Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Blacklisted

Posted on 2013-12-09
5
Medium Priority
?
326 Views
Last Modified: 2013-12-09
We are being blacklisted by 9 different blacklist companies according to mxtoolbox.  They include; Barracuda, CBL, Choon, ivmSIP, LASHBACK, NIXSPAM, SPAMCOP, Spamhaus Zen, UCEPROTECTL1.  Not long after I discovered the problem this morning I had a user call and say their computer is basically under attack.  I have shut down the computer.  What is the best way for me to verify that it was this computer causing the issue?
0
Comment
Question by:PDIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 1

Expert Comment

by:Trancebolt
ID: 39706259
Very difficult... I have had this problem with a few domains/ips...

Its either someone in house doing mass mailers or your outbound security is low so people are spoofing your name.

Barracuda is often one that blocks me...
0
 
LVL 13

Expert Comment

by:Alexios
ID: 39706278
Hello
It is better to remove the HD, add it as a secondary drive to another PC and scan it with updated antivirus and antimalware software.
Some examples
http://www.microsoft.com/security_essentials/
http://www.malwarebytes.org/ 

Write down all possible threats that these programs will find and search them to a virus database. In their decription you will if any of them is causing spamming
0
 
LVL 1

Expert Comment

by:Trancebolt
ID: 39706282
VEry sound advice, but in my experience nothing  clears bugs out except reformatting and setting up from scratch =D
0
 

Author Comment

by:PDIS
ID: 39706290
I will reformat the computer before I put it back in use.  I'm just trying to verify that this computer is the culprit for us being blacklisted
0
 
LVL 19

Accepted Solution

by:
xterm earned 2000 total points
ID: 39706328
If you have multiple PCs on a LAN that is using NAT behind one common gateway, then all your outbound emails will appear to originate from a single IP address and there is no way of knowing if the infected machine is the culprit.  Obviously, if the machine has a public static IP, then that will be the IP in the DNSBL listing, but I'm guessing that's not the case for you.

The best thing you can do is put an internal ACL on your switches/routers that denies all outbound SMTP (port 25/tcp) to any IP except for your actual Exchange/SMTP server(s).  This forces systems to relay instead of doing direct-to-MX, and then you can deploy controls on Exchange itself to limit outbound volume.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question