SBS 2011: Exchange 2010 server on email blacklist

Hi All,

A customer recently rang to say their emails arent all being sent.  On investigation they are on an emai lblacklist.

I've put a request in to have it removed.  But need help to find out why?

Also, how do I find out how many emails have been sent today?

The Queue only has 15 emails waiting, which are all because of the blacklist.

Any suggestions?

D
LVL 2
detox1978Asked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
An outbreak would usually mean you end up on several lists, so they may have been inadvertently listed.

Did you check when the last listing was?  Was it recently?
0
 
s3e3Connect With a Mentor Commented:
The blacklist provider will usually tell you why it was blacklisted.
Open relay is common, check your server's smtp by using the tools on dnsstuff.com

It's hard to tell how many outbound emails are blocked because some receiving servers do not use IP block lists or have less aggressive spam filtering.
If outbound emails are blocked users will get a message on most occasions.
0
 
detox1978Author Commented:
The blacklist company have whitelisted them for 30 days as it's the first time they've appeared on the list.  But it was an automated system that sent a generic email.  You "may" have a virus etc....
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Which Blacklist(s) did they appear on?

Is port 25 outbound closed off on the firewall from all LAN IPs apart from the SBS 2011 server's IP?  If not - it needs to be.
0
 
detox1978Author Commented:
at the moment there is no ports blocked on the lan and the exchange server accepts from all sources.

Open relay isnt enabled.
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
You should be blocking port 25 outbound for all LAN IP's other than the Exchange server or a virus infected PC will get you blacklisted because you haven't blocked it from sending spam out.

Chances are you have an infected computer and that is why you got blacklisted.

Which Blacklist did you hit?????
0
 
detox1978Author Commented:
They were on BARRACUDA's blacklist
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Okay - so that would be most likely down to a virus infected computer.

Did you check for Open Relay on your server on http://www.mailradar.com/openrelay/ ?
0
 
detox1978Author Commented:
Thanks for the tips.

Server passed the open relay checks and i've restricted port 25 to the SMTP server.

Are there any checks I can do on the server.  As they were only on one blacklist i'm starting to think they havent done anything to be on there.
0
 
detox1978Author Commented:
They noticed some email stopped being sent around 2pm BST and that they were on a blacklist around 4pm.  They applied to be removed around 6pm and were removed soon after.

All emails are working now, but I was hoping to find out how/why they got on the list in the first place.
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
If you can log activity on your firewall then log port 25 activity that is blocked and that may tell you where the problem lies, otherwise you may never know.
0
 
detox1978Author Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.