Jezza1505
asked on
ISP denied send ability due to SPAM increase using Exchange 2007
Hi
Our ISP has blocked use of our send ability. presumably someone is relaying SPAM through our server. I have checked all AV and malware software is up to date on each of our clients (about 15) but the SPAM is still being queued. Is there a way to find where this is coming from as they wont give us a connection until it is resolved. The messages in the Exchange queue all have the from address as <> and they are all SPAM. We are generating about 100 per hour.
Is it worth changing the user passwords on the server ?
Is it just a server issue or could the clients be causing the problem - if so would disconnecting the clients help the problem ?
I am not overly technical so if anyone is able to offer any suggestions please keep them simple.
Thanks
Jeremy
Our ISP has blocked use of our send ability. presumably someone is relaying SPAM through our server. I have checked all AV and malware software is up to date on each of our clients (about 15) but the SPAM is still being queued. Is there a way to find where this is coming from as they wont give us a connection until it is resolved. The messages in the Exchange queue all have the from address as <> and they are all SPAM. We are generating about 100 per hour.
Is it worth changing the user passwords on the server ?
Is it just a server issue or could the clients be causing the problem - if so would disconnecting the clients help the problem ?
I am not overly technical so if anyone is able to offer any suggestions please keep them simple.
Thanks
Jeremy
best start monitoring your exchange server wireshark. Before capturing, clear the queue. Port 25 messages are easily read, but it it's originating from an Outlook client, it's much harder to read. just ask everyone to leave their PC alone for a while and check email activity in the server. if nothing happens, it could be that the spam starts generating only after Outlook is used.So then ask users to start Outlook and leave the pc alone.
If the machine is affected by Bot or any other malware this issue will occur.
How about your Public IP is it black listed? and how about the IP reputation?
Go to www.mxtoolbox.com enter your IP address under Black list section and check.
If your Public IP is black listed then you need to delist by contacting your ISP or by contacting the concern RBL, like Barracuda,CBL etc.
After this your email flow will start working. Again run virus scan in your server and ensure the server is not affected by spyware, malware etc.
Regards
Imran Shariff
How about your Public IP is it black listed? and how about the IP reputation?
Go to www.mxtoolbox.com enter your IP address under Black list section and check.
If your Public IP is black listed then you need to delist by contacting your ISP or by contacting the concern RBL, like Barracuda,CBL etc.
After this your email flow will start working. Again run virus scan in your server and ensure the server is not affected by spyware, malware etc.
Regards
Imran Shariff
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our IT consultant fixed the problem and I am unsure as to what he actually did.
http://semb.ee/filterunknown
If it was authenticated relaying then I would expect to see actual from addresses rather than <>
Simon.