Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

blacklisted - help pls

Posted on 2013-01-23
9
Medium Priority
?
253 Views
Last Modified: 2013-03-18
We are blacklisted now and are unable to send out emails.
Our exchange had a relay setup to allow anything to 255.255.255.255 we removed that and we are still getting some machines trying to send out to that broadcast using Port 17500

we r running AV on those machines, please advice what else we could do to prevent this

we have the watch gaurd 330
0
Comment
Question by:Geekah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 12

Assisted Solution

by:michaelgoldsmith
michaelgoldsmith earned 668 total points
ID: 38811168
If you need to get email back up and running asap, ask your ISP if they have a smart host to relay through. Then, change from DNS outbound mail to smart host and you should be fine. Clear up your blacklisting and then switch back to DNS.
0
 

Assisted Solution

by:Tier1Net
Tier1Net earned 668 total points
ID: 38811177
Where are you blacklisted? Have you ran an MXToolbox search to see who has you listed?

If you have access to the firewall, I would suggest blocking port 25 outbound for the entire network except for the Exchange server. Also, your Exchange server should be on a dedicated Public IP address that is separate from that of your Firewall. If you are able, you can switch the WAN IP relatively quickly with NAT to have the Exchange server source from a new WAN IP and it will no longer be blocked.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 664 total points
ID: 38811183
A quick google of this port number lists it as something dropbox uses when it is installed on a pc.  First of all try stopping that from running.

Being banned from mail is probably nothing to do with this.  It normally means you were an open relay and a spammer went thousands or even millions of emails from your system.
If you stop whatever it is then you should go back to being allowed to send in about a week.

Either check the logs on your SMTP (mail) gateway or put a pc on that can monitor all traffic and look for a flood of emails and where they are coming from.

Not much you can do about it - you are blacklisted for a good reason.
Block the hole and you will be allowed to send again.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:Geekah
ID: 38811191
we are still sending out to that ip 255.255.255.255 port 17500.. how do stop it??
i need to stop it first
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811271
Try running WireShark to see if you can find the affected PC(s). Take those off the network and scan them.
0
 

Author Comment

by:Geekah
ID: 38811331
I installed wireshark but would that mean I have to open flow of mail out so I can capture?
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811936
You should be able to see that port. Run wireshark and then filter out that port. You should see that traffic coming from only certain IP addresses.
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 664 total points
ID: 38812109
If there is data on port 17500 going to the broadcast address (255.255.255.255)
then this is not mail.  It is something else.

It may or may not be connected - it is possible it is a virus on a pc that has been sending spam out and this is it calling out to contact other pcs or to contact its main host for instructions - but it is not spam.  Thats not how mails travel.

Run wireshark and connect the pc in a place it can see the traffic.  See what traffic you get - on that port and on the main email port (port 25).  See which local address it is coming from and what it looks like.
0
 

Author Closing Comment

by:Geekah
ID: 38995733
We ended up using postini to get out and it worked

thx
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What we learned in Webroot's webinar on multi-vector protection.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question