Solved

SBS 2008 - Exhange 2007 Spam Issues

Posted on 2011-02-15
9
737 Views
Last Modified: 2012-05-11
Hey guys

Recently installed SBS 2008 with Exchange 2007. Now and then it gets listed on the “SPAM” networks. All clients are patched with AV and the network is clean.
SMTP out is on exchange authentication, and the only IP that is allowed for SMTP is the server.
ESET Mail Security is installed and we hardly receive spam.

Any suggestions?
0
Comment
Question by:ITNube
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896050
What "SPAM" networks are you listed on?

Check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Please advise why they think you are listed.
0
 

Author Comment

by:ITNube
ID: 34896087
XBL and CBL
0
 

Author Comment

by:ITNube
ID: 34896092
talking about a NAT issue, using Draytek firewall
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896122
Can you post the reason please.
0
 

Author Comment

by:ITNube
ID: 34896123
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown0665 spambot.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896165
Okay - so you either have an infected computer, or the server is sending out spam.

Do you have lots of mail in your queue on the server and if you do - do you recognise the mail as legitimate or spam looking?

When was the blacklisting saying that you were sending out spam?  What is the last reported time?
0
 

Author Comment

by:ITNube
ID: 34896203
It was last detected at 2011-02-15 08:00 GMT (+/- 30 minutes), approximately 5 hours ago.

I installed the ESET AV on all the computer + Full Scan + Windows Update on all desktops. Queue is currently clean, only 15 users.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 125 total points
ID: 34896305
Okay - so you have an issue locally that you need to find and it is either the server infected, a local computer infected, or you have a remote user using Outlook Anywhere that is infected and is sending out mail via your Exchange Server.

If the only IP that is allowed to send out mail is the SBS server, then it can only be the server or a client using Outlook with an infection that you haven't detected yet.

Did you have a computer that was switched on in your network and that was turned off 5 hours ago?

A possible laptop from a user that they brought in and is infected?
0
 

Author Comment

by:ITNube
ID: 34905730
think i found it - although exchange was setup to be the only one to send out smtp it was internally only (exchange smtp connector), on the draytek 25 was still wide open and computers/bots were able to smtp out directly. were able to see it in the nat/route table and also were able to pin point which machines is causing the flood on 25. will find out in 3 days if i get listed again :| but think the new rule on the firewall would do the trick now

thanks for the help

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question