[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SBS 2008 - Exhange 2007 Spam Issues

Posted on 2011-02-15
9
Medium Priority
?
759 Views
Last Modified: 2012-05-11
Hey guys

Recently installed SBS 2008 with Exchange 2007. Now and then it gets listed on the “SPAM” networks. All clients are patched with AV and the network is clean.
SMTP out is on exchange authentication, and the only IP that is allowed for SMTP is the server.
ESET Mail Security is installed and we hardly receive spam.

Any suggestions?
0
Comment
Question by:ITNube
  • 5
  • 4
9 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896050
What "SPAM" networks are you listed on?

Check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Please advise why they think you are listed.
0
 

Author Comment

by:ITNube
ID: 34896087
XBL and CBL
0
 

Author Comment

by:ITNube
ID: 34896092
talking about a NAT issue, using Draytek firewall
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896122
Can you post the reason please.
0
 

Author Comment

by:ITNube
ID: 34896123
This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown0665 spambot.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34896165
Okay - so you either have an infected computer, or the server is sending out spam.

Do you have lots of mail in your queue on the server and if you do - do you recognise the mail as legitimate or spam looking?

When was the blacklisting saying that you were sending out spam?  What is the last reported time?
0
 

Author Comment

by:ITNube
ID: 34896203
It was last detected at 2011-02-15 08:00 GMT (+/- 30 minutes), approximately 5 hours ago.

I installed the ESET AV on all the computer + Full Scan + Windows Update on all desktops. Queue is currently clean, only 15 users.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34896305
Okay - so you have an issue locally that you need to find and it is either the server infected, a local computer infected, or you have a remote user using Outlook Anywhere that is infected and is sending out mail via your Exchange Server.

If the only IP that is allowed to send out mail is the SBS server, then it can only be the server or a client using Outlook with an infection that you haven't detected yet.

Did you have a computer that was switched on in your network and that was turned off 5 hours ago?

A possible laptop from a user that they brought in and is infected?
0
 

Author Comment

by:ITNube
ID: 34905730
think i found it - although exchange was setup to be the only one to send out smtp it was internally only (exchange smtp connector), on the draytek 25 was still wide open and computers/bots were able to smtp out directly. were able to see it in the nat/route table and also were able to pin point which machines is causing the flood on 25. will find out in 3 days if i get listed again :| but think the new rule on the firewall would do the trick now

thanks for the help

0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question