Solved

I keep getting listed on CBL for Spam

Posted on 2012-03-22
10
834 Views
Last Modified: 2012-04-11
I keep getting blacklisted with the CBL for spam.  I had myself removed 10 hours ago, left my servers unplugged from the network, and I got added again after 5 hours.  My laptop just had the operating system re-installed in the last 2 - 3 weeks.  The only other devices on my network are iPads, iPhones, Xbox 360, an iMac, and an Apple TV.

I'd start going into details about my Exchange server, but it wasn't plugged in the last time I was re-added.  Does anybody have any suggestions for me?
0
Comment
Question by:ITworks
  • 5
  • 4
10 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37752197
Monitor your gateway to see if any other machine on your network than the exchange server is sending mails (which they shouldn't).
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37752231
It's not a good idea and recommended that to delist IP from CBL again and again without cleaning your network.At first you need to be sure that your network is virus free and no spam is generating from your network.

The best way is to set a firewall so that none can send email directly except your mail server.
1. Enter into your gateway router and set:
Permission       Source       Destination    Source Port       Destination Port
Allow             Mail server     Any              Any                    25
Drop             Your network   Any              Any                    25
Allow            Your Network   Any              Any                   Any

2. Configure your Mail server to accept Mail from your network.All of your LAN users should use your Mail server as SMTP.
3. Use anti-virus,Mail Scanner for your Mail Server and also for your network users too.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37752745
Here's what I've done so far:

3/21 9pm - I've segregated the network.  I turned off half of the devices (both servers, including the Exchange mail server) and then left the iMac and my laptop running.  I was listed again and was specifically told:

3/22 2am 
One way to look for this is to look for 
authenticated outbound SMTP connections 
from this IP address either on port 25 or 
port 587. This particular detection was of 
a SMTP connection made from your IP 
address to IP address 194.209.165.183.

Open in new window


3/22 7:55am I ran a NETSTAT -A on my work computer and saw no connections to that IP address.
3/22 8am I just turned off my iMac before delisting again, 2+ hours ago.
3/22 9:30am Contacted Time Warner Cable and requested Reverse DNS be configured for my IP address to my domain name (ITworksLLC.net)
3/22 10am Spoke with MXToolbox.com and they said it sounds like I've tested everything I can so far, then they suggested buying something from them.

My current router is a Linksys E2500.  It's a home-office, so I never looked into getting anything like a Sonicwall or Juniper NetScreen.  The Linksys E2500 does not allow me to monitor traffic, or prevent any Outbound traffic.
0
 
LVL 11

Accepted Solution

by:
Khandakar Ashfaqur Rahman earned 500 total points
ID: 37752879
Log into your router.Click on 'Administration" tab then 'Log'.Enable Log and check outgoing log.It'll show you which IP is sending SMTP traffic directly.Collect the IP or MAC block into your router.And scan that machine using updated anti-virus.You can block specific computer(s) and service(s) from "Access Restriction" tab
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761369
I'm not seeing any devices in my network sending SMTP traffic using my Linksys router's log file.

I've been using GFI Max MailProtection for inbound filtering and never thought to configure outbound filtering.  Would configuring the outbound filtering (configuring a SmartHost through the SMTP connector in Exchange) allow the mail from my Exchange server to be spam filtered, and then sent out?

I'm not entirely sure how this stuff works, but I'm definitely working on proactive steps to kick this problem's butt.  I'm also looking at setting up a spare computer with pfsense.  I'm told very good things about it by several local IT buddies, and it looks as though I can configure the traffic to move exactly how I want using this system.

Thoughts?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761444
From the CBL log it says, spam sending on 25 or 587 port.And your IP will be listed for sending spam not for receiving spam.

It's always better to block 25  and 587 port into your gateway for your Local LAN except your Exchange server.

For an example, if your LAN is 192.168.0.0/24 and your Mail server is 192.168.0.2 then:

Allow 192.168.0.2
Block all 192.168.0.0/24 destination port 25 and 587

You Linksys router has this feature.

It means all network computers will send email through your email server.If any computer tries to send email directly it can't because gateway will block this connection.Your email server has updated scanner and it'll scan before sending any mail.You don't need to configure anything into your mail server.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761448
I cannot find this feature on the Linksys E2500 router.  Where is it at?
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761453
Go to Access Restrictions tab.Then Edit list of PC range.
Add /edit service.
Allow or deny.
0
 
LVL 4

Author Comment

by:ITworks
ID: 37761461
I do not have an Access Restrictions tab.

Setup | Wireless | Security | Access Policy (all it has is parental controls) | Applications & Gaming (inbound port forwarding) | Administration | Status
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37761513
So, E2500 has difference here !!

Might be you need to upgrade your firmware version or set up an open source firewall.You could go for pfense or Smoothwall.
http://www.smoothwall.org/

Thanks.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now