absolutely yes
Most viruse that send mass mail out will use their own SMTP engine and thus blocking TCP port 25 will stop most usual spam sending viruses dead. There are a few that exploit your own Mail Server so depending on what you have got, will determine on if blocking port 25 works or not, but 99% of cases it will.
ASKER
Thanks for the help guys. So far so good all weekend long.
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html
if you have become blacklisted, you need to find out why and clean up the problem.