How to Stop Exchange 2010 server from being blacklisted

I have build a exchange 2010 server and it went on production on 9th May and its already blacklisted what am i missing.

Thanks
Lakshman_VasuAsked:
Who is Participating?
 
KOTiSCommented:
Use this site to check where you are blacklisted

http://www.mxtoolbox.com/blacklists.aspx

Then you can visit those sites to learn more, why your site was blacklisted and how you can prevent it from happening again.
0
 
BusbarSolutions ArchitectCommented:
check if you are open relay, also make sure that the ip is clean one, maybe it is black listed from previous installation
0
 
KOTiSCommented:
Go the easy way... use the Microsoft Exchange Best Practices Analyzer
http://go.microsoft.com/fwlink/?LinkId=34705

also Microsoft Baseline Security Analyzer
http://go.microsoft.com/fwlink/?linkid=17809
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
KOTiSCommented:
You should also be aware of the Exchange 2010 Security Guide, keep a link to it in your browser...
http://technet.microsoft.com/en-us/library/bb691338%28EXCHG.140%29.aspx
0
 
jason_0573Commented:
This sounds like someone has compromised your Exchange server and is sending spam with your domain name attached. This can be caused from an open SMTP relay on your Exchange server. There are steps to keep this from happening. You will need to secure your server before you contact the DNS servers and domains blacklisting your domain. This MS KB can help you close loopholes and secure your email server by using the network utility "telnet". KB324958 http://support.microsoft.com/kb/324958
0
 
KOTiSCommented:
jason, the link you give applies to

    Microsoft Windows Small Business Server 2003 Premium Edition
    Microsoft Windows Small Business Server 2003 Standard Edition
    Microsoft Small Business Server 2000 Standard Edition

Vasu is using Exchange 2010
0
 
Lakshman_VasuAuthor Commented:
i tried everything...

Blacklisted for good :-( ,asked for ip change ,

Can Instagate be the culprit its the ant spam.....
0
 
KOTiSCommented:
Before unlisting your server, you should check if it's an open relay or not. Use one (or all) of the following online tools (enter your mail server's ip address):

http://www.checkor.com/
http://www.spamhelp.org/shopenrelay/
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
http://www.aupads.org/test-relay.html
http://www.rbl.jp/svcheck.php

The IP change may temporarily solve your problem, but if you don't secure your mail server you are going to be listed again in no time...
0
 
Lakshman_VasuAuthor Commented:
220 boatanzania.com ESMTP Fri, 13 May 2011 10:24:17 +0300
HELO ortest.checkor.com
250 boatanzania.com Hello ortest.checkor.com [204.16.252.112]
RSET
250 Reset OK
MAIL FROM: test@checkor.com
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM:
501 MAIL must have an address operand
RCPT TO: test1@checkor.com
503 sender not yet given

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@41.188.150.178
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: "test1@test.com"@41.188.150.178
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: @41.188.150.178:spamtest@checkor.com
550 authentication required
0
 
Lakshman_VasuAuthor Commented:
Mail relay testing

Connecting to 41.188.150.178 for relay test...
<<< 220 boatanzania.com ESMTP Fri, 13 May 2011 10:26:20 +0300
>>> HELO antispam-ufrj.pads.ufrj.br
<<< 250 boatanzania.com Hello antispam-ufrj.pads.ufrj.br [146.164.48.5]
Relay test 1

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@antispam-ufrj.pads.ufrj.br>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 2

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@antispam-ufrj.pads.ufrj.br>
<<< 250 OK
>>> RCPT TO:relaytest@antispam-ufrj.pads.ufrj.br
<<< 550 authentication required
Relay test 3

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 4

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 5

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 : domain literals not allowed
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 503 sender not yet given
Relay test 6

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@mail.boatanzania.com>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 7

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 : domain literals not allowed
>>> RCPT TO:<relaytest%antispam-ufrj.pads.ufrj.br@[41.188.150.178]>
<<< 503-sender not yet given
<<< 503 Too many syntax or protocol errors
Relay test result

I couldn't performed all tests, please test the remote host again.
0
 
Lakshman_VasuAuthor Commented:

Mail relay testing

Connecting to mail.boatanzania.com for anonymous test ...
<<< 220 boatanzania.com ESMTP Fri, 13 May 2011 08:46:20 +0300
>>> HELO www.abuse.net
<<< 250 boatanzania.com Hello www.abuse.net [64.57.183.77]
Relay test 1

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@abuse.net>
<<< 550 64.57.183.77 is not allowed to send mail from abuse.net
Relay test 2

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 authentication required
Relay test 3

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 550 64.57.183.77 is not allowed to send mail from
Relay test 4

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 authentication required
Relay test 5

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 <spamtest@[41.188.150.178]>: domain literals not allowed
Relay test 6

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@boatanzania.com>
<<< 550 authentication required
Relay test 7

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@[41.188.150.178]>
<<< 501 <securitytest%abuse.net@[41.188.150.178]>: domain literals not allowed
Relay test 8

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 501 <"securitytest@abuse.net">: recipient address must contain a domain
Relay test 9

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest%abuse.net">
<<< 501 <"securitytest%abuse.net">: recipient address must contain a domain
Relay test 10

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net@boatanzania.com>
<<< 501 <securitytest@abuse.net@boatanzania.com>: malformed address: @boatanzania.com> may not follow <securitytest@abuse.net
Relay test 11

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest@abuse.net"@boatanzania.com>
<<< 451 Temporary local problem - please try later
Relay test 12

>>> RSET
<<< 554 Too many nonmail commands
Relay test result

Could not reset connection, test failed.
Return to the relay test page.
Return to the abuse.net home page.
© 1999 I.E.C.C.
0
 
Lakshman_VasuAuthor Commented:
Are these result OK as at the end some test say reset cannot be done

Please reply.
0
 
Lakshman_VasuAuthor Commented:
The server is still getting blacklisted
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.