Solved

Email blacklist -virus?

Posted on 2011-02-23
5
2,249 Views
Last Modified: 2012-06-27
Our email server (SBS 2003) has been blacklisted for hitting spamtraps on the following:

NIXSPAM  LISTED Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Thu, 24 Feb 2011 00:52:02 +0100. Your admin should visit Detail
Return codes were: 127.0.0.2 60 1200
SPAMCOP  LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2100 339
UCEPROTECTL1  LISTED IP x.x.x.x  is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 2100 339

One result from ix.dnsbl.manitu.net is below:

Return-path: <initializationmdnr8327@redarrows.com>Envelope-to: astoned@SPAMTRAP.INVALIDDelivery-date: Thu, 24 Feb 2011 00:47:45 +0100Received: from HOME.XXXXXXXXX.COM ([x.x.x.x])      by mail.ixlab.de with esmtp (Exim 4.69)      (envelope-from <initializationmdnr8327@redarrows.com>)      id 1PsOQp-0004ds-G1; Thu, 24 Feb 2011 00:47:45 +0100Received: from [x.x.x.x] (port=7869 helo=XX.local)      by smtp1a.netintelligence.com with asmtp       id 732001-0008D9-41      for <astone@SPAMTRAP.INVALID>; Thu, 24 Feb 2011 10:47:38 +1000Message-ID: <1C9B7B6C500D4DABAB966EF52B8568AA@XX.local>From: "Edwardo Pope" <initializationmdnr8327@redarrows.com>To: <astone@SPAMTRAP.INVALID>Subject: =?koi8-r?B?V2FudCB0byBicmluZyBzbWlsZSB0byB5b3VyIGxhZHmScyBmYWNlPyBC?=      =?koi8-r?B?dXkgaGVyIHJlcGxpY2EgQ2FydGllciB3YXRjaC4uIFN0aWxsIG92ZXJw?=      =?koi8-r?B?YXkgd2hlbiB5b3UgYnV5IGJyYW5kZWQgd2F0Y2g/IEZvcmdldCBhYm91?=      =?koi8-r?B?dCB0aGF0LCBidXkgY29waWVzLg==?=Date: Thu, 24 Feb 2011 10:47:38 +1000MIME-Version: 1.0Content-Type: multipart/alternative;      boundary="----=_NextPart_000_0005_01CBD3B4.0D7F9470"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Windows Mail 6.0.6001.18000X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Spam: Not detectedX-Mras: OkX-NiX-Spam-Hash2: a9d8bd2da3033af9d90768efd9e59dccX-NiX-Spam-Source-IP: x.x.x.xX-NiX-Spam-MX: mail.ixlab.deX-NiX-Spam-Listed: yes


What's the best plan to identify the source and shut this down?
0
Comment
Question by:JimBurg
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Enphyniti earned 500 total points
ID: 34967577
You are likely sending spam, whether your email server is compromised or you have a rogue PC on your network.

first step is to lock down port 25 so that only valid mailservers can use outbound 25.

second step is to go through this article and clean up:

http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:JimBurg
ID: 34968372
How can I lock down port 25? Do you mean on each workstation?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976266
Nope.  Configure your firewall to block port 25 for everything except your mail server's IP.
0
 

Author Comment

by:JimBurg
ID: 34976490
Would the spambots definately be using port 25?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976614
Yes.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question