Avatar of to2007
to2007
 asked on

Email and IP blacklisted how to clear up

WE have 10 users and an SBS 2008 server wtih 2007 Exchange. We just began to be blacklisted by several of the blakclisting organinzations.  It appears that someone has hijcaked our email addresses and or got into network and is spaming etc.  

I have been out of the cournhtyr with limited email top remote into offide to check it out.  Currently the office obiously recievesinbound mail but outbound appears to mostly be blocked.

THe office runs Symatnec Endpoint but it appears taht the defintions are out of date and no one renewed the license etc.  Plus SYmantec is not necessairly good at catching all this stuff anyway!

I can run scnas with it and also Malwarebytes and Spybot Search and Destroy once back at office.  We need to clean up before getting un-blacklisted.

My qutesiont are has anyoone gone through this and what is is anything the best way to determine what happened and is going on ?   I haven't had to deal with this and am lost at trying to figure out what to do to see what happened and fixed.  Being out of country with limited access remotely to check has also been a pain.

thanks
Anti-Virus AppsAntiSpam

Avatar of undefined
Last Comment
to2007

8/22/2022 - Mon
SOLUTION
Abbas Haidar

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
PaulD77

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
jerseysam

You need to really make sure that your PC's and server are clean.

You need an antivirus package that will scan both PC's and Server.

Suggest maybe Trend Micro.

Kaspersky do a 30-day trial for their Server antivirus. Maybe be worth putting that on and cleaning.

Once you have happy that all machines are clean (hard to tell i know). Then you can ask to be taken off the black lists.

Got to http://www.mxtoolbox.com/SuperTool.aspx

Do a search for your server IP and then check blacklists. You should be able to click on each one that has listed you and get removal instructions.

Be aware though, if you get back in the list straight away its a real pain to get off again.

You could then implement a 3rd party spam blocker such as Trend that will handle mails before they reach your mail server.
to2007

ASKER
Thanks all

Here is what i have done though.

I talked to MxToolbox directly while out of courtry after going to their site and seeing who had blacklisted us.  They said not open relay but someone got in with spam etc.  They told mke they will sell (have trial) service to be spam filter and backup email source just in case but they do not clean anything in the netowrk.

They suggestted that Kaspersky,. Symantec MacAfee etc were uuseless to stop it only to tell you that you got something and scannig with most of them won't work to clean internal machines.

Mxtoolbox was who  suggestted  Malwarebytes and Spybot S&D.

I do know how to have them assist in remo9vig from blacklist or i can gdo that part.

My concern with just IP address new is that i also beleive the domain  name gets blacklisted as well and we can not change that.

We can contract with Mxtoolbox or another spam filter company  but that is not a solution to finindg out what did happen internally and what to best get it cleaned with.

Just no simple all in one cleaning investigative tool for internal network for us small sometimes confused folks!

Any other ideas on the investigtaion and clean up?

Thanks

They should just flat beat the crap out of spammers!
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
to2007

ASKER
All helped in one way or another> what a mess!  Thanks everyone
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23