I keep getting listed on CBL for Spam

Posted on 2012-03-22
Last Modified: 2012-04-11
I keep getting blacklisted with the CBL for spam.  I had myself removed 10 hours ago, left my servers unplugged from the network, and I got added again after 5 hours.  My laptop just had the operating system re-installed in the last 2 - 3 weeks.  The only other devices on my network are iPads, iPhones, Xbox 360, an iMac, and an Apple TV.

I'd start going into details about my Exchange server, but it wasn't plugged in the last time I was re-added.  Does anybody have any suggestions for me?
Question by:ITworks
  • 5
  • 4
LVL 35

Expert Comment

by:Ernie Beek
ID: 37752197
Monitor your gateway to see if any other machine on your network than the exchange server is sending mails (which they shouldn't).
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37752231
It's not a good idea and recommended that to delist IP from CBL again and again without cleaning your network.At first you need to be sure that your network is virus free and no spam is generating from your network.

The best way is to set a firewall so that none can send email directly except your mail server.
1. Enter into your gateway router and set:
Permission       Source       Destination    Source Port       Destination Port
Allow             Mail server     Any              Any                    25
Drop             Your network   Any              Any                    25
Allow            Your Network   Any              Any                   Any

2. Configure your Mail server to accept Mail from your network.All of your LAN users should use your Mail server as SMTP.
3. Use anti-virus,Mail Scanner for your Mail Server and also for your network users too.

Author Comment

ID: 37752745
Here's what I've done so far:

3/21 9pm - I've segregated the network.  I turned off half of the devices (both servers, including the Exchange mail server) and then left the iMac and my laptop running.  I was listed again and was specifically told:

3/22 2am 
One way to look for this is to look for 
authenticated outbound SMTP connections 
from this IP address either on port 25 or 
port 587. This particular detection was of 
a SMTP connection made from your IP 
address to IP address

Open in new window

3/22 7:55am I ran a NETSTAT -A on my work computer and saw no connections to that IP address.
3/22 8am I just turned off my iMac before delisting again, 2+ hours ago.
3/22 9:30am Contacted Time Warner Cable and requested Reverse DNS be configured for my IP address to my domain name (
3/22 10am Spoke with and they said it sounds like I've tested everything I can so far, then they suggested buying something from them.

My current router is a Linksys E2500.  It's a home-office, so I never looked into getting anything like a Sonicwall or Juniper NetScreen.  The Linksys E2500 does not allow me to monitor traffic, or prevent any Outbound traffic.
LVL 11

Accepted Solution

Khandakar Ashfaqur Rahman earned 500 total points
ID: 37752879
Log into your router.Click on 'Administration" tab then 'Log'.Enable Log and check outgoing log.It'll show you which IP is sending SMTP traffic directly.Collect the IP or MAC block into your router.And scan that machine using updated anti-virus.You can block specific computer(s) and service(s) from "Access Restriction" tab

Author Comment

ID: 37761369
I'm not seeing any devices in my network sending SMTP traffic using my Linksys router's log file.

I've been using GFI Max MailProtection for inbound filtering and never thought to configure outbound filtering.  Would configuring the outbound filtering (configuring a SmartHost through the SMTP connector in Exchange) allow the mail from my Exchange server to be spam filtered, and then sent out?

I'm not entirely sure how this stuff works, but I'm definitely working on proactive steps to kick this problem's butt.  I'm also looking at setting up a spare computer with pfsense.  I'm told very good things about it by several local IT buddies, and it looks as though I can configure the traffic to move exactly how I want using this system.

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761444
From the CBL log it says, spam sending on 25 or 587 port.And your IP will be listed for sending spam not for receiving spam.

It's always better to block 25  and 587 port into your gateway for your Local LAN except your Exchange server.

For an example, if your LAN is and your Mail server is then:

Block all destination port 25 and 587

You Linksys router has this feature.

It means all network computers will send email through your email server.If any computer tries to send email directly it can't because gateway will block this connection.Your email server has updated scanner and it'll scan before sending any mail.You don't need to configure anything into your mail server.

Author Comment

ID: 37761448
I cannot find this feature on the Linksys E2500 router.  Where is it at?
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761453
Go to Access Restrictions tab.Then Edit list of PC range.
Add /edit service.
Allow or deny.

Author Comment

ID: 37761461
I do not have an Access Restrictions tab.

Setup | Wireless | Security | Access Policy (all it has is parental controls) | Applications & Gaming (inbound port forwarding) | Administration | Status
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761513
So, E2500 has difference here !!

Might be you need to upgrade your firmware version or set up an open source firewall.You could go for pfense or Smoothwall.


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now