I keep getting listed on CBL for Spam

Posted on 2012-03-22
Last Modified: 2012-04-11
I keep getting blacklisted with the CBL for spam.  I had myself removed 10 hours ago, left my servers unplugged from the network, and I got added again after 5 hours.  My laptop just had the operating system re-installed in the last 2 - 3 weeks.  The only other devices on my network are iPads, iPhones, Xbox 360, an iMac, and an Apple TV.

I'd start going into details about my Exchange server, but it wasn't plugged in the last time I was re-added.  Does anybody have any suggestions for me?
Question by:ITworks
  • 5
  • 4
LVL 35

Expert Comment

by:Ernie Beek
ID: 37752197
Monitor your gateway to see if any other machine on your network than the exchange server is sending mails (which they shouldn't).
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37752231
It's not a good idea and recommended that to delist IP from CBL again and again without cleaning your network.At first you need to be sure that your network is virus free and no spam is generating from your network.

The best way is to set a firewall so that none can send email directly except your mail server.
1. Enter into your gateway router and set:
Permission       Source       Destination    Source Port       Destination Port
Allow             Mail server     Any              Any                    25
Drop             Your network   Any              Any                    25
Allow            Your Network   Any              Any                   Any

2. Configure your Mail server to accept Mail from your network.All of your LAN users should use your Mail server as SMTP.
3. Use anti-virus,Mail Scanner for your Mail Server and also for your network users too.

Author Comment

ID: 37752745
Here's what I've done so far:

3/21 9pm - I've segregated the network.  I turned off half of the devices (both servers, including the Exchange mail server) and then left the iMac and my laptop running.  I was listed again and was specifically told:

3/22 2am 
One way to look for this is to look for 
authenticated outbound SMTP connections 
from this IP address either on port 25 or 
port 587. This particular detection was of 
a SMTP connection made from your IP 
address to IP address

Open in new window

3/22 7:55am I ran a NETSTAT -A on my work computer and saw no connections to that IP address.
3/22 8am I just turned off my iMac before delisting again, 2+ hours ago.
3/22 9:30am Contacted Time Warner Cable and requested Reverse DNS be configured for my IP address to my domain name (
3/22 10am Spoke with and they said it sounds like I've tested everything I can so far, then they suggested buying something from them.

My current router is a Linksys E2500.  It's a home-office, so I never looked into getting anything like a Sonicwall or Juniper NetScreen.  The Linksys E2500 does not allow me to monitor traffic, or prevent any Outbound traffic.
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

LVL 11

Accepted Solution

Khandakar Ashfaqur Rahman earned 500 total points
ID: 37752879
Log into your router.Click on 'Administration" tab then 'Log'.Enable Log and check outgoing log.It'll show you which IP is sending SMTP traffic directly.Collect the IP or MAC block into your router.And scan that machine using updated anti-virus.You can block specific computer(s) and service(s) from "Access Restriction" tab

Author Comment

ID: 37761369
I'm not seeing any devices in my network sending SMTP traffic using my Linksys router's log file.

I've been using GFI Max MailProtection for inbound filtering and never thought to configure outbound filtering.  Would configuring the outbound filtering (configuring a SmartHost through the SMTP connector in Exchange) allow the mail from my Exchange server to be spam filtered, and then sent out?

I'm not entirely sure how this stuff works, but I'm definitely working on proactive steps to kick this problem's butt.  I'm also looking at setting up a spare computer with pfsense.  I'm told very good things about it by several local IT buddies, and it looks as though I can configure the traffic to move exactly how I want using this system.

LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761444
From the CBL log it says, spam sending on 25 or 587 port.And your IP will be listed for sending spam not for receiving spam.

It's always better to block 25  and 587 port into your gateway for your Local LAN except your Exchange server.

For an example, if your LAN is and your Mail server is then:

Block all destination port 25 and 587

You Linksys router has this feature.

It means all network computers will send email through your email server.If any computer tries to send email directly it can't because gateway will block this connection.Your email server has updated scanner and it'll scan before sending any mail.You don't need to configure anything into your mail server.

Author Comment

ID: 37761448
I cannot find this feature on the Linksys E2500 router.  Where is it at?
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761453
Go to Access Restrictions tab.Then Edit list of PC range.
Add /edit service.
Allow or deny.

Author Comment

ID: 37761461
I do not have an Access Restrictions tab.

Setup | Wireless | Security | Access Policy (all it has is parental controls) | Applications & Gaming (inbound port forwarding) | Administration | Status
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761513
So, E2500 has difference here !!

Might be you need to upgrade your firmware version or set up an open source firewall.You could go for pfense or Smoothwall.


Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question