?
Solved

Sent emails from our Exchange server 2003 email is being seen as spam

Posted on 2010-04-02
13
Medium Priority
?
665 Views
Last Modified: 2012-05-09
Sent emails from our Exchange server 2003 email is being seen as spam.  This just happened today.  we can't send anything out extenally to most people.  Here are some of the errors we're getting:

Your message did not reach some or all of the intended recipients.

      Subject:      email trouble
      Sent:      4/2/2010 1:57 PM

The following recipient(s) cannot be reached:

      Scott, Stacey (Lifescan) on 4/2/2010 1:57 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <icominc.com #5.7.1 smtp;550 5.7.1 Service unavailable; Client host [209.232.112.4] blocked using Spamhaus XBL, mail from IP banned; To request removal from this list see http://www.spamhaus.org/lookup.lasso.>


Your message did not reach some or all of the intended recipients.

      Subject:      RE: job opening
      Sent:      4/2/2010 2:25 PM

The following recipient(s) cannot be reached:

      'tod holsenbeck' on 4/2/2010 2:25 PM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <icominc.com #5.5.0 smtp;550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support>



Please help.  We need to get this resolved asap.  Thanks in advance.
0
Comment
Question by:Steelin_It
  • 5
  • 4
  • 4
13 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 29494735
Please have a read of my article and check you are not an open relay / authenticated relay:

http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

if you have become blacklisted, you need to find out why and clean up the problem.
0
 

Author Comment

by:Steelin_It
ID: 29495134
I'll double check that we're not an open relay but I'm 99% positive that I took care of that years ago.

I'm not real familiar with blacklisting.  How do I find how, why and if I am?
0
 
LVL 24

Accepted Solution

by:
B H earned 1000 total points
ID: 29496411
you are listed on 2 of the major spam blacklists...
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a209.232.112.4

you can remove yourself from those 2 by using these links:
http://cbl.abuseat.org/lookup.cgi?ip=209.232.112.4
http://www.spamhaus.org/query/bl?ip=209.232.112.4

BUT you need to find out why you're listed... you might have a machine on your network that is sending spam because it's infected by a virus

0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 29496519
The sites such as www.mxtoolbox.com/blacklists.aspx usually provide a link to the relevant blacklist site and the site should tell you why you are listed.

Which sites from mxtoolbox are you listed on?
0
 
LVL 24

Expert Comment

by:B H
ID: 29497053
spamhaus has you blocked because you're blocked by the CBL

using the link above, i couldnt help but request removal (just clicked the button at the bottom)

CBL Removal Requested
Removal of the IP address:
209.232.112.4
from the CBL is now pending

so it should be fixed soon... but you WILL be relisted if you have an infected machine on your network.  you can check this out by logging into your firewall/router, hopefully it has a section that shows what machines are sending traffic out what ports... look for any internal ip sending outbound port 25 (other than your server) and check that machine

alternatively, you might consider setting a firewall rule in your router that says ONLY (your server) can send traffic out port 25.. everyone else, block.  all of your workstations should be using exchange to send mail, so they would not be affected by this policy.  but it will stop a virus from sending mail using someone's workstation
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 29497157
According to the CBL website, you are infected and sending out spam.

Block outbound tcp port 25 on your router for all ip's apart from your mailserver and then scan your machines with Malwarebytes www.malwarebytes.org
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1000 total points
ID: 29497425
Requesting a de-listing without tackling the problem is not advisable as the chances are it will get immediately re-listed.

You only get a certain number of automatic de-listings before you need to make phone calls, so the best advice is to resolve the issue first then de-list IMHO.
0
 

Author Comment

by:Steelin_It
ID: 29498275
Thanks for all the help.  Hopefully "Un-Blacklisting" will take care of the problem for now.  I'll let you know.  Any ideas on how long it takes for the "Un-Blacklisting" to kick in so we can send email?
0
 
LVL 24

Expert Comment

by:B H
ID: 29498481
just unblacklisting it won't fix the problem... you were blacklisted for a reason... have to find out why... HAVE to... or you'll be blacklisted again tomorrow.

is your ip address static, or does it change (ask your internet provider if unsure)

un-blacklisting takes less than an hour usually... but you'll be blacklisted again in 12-24 hours if the problem isnt fixed.

0
 

Author Comment

by:Steelin_It
ID: 29501623
If I do this:

"Block outbound tcp port 25 on your router for all ip's apart from your mailserver"

Will sent emails still go out from the user's computers, both internally and using  OWA?
0
 
LVL 24

Expert Comment

by:B H
ID: 29502706
absolutely yes
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 29502878
Most viruse that send mass mail out will use their own SMTP engine and thus blocking TCP port 25 will stop most usual spam sending viruses dead.  There are a few that exploit your own Mail Server so depending on what you have got, will determine on if blocking port 25 works or not, but 99% of cases it will.
0
 

Author Closing Comment

by:Steelin_It
ID: 31710447
Thanks for the help guys.  So far so good all weekend long.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question