Solved

blacklisted - help pls

Posted on 2013-01-23
9
245 Views
Last Modified: 2013-03-18
We are blacklisted now and are unable to send out emails.
Our exchange had a relay setup to allow anything to 255.255.255.255 we removed that and we are still getting some machines trying to send out to that broadcast using Port 17500

we r running AV on those machines, please advice what else we could do to prevent this

we have the watch gaurd 330
0
Comment
Question by:Geekah
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 12

Assisted Solution

by:michaelgoldsmith
michaelgoldsmith earned 167 total points
ID: 38811168
If you need to get email back up and running asap, ask your ISP if they have a smart host to relay through. Then, change from DNS outbound mail to smart host and you should be fine. Clear up your blacklisting and then switch back to DNS.
0
 

Assisted Solution

by:Tier1Net
Tier1Net earned 167 total points
ID: 38811177
Where are you blacklisted? Have you ran an MXToolbox search to see who has you listed?

If you have access to the firewall, I would suggest blocking port 25 outbound for the entire network except for the Exchange server. Also, your Exchange server should be on a dedicated Public IP address that is separate from that of your Firewall. If you are able, you can switch the WAN IP relatively quickly with NAT to have the Exchange server source from a new WAN IP and it will no longer be blocked.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 166 total points
ID: 38811183
A quick google of this port number lists it as something dropbox uses when it is installed on a pc.  First of all try stopping that from running.

Being banned from mail is probably nothing to do with this.  It normally means you were an open relay and a spammer went thousands or even millions of emails from your system.
If you stop whatever it is then you should go back to being allowed to send in about a week.

Either check the logs on your SMTP (mail) gateway or put a pc on that can monitor all traffic and look for a flood of emails and where they are coming from.

Not much you can do about it - you are blacklisted for a good reason.
Block the hole and you will be allowed to send again.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Geekah
ID: 38811191
we are still sending out to that ip 255.255.255.255 port 17500.. how do stop it??
i need to stop it first
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811271
Try running WireShark to see if you can find the affected PC(s). Take those off the network and scan them.
0
 

Author Comment

by:Geekah
ID: 38811331
I installed wireshark but would that mean I have to open flow of mail out so I can capture?
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811936
You should be able to see that port. Run wireshark and then filter out that port. You should see that traffic coming from only certain IP addresses.
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 166 total points
ID: 38812109
If there is data on port 17500 going to the broadcast address (255.255.255.255)
then this is not mail.  It is something else.

It may or may not be connected - it is possible it is a virus on a pc that has been sending spam out and this is it calling out to contact other pcs or to contact its main host for instructions - but it is not spam.  Thats not how mails travel.

Run wireshark and connect the pc in a place it can see the traffic.  See what traffic you get - on that port and on the main email port (port 25).  See which local address it is coming from and what it looks like.
0
 

Author Closing Comment

by:Geekah
ID: 38995733
We ended up using postini to get out and it worked

thx
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question