Solved

SBS 2008 - Exhange 2007 Spam Issues

Posted on 2011-02-15
9
703 Views
Last Modified: 2012-05-11
Hey guys

Recently installed SBS 2008 with Exchange 2007. Now and then it gets listed on the “SPAM” networks. All clients are patched with AV and the network is clean.
SMTP out is on exchange authentication, and the only IP that is allowed for SMTP is the server.
ESET Mail Security is installed and we hardly receive spam.

Any suggestions?
0
Comment
Question by:ITNube
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What "SPAM" networks are you listed on?

Check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Please advise why they think you are listed.
0
 

Author Comment

by:ITNube
Comment Utility
XBL and CBL
0
 

Author Comment

by:ITNube
Comment Utility
talking about a NAT issue, using Draytek firewall
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Can you post the reason please.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:ITNube
Comment Utility
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown0665 spambot.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - so you either have an infected computer, or the server is sending out spam.

Do you have lots of mail in your queue on the server and if you do - do you recognise the mail as legitimate or spam looking?

When was the blacklisting saying that you were sending out spam?  What is the last reported time?
0
 

Author Comment

by:ITNube
Comment Utility
It was last detected at 2011-02-15 08:00 GMT (+/- 30 minutes), approximately 5 hours ago.

I installed the ESET AV on all the computer + Full Scan + Windows Update on all desktops. Queue is currently clean, only 15 users.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 125 total points
Comment Utility
Okay - so you have an issue locally that you need to find and it is either the server infected, a local computer infected, or you have a remote user using Outlook Anywhere that is infected and is sending out mail via your Exchange Server.

If the only IP that is allowed to send out mail is the SBS server, then it can only be the server or a client using Outlook with an infection that you haven't detected yet.

Did you have a computer that was switched on in your network and that was turned off 5 hours ago?

A possible laptop from a user that they brought in and is infected?
0
 

Author Comment

by:ITNube
Comment Utility
think i found it - although exchange was setup to be the only one to send out smtp it was internally only (exchange smtp connector), on the draytek 25 was still wide open and computers/bots were able to smtp out directly. were able to see it in the nat/route table and also were able to pin point which machines is causing the flood on 25. will find out in 3 days if i get listed again :| but think the new rule on the firewall would do the trick now

thanks for the help

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now