Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Email blacklist -virus?

Posted on 2011-02-23
5
Medium Priority
?
2,382 Views
Last Modified: 2012-06-27
Our email server (SBS 2003) has been blacklisted for hitting spamtraps on the following:

NIXSPAM  LISTED Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Thu, 24 Feb 2011 00:52:02 +0100. Your admin should visit Detail
Return codes were: 127.0.0.2 60 1200
SPAMCOP  LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2100 339
UCEPROTECTL1  LISTED IP x.x.x.x  is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 2100 339

One result from ix.dnsbl.manitu.net is below:

Return-path: <initializationmdnr8327@redarrows.com>Envelope-to: astoned@SPAMTRAP.INVALIDDelivery-date: Thu, 24 Feb 2011 00:47:45 +0100Received: from HOME.XXXXXXXXX.COM ([x.x.x.x])      by mail.ixlab.de with esmtp (Exim 4.69)      (envelope-from <initializationmdnr8327@redarrows.com>)      id 1PsOQp-0004ds-G1; Thu, 24 Feb 2011 00:47:45 +0100Received: from [x.x.x.x] (port=7869 helo=XX.local)      by smtp1a.netintelligence.com with asmtp       id 732001-0008D9-41      for <astone@SPAMTRAP.INVALID>; Thu, 24 Feb 2011 10:47:38 +1000Message-ID: <1C9B7B6C500D4DABAB966EF52B8568AA@XX.local>From: "Edwardo Pope" <initializationmdnr8327@redarrows.com>To: <astone@SPAMTRAP.INVALID>Subject: =?koi8-r?B?V2FudCB0byBicmluZyBzbWlsZSB0byB5b3VyIGxhZHmScyBmYWNlPyBC?=      =?koi8-r?B?dXkgaGVyIHJlcGxpY2EgQ2FydGllciB3YXRjaC4uIFN0aWxsIG92ZXJw?=      =?koi8-r?B?YXkgd2hlbiB5b3UgYnV5IGJyYW5kZWQgd2F0Y2g/IEZvcmdldCBhYm91?=      =?koi8-r?B?dCB0aGF0LCBidXkgY29waWVzLg==?=Date: Thu, 24 Feb 2011 10:47:38 +1000MIME-Version: 1.0Content-Type: multipart/alternative;      boundary="----=_NextPart_000_0005_01CBD3B4.0D7F9470"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Windows Mail 6.0.6001.18000X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Spam: Not detectedX-Mras: OkX-NiX-Spam-Hash2: a9d8bd2da3033af9d90768efd9e59dccX-NiX-Spam-Source-IP: x.x.x.xX-NiX-Spam-MX: mail.ixlab.deX-NiX-Spam-Listed: yes


What's the best plan to identify the source and shut this down?
0
Comment
Question by:JimBurg
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Jon Brelie earned 2000 total points
ID: 34967577
You are likely sending spam, whether your email server is compromised or you have a rogue PC on your network.

first step is to lock down port 25 so that only valid mailservers can use outbound 25.

second step is to go through this article and clean up:

http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:JimBurg
ID: 34968372
How can I lock down port 25? Do you mean on each workstation?
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 34976266
Nope.  Configure your firewall to block port 25 for everything except your mail server's IP.
0
 

Author Comment

by:JimBurg
ID: 34976490
Would the spambots definately be using port 25?
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 34976614
Yes.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question