Solved

SBS 2008 - Exhange 2007 Spam Issues

Posted on 2011-02-15
9
742 Views
Last Modified: 2012-05-11
Hey guys

Recently installed SBS 2008 with Exchange 2007. Now and then it gets listed on the “SPAM” networks. All clients are patched with AV and the network is clean.
SMTP out is on exchange authentication, and the only IP that is allowed for SMTP is the server.
ESET Mail Security is installed and we hardly receive spam.

Any suggestions?
0
Comment
Question by:ITNube
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896050
What "SPAM" networks are you listed on?

Check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Please advise why they think you are listed.
0
 

Author Comment

by:ITNube
ID: 34896087
XBL and CBL
0
 

Author Comment

by:ITNube
ID: 34896092
talking about a NAT issue, using Draytek firewall
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896122
Can you post the reason please.
0
 

Author Comment

by:ITNube
ID: 34896123
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown0665 spambot.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896165
Okay - so you either have an infected computer, or the server is sending out spam.

Do you have lots of mail in your queue on the server and if you do - do you recognise the mail as legitimate or spam looking?

When was the blacklisting saying that you were sending out spam?  What is the last reported time?
0
 

Author Comment

by:ITNube
ID: 34896203
It was last detected at 2011-02-15 08:00 GMT (+/- 30 minutes), approximately 5 hours ago.

I installed the ESET AV on all the computer + Full Scan + Windows Update on all desktops. Queue is currently clean, only 15 users.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 125 total points
ID: 34896305
Okay - so you have an issue locally that you need to find and it is either the server infected, a local computer infected, or you have a remote user using Outlook Anywhere that is infected and is sending out mail via your Exchange Server.

If the only IP that is allowed to send out mail is the SBS server, then it can only be the server or a client using Outlook with an infection that you haven't detected yet.

Did you have a computer that was switched on in your network and that was turned off 5 hours ago?

A possible laptop from a user that they brought in and is infected?
0
 

Author Comment

by:ITNube
ID: 34905730
think i found it - although exchange was setup to be the only one to send out smtp it was internally only (exchange smtp connector), on the draytek 25 was still wide open and computers/bots were able to smtp out directly. were able to see it in the nat/route table and also were able to pin point which machines is causing the flood on 25. will find out in 3 days if i get listed again :| but think the new rule on the firewall would do the trick now

thanks for the help

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question