Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 935
  • Last Modified:

SBS 2011: Exchange 2010 server on email blacklist

Hi All,

A customer recently rang to say their emails arent all being sent.  On investigation they are on an emai lblacklist.

I've put a request in to have it removed.  But need help to find out why?

Also, how do I find out how many emails have been sent today?

The Queue only has 15 emails waiting, which are all because of the blacklist.

Any suggestions?

D
0
detox1978
Asked:
detox1978
  • 6
  • 5
6 Solutions
 
s3e3Commented:
The blacklist provider will usually tell you why it was blacklisted.
Open relay is common, check your server's smtp by using the tools on dnsstuff.com

It's hard to tell how many outbound emails are blocked because some receiving servers do not use IP block lists or have less aggressive spam filtering.
If outbound emails are blocked users will get a message on most occasions.
0
 
detox1978Author Commented:
The blacklist company have whitelisted them for 30 days as it's the first time they've appeared on the list.  But it was an automated system that sent a generic email.  You "may" have a virus etc....
0
 
Alan HardistyCo-OwnerCommented:
Which Blacklist(s) did they appear on?

Is port 25 outbound closed off on the firewall from all LAN IPs apart from the SBS 2011 server's IP?  If not - it needs to be.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
detox1978Author Commented:
at the moment there is no ports blocked on the lan and the exchange server accepts from all sources.

Open relay isnt enabled.
0
 
Alan HardistyCo-OwnerCommented:
You should be blocking port 25 outbound for all LAN IP's other than the Exchange server or a virus infected PC will get you blacklisted because you haven't blocked it from sending spam out.

Chances are you have an infected computer and that is why you got blacklisted.

Which Blacklist did you hit?????
0
 
detox1978Author Commented:
They were on BARRACUDA's blacklist
0
 
Alan HardistyCo-OwnerCommented:
Okay - so that would be most likely down to a virus infected computer.

Did you check for Open Relay on your server on http://www.mailradar.com/openrelay/ ?
0
 
detox1978Author Commented:
Thanks for the tips.

Server passed the open relay checks and i've restricted port 25 to the SMTP server.

Are there any checks I can do on the server.  As they were only on one blacklist i'm starting to think they havent done anything to be on there.
0
 
Alan HardistyCo-OwnerCommented:
An outbreak would usually mean you end up on several lists, so they may have been inadvertently listed.

Did you check when the last listing was?  Was it recently?
0
 
detox1978Author Commented:
They noticed some email stopped being sent around 2pm BST and that they were on a blacklist around 4pm.  They applied to be removed around 6pm and were removed soon after.

All emails are working now, but I was hoping to find out how/why they got on the list in the first place.
0
 
Alan HardistyCo-OwnerCommented:
If you can log activity on your firewall then log port 25 activity that is blocked and that may tell you where the problem lies, otherwise you may never know.
0
 
detox1978Author Commented:
thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now