Solved

blacklisted - help pls

Posted on 2013-01-23
9
247 Views
Last Modified: 2013-03-18
We are blacklisted now and are unable to send out emails.
Our exchange had a relay setup to allow anything to 255.255.255.255 we removed that and we are still getting some machines trying to send out to that broadcast using Port 17500

we r running AV on those machines, please advice what else we could do to prevent this

we have the watch gaurd 330
0
Comment
Question by:Geekah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 12

Assisted Solution

by:michaelgoldsmith
michaelgoldsmith earned 167 total points
ID: 38811168
If you need to get email back up and running asap, ask your ISP if they have a smart host to relay through. Then, change from DNS outbound mail to smart host and you should be fine. Clear up your blacklisting and then switch back to DNS.
0
 

Assisted Solution

by:Tier1Net
Tier1Net earned 167 total points
ID: 38811177
Where are you blacklisted? Have you ran an MXToolbox search to see who has you listed?

If you have access to the firewall, I would suggest blocking port 25 outbound for the entire network except for the Exchange server. Also, your Exchange server should be on a dedicated Public IP address that is separate from that of your Firewall. If you are able, you can switch the WAN IP relatively quickly with NAT to have the Exchange server source from a new WAN IP and it will no longer be blocked.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 166 total points
ID: 38811183
A quick google of this port number lists it as something dropbox uses when it is installed on a pc.  First of all try stopping that from running.

Being banned from mail is probably nothing to do with this.  It normally means you were an open relay and a spammer went thousands or even millions of emails from your system.
If you stop whatever it is then you should go back to being allowed to send in about a week.

Either check the logs on your SMTP (mail) gateway or put a pc on that can monitor all traffic and look for a flood of emails and where they are coming from.

Not much you can do about it - you are blacklisted for a good reason.
Block the hole and you will be allowed to send again.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:Geekah
ID: 38811191
we are still sending out to that ip 255.255.255.255 port 17500.. how do stop it??
i need to stop it first
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811271
Try running WireShark to see if you can find the affected PC(s). Take those off the network and scan them.
0
 

Author Comment

by:Geekah
ID: 38811331
I installed wireshark but would that mean I have to open flow of mail out so I can capture?
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811936
You should be able to see that port. Run wireshark and then filter out that port. You should see that traffic coming from only certain IP addresses.
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 166 total points
ID: 38812109
If there is data on port 17500 going to the broadcast address (255.255.255.255)
then this is not mail.  It is something else.

It may or may not be connected - it is possible it is a virus on a pc that has been sending spam out and this is it calling out to contact other pcs or to contact its main host for instructions - but it is not spam.  Thats not how mails travel.

Run wireshark and connect the pc in a place it can see the traffic.  See what traffic you get - on that port and on the main email port (port 25).  See which local address it is coming from and what it looks like.
0
 

Author Closing Comment

by:Geekah
ID: 38995733
We ended up using postini to get out and it worked

thx
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question