• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

Blacklisted

We are being blacklisted by 9 different blacklist companies according to mxtoolbox.  They include; Barracuda, CBL, Choon, ivmSIP, LASHBACK, NIXSPAM, SPAMCOP, Spamhaus Zen, UCEPROTECTL1.  Not long after I discovered the problem this morning I had a user call and say their computer is basically under attack.  I have shut down the computer.  What is the best way for me to verify that it was this computer causing the issue?
0
PDIS
Asked:
PDIS
1 Solution
 
TranceboltCommented:
Very difficult... I have had this problem with a few domains/ips...

Its either someone in house doing mass mailers or your outbound security is low so people are spoofing your name.

Barracuda is often one that blocks me...
0
 
AlexiosCommented:
Hello
It is better to remove the HD, add it as a secondary drive to another PC and scan it with updated antivirus and antimalware software.
Some examples
http://www.microsoft.com/security_essentials/
http://www.malwarebytes.org/ 

Write down all possible threats that these programs will find and search them to a virus database. In their decription you will if any of them is causing spamming
0
 
TranceboltCommented:
VEry sound advice, but in my experience nothing  clears bugs out except reformatting and setting up from scratch =D
0
 
PDISAuthor Commented:
I will reformat the computer before I put it back in use.  I'm just trying to verify that this computer is the culprit for us being blacklisted
0
 
xtermCommented:
If you have multiple PCs on a LAN that is using NAT behind one common gateway, then all your outbound emails will appear to originate from a single IP address and there is no way of knowing if the infected machine is the culprit.  Obviously, if the machine has a public static IP, then that will be the IP in the DNSBL listing, but I'm guessing that's not the case for you.

The best thing you can do is put an internal ACL on your switches/routers that denies all outbound SMTP (port 25/tcp) to any IP except for your actual Exchange/SMTP server(s).  This forces systems to relay instead of doing direct-to-MX, and then you can deploy controls on Exchange itself to limit outbound volume.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now