• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Throttle settings on Exchange 2003

We have Exchange internal on our server. We keep getting blacklisted for the past 2 weeks. I have run every anti virus and malwarebytes on all machines on the network, yet we keep getting listed.

I read that setting throttling settings can help prevent this as well as setting up spam filtering. Where can I find those settings in Exchange 2003?

Thanks.
0
raffie613
Asked:
raffie613
  • 15
  • 12
  • 5
1 Solution
 
Schuyler DorseyCommented:
I suppose it could be the throttle settings but I have never seen it be that.

Have you checked to see if your server is an Open Relay? If so, that for sure could cause this and it needs to be disabled.

Microsoft kb:

http://support.microsoft.com/kb/324958

Here is a good smtp test site:

http://mxtoolbox.com/diagnostic.aspx
0
 
raffie613Author Commented:
It definitely is not the cause, the cause is a virus i am sure, but we can't seem to pin point it and have too many users bringing in laptops.
I followed the steps in the article and we do not have SMTP port 25 open. we have a firewall and email spam filter.
Should i still look to disable open relay? Would that be causing us to be blacklisted?




Any other ideas to get us from keep getting blacklisted?
0
 
Schuyler DorseyCommented:
You should have SMTP port 25 open.. if you didn't then you wouldn't be able to receive email on your Exchange server at all....

So as long as SMTP port 25 is open, I would certainly check for open relay.

Are you doing inbound AND outbound spam filtering.. or just inbound?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
raffie613Author Commented:
just inbound. what tools will do outbound?

Where do i disable open relay on 2003 exchange?
0
 
raffie613Author Commented:
Mxtoolbox says it is NOT an open relay.
Any other ideas?
0
 
Schuyler DorseyCommented:
On your perimeter firewall, is your email server the ONLY internal machine allowed to send outbound traffic on port 25?
0
 
raffie613Author Commented:
looks like it is set for * (all) allowed to send SMTP to our Sonicwall ESA. The Esa however is not configured to check outbound mail for viruses.

Should i make any changes to that?
0
 
Schuyler DorseyCommented:
It is considered best/common practice to only allow your email server to send traffic outbound on port 25.

So the only IP allowed to use port 25 from your Internal to External zone should be the IP of your email server.

You can scan outgoing email for viruses if you wish.
0
 
raffie613Author Commented:
so configure the rule to read instead of *, just have the server ip address sending on port 25 to the ESA?
OR have * send SMTP to the email server?
0
 
Schuyler DorseyCommented:
Outbound smtp traffic should be restricted to the email server.

Inbound traffic should still come from *.
0
 
raffie613Author Commented:
ok so i changed the rule to have the emails server be the only one to pass SMTP traffic to the ESA, or should i have it send to *?
0
 
Schuyler DorseyCommented:
Send to *.

Its smtp traffic is not destined toward the Sonicwall. Its smtp traffic is destined to other email servers. It just passes through your Sonicwall on the way.
0
 
raffie613Author Commented:
ok, but wouldn't it help my issue if we subscribed to the ESA outgoing anti virus email check and have all the mail outgoing filter through there?
0
 
Schuyler DorseyCommented:
My knowledge could but dated but I was under the impression that the Sonicwall just outgoing smtp traffic for viruses. If this is the case, you would not direct your email traffic to the Sonicwall. The traffic passes through the Sonicwall and it is scanned along the way.

If it were doing outbound spam filtering, that would be a different story as you would have to setup a smart host on the Exchange side too.
0
 
raffie613Author Commented:
Is it easier to just move our email to an off site host for office 365?
0
 
Schuyler DorseyCommented:
Yes and no. It all depends on your organization's requirements and staff.

Note that Exchange 2003 IS about to go end of support so even if you do not go to a cloud solution like Office365, I would highly recommended upgrading to a higher version of Exchange such as 2010.
0
 
raffie613Author Commented:
If I can't figure a way to prevent our domain from being blacklisted any time someone gets a virus on their laptop when they bring it in,  exchange email will do me no good anyway.
0
 
raffie613Author Commented:
What about throttling.  Would that help? If so how do I enable it?
0
 
Schuyler DorseyCommented:
No virus will be able to relay spam email via your public IP if you locked down your ACL on the firewall.

If you have issues with viruses, I would review the configuration of your company anti-virus solution.

