Link to home
Start Free TrialLog in
Avatar of Bob
BobFlag for United States of America

asked on

Email and IP blacklisted how to clear up

WE have 10 users and an SBS 2008 server wtih 2007 Exchange. We just began to be blacklisted by several of the blakclisting organinzations.  It appears that someone has hijcaked our email addresses and or got into network and is spaming etc.  

I have been out of the cournhtyr with limited email top remote into offide to check it out.  Currently the office obiously recievesinbound mail but outbound appears to mostly be blocked.

THe office runs Symatnec Endpoint but it appears taht the defintions are out of date and no one renewed the license etc.  Plus SYmantec is not necessairly good at catching all this stuff anyway!

I can run scnas with it and also Malwarebytes and Spybot Search and Destroy once back at office.  We need to clean up before getting un-blacklisted.

My qutesiont are has anyoone gone through this and what is is anything the best way to determine what happened and is going on ?   I haven't had to deal with this and am lost at trying to figure out what to do to see what happened and fixed.  Being out of country with limited access remotely to check has also been a pain.

thanks
SOLUTION
Avatar of Abbas Haidar
Abbas Haidar
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jerseysam
You need to really make sure that your PC's and server are clean.

You need an antivirus package that will scan both PC's and Server.

Suggest maybe Trend Micro.

Kaspersky do a 30-day trial for their Server antivirus. Maybe be worth putting that on and cleaning.

Once you have happy that all machines are clean (hard to tell i know). Then you can ask to be taken off the black lists.

Got to http://www.mxtoolbox.com/SuperTool.aspx

Do a search for your server IP and then check blacklists. You should be able to click on each one that has listed you and get removal instructions.

Be aware though, if you get back in the list straight away its a real pain to get off again.

You could then implement a 3rd party spam blocker such as Trend that will handle mails before they reach your mail server.
Avatar of Bob

ASKER

Thanks all

Here is what i have done though.

I talked to MxToolbox directly while out of courtry after going to their site and seeing who had blacklisted us.  They said not open relay but someone got in with spam etc.  They told mke they will sell (have trial) service to be spam filter and backup email source just in case but they do not clean anything in the netowrk.

They suggestted that Kaspersky,. Symantec MacAfee etc were uuseless to stop it only to tell you that you got something and scannig with most of them won't work to clean internal machines.

Mxtoolbox was who  suggestted  Malwarebytes and Spybot S&D.

I do know how to have them assist in remo9vig from blacklist or i can gdo that part.

My concern with just IP address new is that i also beleive the domain  name gets blacklisted as well and we can not change that.

We can contract with Mxtoolbox or another spam filter company  but that is not a solution to finindg out what did happen internally and what to best get it cleaned with.

Just no simple all in one cleaning investigative tool for internal network for us small sometimes confused folks!

Any other ideas on the investigtaion and clean up?

Thanks

They should just flat beat the crap out of spammers!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bob

ASKER

All helped in one way or another> what a mess!  Thanks everyone