?
Solved

SBS 2008 - Exhange 2007 Spam Issues

Posted on 2011-02-15
9
Medium Priority
?
745 Views
Last Modified: 2012-05-11
Hey guys

Recently installed SBS 2008 with Exchange 2007. Now and then it gets listed on the “SPAM” networks. All clients are patched with AV and the network is clean.
SMTP out is on exchange authentication, and the only IP that is allowed for SMTP is the server.
ESET Mail Security is installed and we hardly receive spam.

Any suggestions?
0
Comment
Question by:ITNube
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896050
What "SPAM" networks are you listed on?

Check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Please advise why they think you are listed.
0
 

Author Comment

by:ITNube
ID: 34896087
XBL and CBL
0
 

Author Comment

by:ITNube
ID: 34896092
talking about a NAT issue, using Draytek firewall
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896122
Can you post the reason please.
0
 

Author Comment

by:ITNube
ID: 34896123
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown0665 spambot.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896165
Okay - so you either have an infected computer, or the server is sending out spam.

Do you have lots of mail in your queue on the server and if you do - do you recognise the mail as legitimate or spam looking?

When was the blacklisting saying that you were sending out spam?  What is the last reported time?
0
 

Author Comment

by:ITNube
ID: 34896203
It was last detected at 2011-02-15 08:00 GMT (+/- 30 minutes), approximately 5 hours ago.

I installed the ESET AV on all the computer + Full Scan + Windows Update on all desktops. Queue is currently clean, only 15 users.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34896305
Okay - so you have an issue locally that you need to find and it is either the server infected, a local computer infected, or you have a remote user using Outlook Anywhere that is infected and is sending out mail via your Exchange Server.

If the only IP that is allowed to send out mail is the SBS server, then it can only be the server or a client using Outlook with an infection that you haven't detected yet.

Did you have a computer that was switched on in your network and that was turned off 5 hours ago?

A possible laptop from a user that they brought in and is infected?
0
 

Author Comment

by:ITNube
ID: 34905730
think i found it - although exchange was setup to be the only one to send out smtp it was internally only (exchange smtp connector), on the draytek 25 was still wide open and computers/bots were able to smtp out directly. were able to see it in the nat/route table and also were able to pin point which machines is causing the flood on 25. will find out in 3 days if i get listed again :| but think the new rule on the firewall would do the trick now

thanks for the help

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question