This isn't an issue as long as your security posture is properly managed. I manage roughly 20 clients with Exchange on premise; none of them have issues with being blacklisted as I deploy layered security at all of them.
0
 
Simon Butler (Sembee)ConsultantCommented:
There is no throttling on Exchange 2003.
If your Exchange 2003 server was being abused, then you would see signs of it on the server itself, such as large numbers of messages in the queues.

The most likely cause of blacklisting is a workstation, which appears to be coming from the same IP address.

If you can get Exchange on to its own external IP address that will stop the blacklisting of its IP address when that happens.
Blocking port 25 outbound will also help, plus if you enable logging it will allow you to track down the source.

Stop concentrating on the Exchange server as the cause, it is unlikely to be where the messages are originating from.

Simon.
0
 
raffie613Author Commented:
How do I  point the exchange server to my second external ip address? Just add the rule to the firewall or is there a place inside exchange i need to do it as well?
0
 
raffie613Author Commented:
Also the sonicwall  only gives me an option to allow LAN traffic out for all services and a bunch of other specific ones but not just for tcp. The only tcp  options it has are for tivo tcp.
0
 
Simon Butler (Sembee)ConsultantCommented:
I cannot help with the Sonicwall queries, you should ask Sonicwall support on how to block port 25 outbound.

The same goes for the external IP address. Remember you need to setup everything - so you will need a PTR on that address, the DNS changed as well as the firewall. It will be something like NAT, you want it for both inbound and outbound traffic, so the traffic appears to be coming from the correct IP address. I expect the Sonicwall can do it, it just isn't something I have ever used.

Simon.
0
 
raffie613Author Commented:
Simon,
Regardless of the Sonicwall settings, is there anything I would need to do on the exchange server to have emails go in and out from the new external IP?
0
 
raffie613Author Commented:
now that i changed my firewall to only let my exchange server use SMTP, we are unable to receive any external Email from outside our network.

Do I need to create a new SMTP rule to allow destination * to reach my exchange server?

Or DO I do a POP3 rule to reach exchange server?
0
 
Simon Butler (Sembee)ConsultantCommented:
Exchange doesn't care what the external IP address is, so there is nothing that you need to do to ensure that the email flows. If you have made changes on the Sonicwall and email flow has stopped, then the changes were wrong. You do not need to do anything to Exchange.

Whether you require additional rules in the Sonicwall, I cannot answer, that depends on the rule system you have at the moment. POP3 has nothing to do with delivering email to your server, that is a client protocol.


Simon.
0
 
raffie613Author Commented:
Ok can you guide me how I go about making the exchange server use the second external ip address instead of the ip address the network uses to get out?
0
 
Schuyler DorseyCommented:
You would have to setup a new NAT rule on your Sonicwall to tell it to NAT the internal Exchange IP out to the secondary Public IP.

Then you would have to call your ISP to setup a new DNS PTR record.

You would also have to adjust your public DNS MX/A records.

The EASIER route... keep your Exchange server on the current IP and change everything else to NAT out the second public IP.

So have a NAT rule that nats your internal Exchange IP out the current primary IP
Second NAT rule UNDER it to NAT out * to secondary public IP.
0
 
Simon Butler (Sembee)ConsultantCommented:
"The EASIER route... keep your Exchange server on the current IP and change everything else to NAT out the second public IP. "

Except that is the one that is blacklisted and has a poor reputation. I always find it easier to NAT everything over the default first IP address, and put Exchange on to an additional address. That way if something is forgotten or reset and traffic starts going out on the default address, the Exchange server has its own address rather than clients trashing the reputation.

Simon.
0
 
Schuyler DorseyCommented:
True that is may have a poor reputation.. but in my experience, an IP never gets blacklisted again unless it is found to be abusing again.
0
 
Simon Butler (Sembee)ConsultantCommented:
That is exactly my point - if you use the default IP address and make an error when doing the firewall rules, a workstation could cause blacklisting because it is the default address. I work on the basis of planning for the worst - so for the additional work of getting the second address to work (which isn't that much of a problem) I cover myself against future errors.

Simon.
0
 
Schuyler DorseyCommented:
I see what you mean.

However, my suggestion was to change the default outbound NAT address to the secondary public IP and having an explicit rule for outbound NAT that matches on only the Exchange server.. so it would avoid any future issues.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 15
  • 12
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now