I keep getting listed on CBL for Spam

I keep getting blacklisted with the CBL for spam.  I had myself removed 10 hours ago, left my servers unplugged from the network, and I got added again after 5 hours.  My laptop just had the operating system re-installed in the last 2 - 3 weeks.  The only other devices on my network are iPads, iPhones, Xbox 360, an iMac, and an Apple TV.

I'd start going into details about my Exchange server, but it wasn't plugged in the last time I was re-added.  Does anybody have any suggestions for me?
LVL 4
ITworksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
Monitor your gateway to see if any other machine on your network than the exchange server is sending mails (which they shouldn't).
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
It's not a good idea and recommended that to delist IP from CBL again and again without cleaning your network.At first you need to be sure that your network is virus free and no spam is generating from your network.

The best way is to set a firewall so that none can send email directly except your mail server.
1. Enter into your gateway router and set:
Permission       Source       Destination    Source Port       Destination Port
Allow             Mail server     Any              Any                    25
Drop             Your network   Any              Any                    25
Allow            Your Network   Any              Any                   Any

2. Configure your Mail server to accept Mail from your network.All of your LAN users should use your Mail server as SMTP.
3. Use anti-virus,Mail Scanner for your Mail Server and also for your network users too.
0
ITworksAuthor Commented:
Here's what I've done so far:

3/21 9pm - I've segregated the network.  I turned off half of the devices (both servers, including the Exchange mail server) and then left the iMac and my laptop running.  I was listed again and was specifically told:

3/22 2am 
One way to look for this is to look for 
authenticated outbound SMTP connections 
from this IP address either on port 25 or 
port 587. This particular detection was of 
a SMTP connection made from your IP 
address to IP address 194.209.165.183.

Open in new window


3/22 7:55am I ran a NETSTAT -A on my work computer and saw no connections to that IP address.
3/22 8am I just turned off my iMac before delisting again, 2+ hours ago.
3/22 9:30am Contacted Time Warner Cable and requested Reverse DNS be configured for my IP address to my domain name (ITworksLLC.net)
3/22 10am Spoke with MXToolbox.com and they said it sounds like I've tested everything I can so far, then they suggested buying something from them.

My current router is a Linksys E2500.  It's a home-office, so I never looked into getting anything like a Sonicwall or Juniper NetScreen.  The Linksys E2500 does not allow me to monitor traffic, or prevent any Outbound traffic.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Log into your router.Click on 'Administration" tab then 'Log'.Enable Log and check outgoing log.It'll show you which IP is sending SMTP traffic directly.Collect the IP or MAC block into your router.And scan that machine using updated anti-virus.You can block specific computer(s) and service(s) from "Access Restriction" tab
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ITworksAuthor Commented:
I'm not seeing any devices in my network sending SMTP traffic using my Linksys router's log file.

I've been using GFI Max MailProtection for inbound filtering and never thought to configure outbound filtering.  Would configuring the outbound filtering (configuring a SmartHost through the SMTP connector in Exchange) allow the mail from my Exchange server to be spam filtered, and then sent out?

I'm not entirely sure how this stuff works, but I'm definitely working on proactive steps to kick this problem's butt.  I'm also looking at setting up a spare computer with pfsense.  I'm told very good things about it by several local IT buddies, and it looks as though I can configure the traffic to move exactly how I want using this system.

Thoughts?
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
From the CBL log it says, spam sending on 25 or 587 port.And your IP will be listed for sending spam not for receiving spam.

It's always better to block 25  and 587 port into your gateway for your Local LAN except your Exchange server.

For an example, if your LAN is 192.168.0.0/24 and your Mail server is 192.168.0.2 then:

Allow 192.168.0.2
Block all 192.168.0.0/24 destination port 25 and 587

You Linksys router has this feature.

It means all network computers will send email through your email server.If any computer tries to send email directly it can't because gateway will block this connection.Your email server has updated scanner and it'll scan before sending any mail.You don't need to configure anything into your mail server.
0
ITworksAuthor Commented:
I cannot find this feature on the Linksys E2500 router.  Where is it at?
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
Go to Access Restrictions tab.Then Edit list of PC range.
Add /edit service.
Allow or deny.
0
ITworksAuthor Commented:
I do not have an Access Restrictions tab.

Setup | Wireless | Security | Access Policy (all it has is parental controls) | Applications & Gaming (inbound port forwarding) | Administration | Status
0
Khandakar Ashfaqur RahmanExpert/ConsultantCommented:
So, E2500 has difference here !!

Might be you need to upgrade your firmware version or set up an open source firewall.You could go for pfense or Smoothwall.
http://www.smoothwall.org/

Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.