Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email blacklist -virus?

Posted on 2011-02-23
5
Medium Priority
?
2,356 Views
Last Modified: 2012-06-27
Our email server (SBS 2003) has been blacklisted for hitting spamtraps on the following:

NIXSPAM  LISTED Your e-mail service was detected by mail.ixlab.de (NiX Spam) as spamming at Thu, 24 Feb 2011 00:52:02 +0100. Your admin should visit Detail
Return codes were: 127.0.0.2 60 1200
SPAMCOP  LISTED Blocked - see Detail
Return codes were: 127.0.0.2 2100 339
UCEPROTECTL1  LISTED IP x.x.x.x  is UCEPROTECT-Level 1 listed. See Detail
Return codes were: 127.0.0.2 2100 339

One result from ix.dnsbl.manitu.net is below:

Return-path: <initializationmdnr8327@redarrows.com>Envelope-to: astoned@SPAMTRAP.INVALIDDelivery-date: Thu, 24 Feb 2011 00:47:45 +0100Received: from HOME.XXXXXXXXX.COM ([x.x.x.x])      by mail.ixlab.de with esmtp (Exim 4.69)      (envelope-from <initializationmdnr8327@redarrows.com>)      id 1PsOQp-0004ds-G1; Thu, 24 Feb 2011 00:47:45 +0100Received: from [x.x.x.x] (port=7869 helo=XX.local)      by smtp1a.netintelligence.com with asmtp       id 732001-0008D9-41      for <astone@SPAMTRAP.INVALID>; Thu, 24 Feb 2011 10:47:38 +1000Message-ID: <1C9B7B6C500D4DABAB966EF52B8568AA@XX.local>From: "Edwardo Pope" <initializationmdnr8327@redarrows.com>To: <astone@SPAMTRAP.INVALID>Subject: =?koi8-r?B?V2FudCB0byBicmluZyBzbWlsZSB0byB5b3VyIGxhZHmScyBmYWNlPyBC?=      =?koi8-r?B?dXkgaGVyIHJlcGxpY2EgQ2FydGllciB3YXRjaC4uIFN0aWxsIG92ZXJw?=      =?koi8-r?B?YXkgd2hlbiB5b3UgYnV5IGJyYW5kZWQgd2F0Y2g/IEZvcmdldCBhYm91?=      =?koi8-r?B?dCB0aGF0LCBidXkgY29waWVzLg==?=Date: Thu, 24 Feb 2011 10:47:38 +1000MIME-Version: 1.0Content-Type: multipart/alternative;      boundary="----=_NextPart_000_0005_01CBD3B4.0D7F9470"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Windows Mail 6.0.6001.18000X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049X-Spam: Not detectedX-Mras: OkX-NiX-Spam-Hash2: a9d8bd2da3033af9d90768efd9e59dccX-NiX-Spam-Source-IP: x.x.x.xX-NiX-Spam-MX: mail.ixlab.deX-NiX-Spam-Listed: yes


What's the best plan to identify the source and shut this down?
0
Comment
Question by:JimBurg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Enphyniti earned 2000 total points
ID: 34967577
You are likely sending spam, whether your email server is compromised or you have a rogue PC on your network.

first step is to lock down port 25 so that only valid mailservers can use outbound 25.

second step is to go through this article and clean up:

http://www.amset.info/exchange/spam-cleanup.asp
0
 

Author Comment

by:JimBurg
ID: 34968372
How can I lock down port 25? Do you mean on each workstation?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976266
Nope.  Configure your firewall to block port 25 for everything except your mail server's IP.
0
 

Author Comment

by:JimBurg
ID: 34976490
Would the spambots definately be using port 25?
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 34976614
Yes.
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question