?
Solved

How to Stop Exchange 2010 server from being blacklisted

Posted on 2011-05-11
13
Medium Priority
?
1,439 Views
Last Modified: 2012-05-11
I have build a exchange 2010 server and it went on production on 9th May and its already blacklisted what am i missing.

Thanks
0
Comment
Question by:Lakshman_Vasu
13 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 35737930
check if you are open relay, also make sure that the ip is clean one, maybe it is black listed from previous installation
0
 
LVL 6

Expert Comment

by:KOTiS
ID: 35737966
Go the easy way... use the Microsoft Exchange Best Practices Analyzer
http://go.microsoft.com/fwlink/?LinkId=34705

also Microsoft Baseline Security Analyzer
http://go.microsoft.com/fwlink/?linkid=17809
0
 
LVL 6

Expert Comment

by:KOTiS
ID: 35737990
You should also be aware of the Exchange 2010 Security Guide, keep a link to it in your browser...
http://technet.microsoft.com/en-us/library/bb691338%28EXCHG.140%29.aspx
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Expert Comment

by:jason_0573
ID: 35738059
This sounds like someone has compromised your Exchange server and is sending spam with your domain name attached. This can be caused from an open SMTP relay on your Exchange server. There are steps to keep this from happening. You will need to secure your server before you contact the DNS servers and domains blacklisting your domain. This MS KB can help you close loopholes and secure your email server by using the network utility "telnet". KB324958 http://support.microsoft.com/kb/324958
0
 
LVL 6

Expert Comment

by:KOTiS
ID: 35738156
jason, the link you give applies to

    Microsoft Windows Small Business Server 2003 Premium Edition
    Microsoft Windows Small Business Server 2003 Standard Edition
    Microsoft Small Business Server 2000 Standard Edition

Vasu is using Exchange 2010
0
 

Author Comment

by:Lakshman_Vasu
ID: 35748978
i tried everything...

Blacklisted for good :-( ,asked for ip change ,

Can Instagate be the culprit its the ant spam.....
0
 
LVL 6

Assisted Solution

by:KOTiS
KOTiS earned 1500 total points
ID: 35752362
Before unlisting your server, you should check if it's an open relay or not. Use one (or all) of the following online tools (enter your mail server's ip address):

http://www.checkor.com/
http://www.spamhelp.org/shopenrelay/
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
http://www.aupads.org/test-relay.html
http://www.rbl.jp/svcheck.php

The IP change may temporarily solve your problem, but if you don't secure your mail server you are going to be listed again in no time...
0
 

Author Comment

by:Lakshman_Vasu
ID: 35752409
220 boatanzania.com ESMTP Fri, 13 May 2011 10:24:17 +0300
HELO ortest.checkor.com
250 boatanzania.com Hello ortest.checkor.com [204.16.252.112]
RSET
250 Reset OK
MAIL FROM: test@checkor.com
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM:
501 MAIL must have an address operand
RCPT TO: test1@checkor.com
503 sender not yet given

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@checkor.com
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: test1@41.188.150.178
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: "test1@test.com"@41.188.150.178
550 authentication required

RSET
250 Reset OK
MAIL FROM: spam@41.188.150.178
250 OK
RCPT TO: @41.188.150.178:spamtest@checkor.com
550 authentication required
0
 

Author Comment

by:Lakshman_Vasu
ID: 35752414
Mail relay testing

Connecting to 41.188.150.178 for relay test...
<<< 220 boatanzania.com ESMTP Fri, 13 May 2011 10:26:20 +0300
>>> HELO antispam-ufrj.pads.ufrj.br
<<< 250 boatanzania.com Hello antispam-ufrj.pads.ufrj.br [146.164.48.5]
Relay test 1

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@antispam-ufrj.pads.ufrj.br>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 2

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@antispam-ufrj.pads.ufrj.br>
<<< 250 OK
>>> RCPT TO:relaytest@antispam-ufrj.pads.ufrj.br
<<< 550 authentication required
Relay test 3

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 4

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 5

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 : domain literals not allowed
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 503 sender not yet given
Relay test 6

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@mail.boatanzania.com>
<<< 250 OK
>>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
<<< 550 authentication required
Relay test 7

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 : domain literals not allowed
>>> RCPT TO:<relaytest%antispam-ufrj.pads.ufrj.br@[41.188.150.178]>
<<< 503-sender not yet given
<<< 503 Too many syntax or protocol errors
Relay test result

I couldn't performed all tests, please test the remote host again.
0
 

Author Comment

by:Lakshman_Vasu
ID: 35752420

Mail relay testing

Connecting to mail.boatanzania.com for anonymous test ...
<<< 220 boatanzania.com ESMTP Fri, 13 May 2011 08:46:20 +0300
>>> HELO www.abuse.net
<<< 250 boatanzania.com Hello www.abuse.net [64.57.183.77]
Relay test 1

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@abuse.net>
<<< 550 64.57.183.77 is not allowed to send mail from abuse.net
Relay test 2

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 authentication required
Relay test 3

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 550 64.57.183.77 is not allowed to send mail from
Relay test 4

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 authentication required
Relay test 5

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[41.188.150.178]>
<<< 501 <spamtest@[41.188.150.178]>: domain literals not allowed
Relay test 6

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@boatanzania.com>
<<< 550 authentication required
Relay test 7

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest%abuse.net@[41.188.150.178]>
<<< 501 <securitytest%abuse.net@[41.188.150.178]>: domain literals not allowed
Relay test 8

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 501 <"securitytest@abuse.net">: recipient address must contain a domain
Relay test 9

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest%abuse.net">
<<< 501 <"securitytest%abuse.net">: recipient address must contain a domain
Relay test 10

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<securitytest@abuse.net@boatanzania.com>
<<< 501 <securitytest@abuse.net@boatanzania.com>: malformed address: @boatanzania.com> may not follow <securitytest@abuse.net
Relay test 11

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@boatanzania.com>
<<< 250 OK
>>> RCPT TO:<"securitytest@abuse.net"@boatanzania.com>
<<< 451 Temporary local problem - please try later
Relay test 12

>>> RSET
<<< 554 Too many nonmail commands
Relay test result

Could not reset connection, test failed.
Return to the relay test page.
Return to the abuse.net home page.
© 1999 I.E.C.C.
0
 

Author Comment

by:Lakshman_Vasu
ID: 35752422
Are these result OK as at the end some test say reset cannot be done

Please reply.
0
 
LVL 6

Accepted Solution

by:
KOTiS earned 1500 total points
ID: 35752511
Use this site to check where you are blacklisted

http://www.mxtoolbox.com/blacklists.aspx

Then you can visit those sites to learn more, why your site was blacklisted and how you can prevent it from happening again.
0
 

Author Closing Comment

by:Lakshman_Vasu
ID: 35914402
The server is still getting blacklisted
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question