Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to remove exchange server that is blacklisted

Posted on 2011-10-07
15
Medium Priority
?
250 Views
Last Modified: 2012-05-12
Our ip address (MX) has been Blacklisted.  We found issues on our domian and corrected them.  all the lists show us clear now but Google and yahoo still will not accept e-mails from us.
I did fill out a form for yahoo but have not been able to find any information on how to contact google (gmail) to get off their blocked list.
this is really urgent for us.
thanks
Wayne
0
Comment
Question by:wlasner
  • 8
  • 7
15 Comments
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36931662
If you haven't already I would use mxtoolbox.com to double check and make sure you're not still on someones list. If you have multiple MX records make sure both are clean.

MO
0
 

Author Comment

by:wlasner
ID: 36931671
yes, we did that and they are all clear now.  Since yesterday morning....  will the other sites like gmail automatically clear after a time out period?
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36932134
Can you post an undeliverable of one message sent to a Yahoo address and one sent to a Gmail address?

MO
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:wlasner
ID: 36932392
Delivery has failed to these recipients or distribution lists:

wlasner@gmail.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: mx.google.com.


Your message did not reach some or all of the intended recipients.
......................................................................................................................................
yahoo

      Subject:      test
      Sent:      10/7/2011 10:58 AM

The following recipient(s) cannot be reached:

      'shahmasroor@yahoo.com' on 10/7/2011 10:58 AM
            None of your e-mail accounts could send to this recipient.
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36932456
0
 

Author Comment

by:wlasner
ID: 36932702
OK, I filled out the forms as best as possibel, we will see.  Any iea how long it take to get off these lists?
0
 

Author Comment

by:wlasner
ID: 36932739
OK, so I have a rule in place that prevents any mail from "postmaster@ablehealthcare.com" from getting out of our system which takes care of the spam issue that caused us to be blocked by these providers.  But - spam is still being generated internal and then crushed by the security applications.

I cannot seem to find the source of it.
Event log:
Event Type:      Warning
Event Source:      Symantec Mail Security for Microsoft Exchange
Event Category:      Content Enforcement Rules
Event ID:      291
Date:            10/7/2011
Time:            2:04:45 PM
User:            N/A
Computer:      EXCH
Description:
The message "Undeliverable: ¿" located in SMTP has violated the following policy settings:
      Scan: Auto-Protect
      Rule: filter by sender
      Violating term(s):
          Postmaster@ablehealthcare.com
The following actions were taken on it:
      The message "Undeliverable: ¿" was marked for Deletion for the following reason(s):
            A Filtering Rule was violated.
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36934529
The delisting can take up to 48 hours.

So back up for a second. The issue that led to this problem is that your exchange server was sending postmaster undeliverable messages to external recipients?

MO
0
 

Author Comment

by:wlasner
ID: 36942422
I seems the most of the outgoing spam was sent by postmaster@ablehealthcare.com (my domain).
To stop the outgoing spam I set a policy in my Mail security for exchange to prevent any mail to be sent by that user name.
The quarentine is empty and the logs have no errors since last week so hopefully I have eliminated the source through virus scans aon all pc's and servers.
It has been almost 5 days, still blocked on both sites (yahoo and google).  
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36942699
Did you investigate why the "postmaster" account was sending out messages? I typically see a flood of these messages if someone external has spammed you with a bunch of ilegitmate alias' on your domain and the postmaster feels obligated to let the spammer know that the addresses don't exist.

I don't think it's a good idea to just simply prevent your postmaster address from sending replies. You're going to hurt yourself down the road when legitimate senders try to send something out and accidentally misspell the recipients address. They won't get a reply from the postmaster letting them know of their mistake.

Instead, I would check to find the real source of the flurry of postmaster messages that landed you on a blacklist. Perhaps tighten up your inbound filtering if the source of the issue is indeed related to a spam blast on your network.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36942708
You might consider subscribing to better cloud based email filtering. We've moved almost all our clients off of Symantec Mail Security for Exchange because it's simply not adequate and uses too much resources.

MO
0
 

Author Comment

by:wlasner
ID: 36942722
could ports 500 and 4500 being open be part of the issue or only port 25?
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 36942735
Unless you have your SMTP listening on ports 500 and 4500 I doubt it. By default the SMTP virtual server listens on TCP25.

Check your tracking logs and search by "postmaster". That will give you an idea of why the postmaster was sending messages out. You might find that it was in reply to a bunch of spam messages.

MO
0
 

Author Comment

by:wlasner
ID: 36942770
we are talking 5k or more a day
0
 
LVL 16

Accepted Solution

by:
Michael Ortega earned 2000 total points
ID: 36942836
All responses to spam I assume. You can turn off postmaster replies from Exchange System Manager. I would then look for better spam filters, e.g. MessageLabs (Symantec cloud service), MXLogic (McAfee cloud service), etc. There are a bunch out there. We even have our own that we maintain provide to our client base.

MO
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question