Solved

Email blacklist -virus?

Posted on 2011-02-23
5
2,329 Views
Last Modified: 2012-06-27
Our email server (SBS 2003) has been blacklisted for hitting spamtraps on the following:

NIXSPAM  LISTED Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Thu, 24 Feb 2011 00:52:02 +0100. Your admin should visit Detail
Return codes were: 127.0.0.2 60 1200
SPAMCOP  LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2100 339
UCEPROTECTL1  LISTED IP x.x.x.x  is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 2100 339

One result from ix.dnsbl.manitu.net is below:

Return-path: <initializationmdnr8327@redarrows.com>Envelope-to: astoned@SPAMTRAP.INVALIDDelivery-date: Thu, 24 Feb 2011 00:47:45 +0100Received: from HOME.XXXXXXXXX.COM ([x.x.x.x])      by mail.ixlab.de with esmtp (Exim 4.69)      (envelope-from <initializationmdnr8327@redarrows.com>)      id 1PsOQp-0004ds-G1; Thu, 24 Feb 2011 00:47:45 +0100Received: from [x.x.x.x] (port=7869 helo=XX.local)      by smtp1a.netintelligence.com with asmtp       id 732001-0008D9-41      for <astone@SPAMTRAP.INVALID>; Thu, 24 Feb 2011 10:47:38 +1000Message-ID: <1C9B7B6C500D4DABAB966EF52B8568AA@XX.local>From: "Edwardo Pope" <initializationmdnr8327@redarrows.com>To: <astone@SPAMTRAP.INVALID>Subject: =?koi8-r?B?V2FudCB0byBicmluZyBzbWlsZSB0byB5b3VyIGxhZHmScyBmYWNlPyBC?=      =?koi8-r?B?dXkgaGVyIHJlcGxpY2EgQ2FydGllciB3YXRjaC4uIFN0aWxsIG92ZXJw?=      =?koi8-r?B?YXkgd2hlbiB5b3UgYnV5IGJyYW5kZWQgd2F0Y2g/IEZvcmdldCBhYm91?=      =?koi8-r?B?dCB0aGF0LCBidXkgY29waWVzLg==?=Date: Thu, 24 Feb 2011 10:47:38 +1000MIME-Version: 1.0Content-Type: multipart/alternative;      boundary="----=_NextPart_000_0005_01CBD3B4.0D7F9470"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Windows Mail 6.0.6001.18000X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Spam: Not detectedX-Mras: OkX-NiX-Spam-Hash2: a9d8bd2da3033af9d90768efd9e59dccX-NiX-Spam-Source-IP: x.x.x.xX-NiX-Spam-MX: mail.ixlab.deX-NiX-Spam-Listed: yes


What's the best plan to identify the source and shut this down?
0
Comment
Question by:JimBurg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Enphyniti earned 500 total points
ID: 34967577
You are likely sending spam, whether your email server is compromised or you have a rogue PC on your network.

first step is to lock down port 25 so that only valid mailservers can use outbound 25.

second step is to go through this article and clean up:

http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:JimBurg
ID: 34968372
How can I lock down port 25? Do you mean on each workstation?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976266
Nope.  Configure your firewall to block port 25 for everything except your mail server's IP.
0
 

Author Comment

by:JimBurg
ID: 34976490
Would the spambots definately be using port 25?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976614
Yes.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question