Black Listed!

elemist
elemist used Ask the Experts™
on
Howdy All,

Once of my customers mail servers appears to have been black listed by a few different places.

I think i've found most of the places where they've been listed and the relevant request to be removed from the list.

However before i can do that i need to find out why they've been blacklisted to begin with. How can i determine what's caused the black listing?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
2nd Line Engineer
Commented:
possible reason would be spam, lots of it.

most of the RBLs should tell you why your servers been listed. ask your customers whether they have received any bounce backs at all. we can analyze those for more info

Author

Commented:
Yeah i'm assuming its a SPAM issue. I've gone through the links for the bounce backs which give the usual list of things - infected machine, incorrectly configured mail server and the likes.

I'm just about to modify the firewall to block all outbound connections on Port 25 except from the mail server. Assuming its not the server itself this should stop the cause.

I've looked through the AV logs but there's nothing much untoward listed and as there's nearly 50 odd computers, some of which are offsite in rural locations it's a bit difficult to physically check for spyware.

Is there a way to find the troublesome machine/machines?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Which blacklists sites were you / are you listed on?

What version of Exchange do they have?  2003 by any chance?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
The two i'm aware of are

Spam Cop
Barracuda Networks

No its sbs 2011 - so Exchange 2010
Alan HardistyCo-Owner
Top Expert 2011
Commented:
Okay - if it is Exch 2010 then it should be a lot safer, so I would imagine a local infection and blocking port 25 as you are doing should prevent this sort of problem from happening again.

Those blacklists will probably identify a generic spam bot on a computer on your network.

Author

Commented:
They both just seam to list generic reasons. I've requested removal from both and hopefully with the port blocking in place it won't happen again.

Thanks for the advice!

Author

Commented:
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial