• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4955
  • Last Modified:

our domain is blacklisted on Tiopan,,,,help!

Any advice on how to get us removed? I spoke to someone and they said they Tiopan is a hard one to get removed from. I have already emailed them to have us removed. Any tips?

We believe a specific PC was infected with a virus and was sending out spam. We have removed the PC from the network.
0
SmallPrint
Asked:
SmallPrint
8 Solutions
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
First you want to setup your firewall to block all outgoing SMTP traffic except that of your exchange server or whatever is sending out mail.    Once you get this complete send an email (info@tiopan.com) an beg from them to review and removed.   If not you will be automatically removed after some time.
0
 
Alan HardistyCo-OwnerCommented:
You won't be able to email info@tiopan.com from your own IP as they have you blocked, so try from another IP / account away from your blocked IP, but don't hold your breath - they don't seem to accept mail on that account!
0
 
SmallPrintAuthor Commented:
do most people even follow Tiopan?  I'm not sure if i should be even worrying about them....
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
simonlimonCommented:
I would definitely check this out, because you surely didn't finish on just one block list. Enter the public IP of your mail server. So you can remove yourself from them.

http://www.kloth.net/services/dnsbl.php
0
 
Alan HardistyCo-OwnerCommented:
Not ever seen them used before - but you never know.
Check on all the blacklists by visiting www.mxtoolbox.com/blacklists.aspx and if you are listed, follow the links to the relevant sites and make sure the listings and not current.
Note the date time of the last report and if that changes to a newer time in a few hours, you still have a problem.
If not, then you probably have solved the problem.
Locking down your firewall to only allow port 25 out from your server is also a worthwhile measure to take (as EndureKona has advised), so that if you get infected again, the infection should not be able to send out mail.  If you cannot do this with your router - change it to one that can block outbound traffic by internal IP.
0
 
SmallPrintAuthor Commented:
Thanks everyone. I have been checking mxtoolbox,robtex.com, and now kloth....all say we are clear EXCEPT for Tiopan (via mxtoolbox).

I think I might fax tiopan and see if that helps. Wishful thinking I know...but its worth I try.
0
 
Alan HardistyCo-OwnerCommented:
I would not worry unduly.
Are you having mail-flow problems?  If not - you should drop off their radar in a few days / weeks and I doub anyone will check against their blacklists, so you should be problem free.
Faxing won't hurt - so give it a try, but I would not hold your breath : )
0
 
SmallPrintAuthor Commented:
Mail flow seems to be getting back to normal....but on top of submitted requests for delisting to all the RBLs we were on, I also reached out directly to Hotmail, ATT, Comcast, via phone or webform.

I have a phone call in with the university of texas Austin and bellsouth.net...our emails are not reaching them...but we also receive a totally different error message then this morning.

The blacklist emails specifically stated the IP and that we were blacklisted.  These 2 domais i just stated time out (i force them to time out with a NDR in ESM) with an error
 
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <Server.domainK #4.7.1 smtp;450 4.7.1 <Server.Domain>: Helo command rejected: Host not found>


 
0
 
Alan HardistyCo-OwnerCommented:
Sounds like my article should be able to help you with the Host not Found issue - sounds like your FQDN on your server is configured incorrectly, they are verifying it and it fails the check.
You may be displaying blah.yourdomain.local.
Have a read of my article - It should help:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html 
0
 
SmallPrintAuthor Commented:
I will give it a read. Im just glad it not saying the IP is blocked.

Are there any other sites I should utilize to check if we are on a RBL? MXtoolbox was saying we were okay (very early this morning), while at the same time another site we were listed.
0
 
Alan HardistyCo-OwnerCommented:
Blacklists can take a while to catch up.  You may be blacklisted, but not show up on their site straight away, but after an hour or so, up you pop.

I would be fairly confident that if you are clean on mxtoolbox, that you are fine.
0
 
SmallPrintAuthor Commented:
mxtoolbox does list Tiopan though. This sucks, its like i'm at their mercy.
0
 
Alan HardistyCo-OwnerCommented:
I was on Tipoan about a month ago - I tried to email them and got a bounce back - I emailed them from Hotmail and got bounced back.
I ignored them and had no problems and they eventually dropped my IP off their lists.
I had an authenticated relay atack from a compromised account.  As soon as I had isolated the problem account, and changed the password I started to get off the Blacklists (some by request), but Tiopan was not one that I could do anything about.
If you are clear on the rest and mail is flowing freely - ignore the Tiopan listing and you will drop off it after a while.
0
 
SmallPrintAuthor Commented:
Perhaps this is extreme, but would it be worth forcing all users to change their passwords?  I think we got the correct pc,.... But won't know unless it happens again
0
 
Alan HardistyCo-OwnerCommented:
Are / were your Exchange queues full of messages that are not going anywhere?
If yes - then changing everyone's passwords is not a bad idea (including the Administrator account) - make sure you get all the accounts.
If not, then it is most likely a PC and you should not need to, but do change your firewall to block TCP port 25 from all internal IP's other than the server.
0
 
SmallPrintAuthor Commented:
Such a slow email day. The queue was not packed , and I believe some domains were getting through.
0
 
SmallPrintAuthor Commented:
Most emails just bounced back right away, and were not in the ram queue
0
 
Alan HardistyCo-OwnerCommented:
Okay - but if anything was going out via the server - I need to know.
Most viruses won't abuse the server, so if anything was sitting on the server waiting to go out - that problems suggests an authenticated relay attack - thus changing passwords on all accounts (in the absence of isolating a single account) would be highly recommended.
My other article may be of interest to you:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html 
0
 
SmallPrintAuthor Commented:
Some items were leaving the server
0
 
Alan HardistyCo-OwnerCommented:
Okay - then my last link should help you.
Also, as you only have 40 users - it would be advisable to change ALL passwords, including Administrator.
Do a good search through AD for all Users and make sure you change the lot.
0
 
SmallPrintAuthor Commented:
Very difficult issue to troubleshoot. The tips from these experts helped out a lot!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now