Solved

Email blacklist -virus?

Posted on 2011-02-23
5
2,276 Views
Last Modified: 2012-06-27
Our email server (SBS 2003) has been blacklisted for hitting spamtraps on the following:

NIXSPAM  LISTED Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Thu, 24 Feb 2011 00:52:02 +0100. Your admin should visit Detail
Return codes were: 127.0.0.2 60 1200
SPAMCOP  LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2100 339
UCEPROTECTL1  LISTED IP x.x.x.x  is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 2100 339

One result from ix.dnsbl.manitu.net is below:

Return-path: <initializationmdnr8327@redarrows.com>Envelope-to: astoned@SPAMTRAP.INVALIDDelivery-date: Thu, 24 Feb 2011 00:47:45 +0100Received: from HOME.XXXXXXXXX.COM ([x.x.x.x])      by mail.ixlab.de with esmtp (Exim 4.69)      (envelope-from <initializationmdnr8327@redarrows.com>)      id 1PsOQp-0004ds-G1; Thu, 24 Feb 2011 00:47:45 +0100Received: from [x.x.x.x] (port=7869 helo=XX.local)      by smtp1a.netintelligence.com with asmtp       id 732001-0008D9-41      for <astone@SPAMTRAP.INVALID>; Thu, 24 Feb 2011 10:47:38 +1000Message-ID: <1C9B7B6C500D4DABAB966EF52B8568AA@XX.local>From: "Edwardo Pope" <initializationmdnr8327@redarrows.com>To: <astone@SPAMTRAP.INVALID>Subject: =?koi8-r?B?V2FudCB0byBicmluZyBzbWlsZSB0byB5b3VyIGxhZHmScyBmYWNlPyBC?=      =?koi8-r?B?dXkgaGVyIHJlcGxpY2EgQ2FydGllciB3YXRjaC4uIFN0aWxsIG92ZXJw?=      =?koi8-r?B?YXkgd2hlbiB5b3UgYnV5IGJyYW5kZWQgd2F0Y2g/IEZvcmdldCBhYm91?=      =?koi8-r?B?dCB0aGF0LCBidXkgY29waWVzLg==?=Date: Thu, 24 Feb 2011 10:47:38 +1000MIME-Version: 1.0Content-Type: multipart/alternative;      boundary="----=_NextPart_000_0005_01CBD3B4.0D7F9470"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Windows Mail 6.0.6001.18000X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Spam: Not detectedX-Mras: OkX-NiX-Spam-Hash2: a9d8bd2da3033af9d90768efd9e59dccX-NiX-Spam-Source-IP: x.x.x.xX-NiX-Spam-MX: mail.ixlab.deX-NiX-Spam-Listed: yes


What's the best plan to identify the source and shut this down?
0
Comment
Question by:JimBurg
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Enphyniti earned 500 total points
ID: 34967577
You are likely sending spam, whether your email server is compromised or you have a rogue PC on your network.

first step is to lock down port 25 so that only valid mailservers can use outbound 25.

second step is to go through this article and clean up:

http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:JimBurg
ID: 34968372
How can I lock down port 25? Do you mean on each workstation?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976266
Nope.  Configure your firewall to block port 25 for everything except your mail server's IP.
0
 

Author Comment

by:JimBurg
ID: 34976490
Would the spambots definately be using port 25?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976614
Yes.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question