We notice you are on a blacklist

Hello,
My client IPs has blacklisted only at Sorbs
Sorbs website – „Site Down for Maintainance“
http://www.sorbs.net
Im waiting for Sorbs website to find out reason and to delist IP but in the meantime what can I do to find source of the problem.
Any advice?
Maybe it is false positive?
http://forums.gfi.com/dnsblsorbsnet-has-alot-of-false-positives-m900742006.aspx
LVL 1
AndyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Saif ShaikhServer engineer Commented:
Your Exchange server public IP is blacklisted on RBL sorbs because there is spam going out from your exchange server from internal user.

Internal user might have registered to an unknown website.

Run a complete virus/malware scan on all domain joined machines and exchange server to rule out any virus/malware.

Reset the password for user.

You can also enable diagnostics login on the send connector and check the logs. Also see the mail.queue if there are too many emails stuck in the queue for unknown domains. Also check DSN messages without FROM address in the queue.

If it is false positive check the mxtoolbox under blacklist check and enter exchange server public IP to see if it's blacklisted.

Contact your ISP to remove the IP from blacklist.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hypercat (Deb)Commented:
Do you have a PTR (rDNS) record for your public IP address?  If not, this could be the cause as this is one of the main reasons for false positives on spam filters. If you don't have a PTR record their spam filters  mark it as a dynamic IP address that shouldn't be sending email.  Along with what SAIF said I would check that too.

In addition, once you have this issue resolved, I would advise adding filters to your perimeter router that prevent outgoing SMTP packets from any IP address except those of your email servers.  Unless, of course, you actually have a reason to allow your users to send email externally without it being routed through your email servers.
0
timgreen7077Exchange EngineerCommented:
Make sure that your SPF record is setup correctly, because this record tells recipient servers if the sending server is a authorized server or not. That is one of the most import items to fix not already correct.
0
Hani AlhabshiSystems EngineerCommented:
Why is my IP address blacklisted?
Your IP address may be blacklisted for several reasons. Your IP may only be listed on a single blacklist, or it could be listed on multiple blacklists. Each IP blacklist is maintained separately and not governed by a central source. Each may have different standards for listing/delisting IP addresses.
 
If your IP address is blacklisted, this doesn't necessarily mean there is cause for concern. Some blacklists automatically add any IP address that is assigned via DHCP from the ISP. DHCP IP addresses are mainly how almost all residential connections connect to the Internet. Business accounts are more likely to be assigned static IP addresses.

We don’t maintain a blacklist, but here are the main reasons why your IP could end up being listed. Virus, Malware, or spam. If you've got a virus or malware and your computer is constantly pinging or attempting to communicate with other computers, you're bound to hit a computer where the admin will see your ‘attack’, block your IP address, and report it accordingly. If you send spam or run a mail server that is not properly configured and it allows spam to be sent, that IP address will get blacklisted.

If you have a DHCP IP address and you're not a spammer and don't have a virus, it's possible that the person who had your IP address before you was, or the person who had it before them, or the person who had it before them. Only the ISP knows who had the IP address prior to assigning it to you. You may have done nothing wrong.

How do I get my IP address off of a blacklist?
First, you should make sure that all devices on your network are not infected. After you've determined your network is clean and that no unauthorized traffic is going out, find where your IP address is blacklisted and contact them for removal. Each blacklist will have different ways of requesting an IP removal. And just because you've made the removal request, doesn't mean they'll honor your request.

What if my IP address remains on a blacklist?
That depends. If you're an average home user, having your IP address on a blacklist probably won't make a difference with your daily surfing agenda. However, if you're a business and run your own mail server, you may have issues getting unlisted. You'll need to make sure each device on your network is clean and make sure your mail server is configured correctly and locked down so it's not allowed to send messages from unauthenticated users.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.