[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

I keep getting listed on CBL for Spam

Posted on 2012-03-22
10
Medium Priority
?
873 Views
Last Modified: 2012-04-11
I keep getting blacklisted with the CBL for spam.  I had myself removed 10 hours ago, left my servers unplugged from the network, and I got added again after 5 hours.  My laptop just had the operating system re-installed in the last 2 - 3 weeks.  The only other devices on my network are iPads, iPhones, Xbox 360, an iMac, and an Apple TV.

I'd start going into details about my Exchange server, but it wasn't plugged in the last time I was re-added.  Does anybody have any suggestions for me?
0
Comment
Question by:ITworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37752197
Monitor your gateway to see if any other machine on your network than the exchange server is sending mails (which they shouldn't).
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37752231
It's not a good idea and recommended that to delist IP from CBL again and again without cleaning your network.At first you need to be sure that your network is virus free and no spam is generating from your network.

The best way is to set a firewall so that none can send email directly except your mail server.
1. Enter into your gateway router and set:
Permission       Source       Destination    Source Port       Destination Port
Allow             Mail server     Any              Any                    25
Drop             Your network   Any              Any                    25
Allow            Your Network   Any              Any                   Any

2. Configure your Mail server to accept Mail from your network.All of your LAN users should use your Mail server as SMTP.
3. Use anti-virus,Mail Scanner for your Mail Server and also for your network users too.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37752745
Here's what I've done so far:

3/21 9pm - I've segregated the network.  I turned off half of the devices (both servers, including the Exchange mail server) and then left the iMac and my laptop running.  I was listed again and was specifically told:

3/22 2am 
One way to look for this is to look for 
authenticated outbound SMTP connections 
from this IP address either on port 25 or 
port 587. This particular detection was of 
a SMTP connection made from your IP 
address to IP address 194.209.165.183.

Open in new window


3/22 7:55am I ran a NETSTAT -A on my work computer and saw no connections to that IP address.
3/22 8am I just turned off my iMac before delisting again, 2+ hours ago.
3/22 9:30am Contacted Time Warner Cable and requested Reverse DNS be configured for my IP address to my domain name (ITworksLLC.net)
3/22 10am Spoke with MXToolbox.com and they said it sounds like I've tested everything I can so far, then they suggested buying something from them.

My current router is a Linksys E2500.  It's a home-office, so I never looked into getting anything like a Sonicwall or Juniper NetScreen.  The Linksys E2500 does not allow me to monitor traffic, or prevent any Outbound traffic.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Accepted Solution

by:
Khandakar Ashfaqur Rahman earned 1500 total points
ID: 37752879
Log into your router.Click on 'Administration" tab then 'Log'.Enable Log and check outgoing log.It'll show you which IP is sending SMTP traffic directly.Collect the IP or MAC block into your router.And scan that machine using updated anti-virus.You can block specific computer(s) and service(s) from "Access Restriction" tab
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761369
I'm not seeing any devices in my network sending SMTP traffic using my Linksys router's log file.

I've been using GFI Max MailProtection for inbound filtering and never thought to configure outbound filtering.  Would configuring the outbound filtering (configuring a SmartHost through the SMTP connector in Exchange) allow the mail from my Exchange server to be spam filtered, and then sent out?

I'm not entirely sure how this stuff works, but I'm definitely working on proactive steps to kick this problem's butt.  I'm also looking at setting up a spare computer with pfsense.  I'm told very good things about it by several local IT buddies, and it looks as though I can configure the traffic to move exactly how I want using this system.

Thoughts?
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761444
From the CBL log it says, spam sending on 25 or 587 port.And your IP will be listed for sending spam not for receiving spam.

It's always better to block 25  and 587 port into your gateway for your Local LAN except your Exchange server.

For an example, if your LAN is 192.168.0.0/24 and your Mail server is 192.168.0.2 then:

Allow 192.168.0.2
Block all 192.168.0.0/24 destination port 25 and 587

You Linksys router has this feature.

It means all network computers will send email through your email server.If any computer tries to send email directly it can't because gateway will block this connection.Your email server has updated scanner and it'll scan before sending any mail.You don't need to configure anything into your mail server.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761448
I cannot find this feature on the Linksys E2500 router.  Where is it at?
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761453
Go to Access Restrictions tab.Then Edit list of PC range.
Add /edit service.
Allow or deny.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761461
I do not have an Access Restrictions tab.

Setup | Wireless | Security | Access Policy (all it has is parental controls) | Applications & Gaming (inbound port forwarding) | Administration | Status
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761513
So, E2500 has difference here !!

Might be you need to upgrade your firmware version or set up an open source firewall.You could go for pfense or Smoothwall.
http://www.smoothwall.org/

Thanks.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question