Solved

blacklisted - help pls

Posted on 2013-01-23
9
243 Views
Last Modified: 2013-03-18
We are blacklisted now and are unable to send out emails.
Our exchange had a relay setup to allow anything to 255.255.255.255 we removed that and we are still getting some machines trying to send out to that broadcast using Port 17500

we r running AV on those machines, please advice what else we could do to prevent this

we have the watch gaurd 330
0
Comment
Question by:Geekah
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 12

Assisted Solution

by:michaelgoldsmith
michaelgoldsmith earned 167 total points
ID: 38811168
If you need to get email back up and running asap, ask your ISP if they have a smart host to relay through. Then, change from DNS outbound mail to smart host and you should be fine. Clear up your blacklisting and then switch back to DNS.
0
 

Assisted Solution

by:Tier1Net
Tier1Net earned 167 total points
ID: 38811177
Where are you blacklisted? Have you ran an MXToolbox search to see who has you listed?

If you have access to the firewall, I would suggest blocking port 25 outbound for the entire network except for the Exchange server. Also, your Exchange server should be on a dedicated Public IP address that is separate from that of your Firewall. If you are able, you can switch the WAN IP relatively quickly with NAT to have the Exchange server source from a new WAN IP and it will no longer be blocked.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 166 total points
ID: 38811183
A quick google of this port number lists it as something dropbox uses when it is installed on a pc.  First of all try stopping that from running.

Being banned from mail is probably nothing to do with this.  It normally means you were an open relay and a spammer went thousands or even millions of emails from your system.
If you stop whatever it is then you should go back to being allowed to send in about a week.

Either check the logs on your SMTP (mail) gateway or put a pc on that can monitor all traffic and look for a flood of emails and where they are coming from.

Not much you can do about it - you are blacklisted for a good reason.
Block the hole and you will be allowed to send again.
0
 

Author Comment

by:Geekah
ID: 38811191
we are still sending out to that ip 255.255.255.255 port 17500.. how do stop it??
i need to stop it first
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811271
Try running WireShark to see if you can find the affected PC(s). Take those off the network and scan them.
0
 

Author Comment

by:Geekah
ID: 38811331
I installed wireshark but would that mean I have to open flow of mail out so I can capture?
0
 
LVL 12

Expert Comment

by:michaelgoldsmith
ID: 38811936
You should be able to see that port. Run wireshark and then filter out that port. You should see that traffic coming from only certain IP addresses.
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 166 total points
ID: 38812109
If there is data on port 17500 going to the broadcast address (255.255.255.255)
then this is not mail.  It is something else.

It may or may not be connected - it is possible it is a virus on a pc that has been sending spam out and this is it calling out to contact other pcs or to contact its main host for instructions - but it is not spam.  Thats not how mails travel.

Run wireshark and connect the pc in a place it can see the traffic.  See what traffic you get - on that port and on the main email port (port 25).  See which local address it is coming from and what it looks like.
0
 

Author Closing Comment

by:Geekah
ID: 38995733
We ended up using postini to get out and it worked

thx
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now