Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Blacklisted : CBL - Exchange 2010 - Need Assitance

Posted on 2013-12-26
4
Medium Priority
?
477 Views
Last Modified: 2013-12-26
Have Exchange 2010 has been running fine, no issues.
Got call from client, cannot send.
Checked MX Toolbox
Listed on SORBS, Spamhaus Zen, CBL
CBL says trojan or botnet is on network

Checked server, Queues are not filling up with outbound mail, thus I don't think I have a compromised user account and not relaying, that I can tell.

I am in charge of the server side of the house, what are the steps I should take to verify the server is not compromised.

Please advise
0
Comment
Question by:tech911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39740176
Run a full anti virus & anti spyware scan on all systems.  I'd run a few different apps to verify everything is clean.

Start with http://windows.microsoft.com/en-us/windows/security-essentials-download on all Pc's

Follow up with Malwarebytes and check all boxes for popups and browser hijacks.

Some spyware and virus apps have their own SMTP engines that bypass Exchange to send mail.
0
 
LVL 3

Author Comment

by:tech911
ID: 39740223
Ran Sec Essentials and MWbytes on Server, Clean.
Desktop Team is checking User Desktops
Anything else I should be doing or looking at on the server?
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 1000 total points
ID: 39740255
If you have a firewall, see if it tells you what box is sending out Smtp traffic. You can also setup anti spam service for incoming and outgoing mail. We have used this service on all our clients and it works very well.

This service quarentines incoming and outgoing spam which should stop you from being black listed again. It should also trap the outgoing spam you have right now.

Take a look at GFI max Mail Essentials
www.gfi.com
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1000 total points
ID: 39740450
Make sure you block TCP Port 25 outbound for all IP addresses other than the Exchange server if you haven't already.

If you have already, then you have a problem on the server, if not, then it's more likely a network computer.

Alan
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question