TreeTwista10 minisoldr 148441 Posts user info edit post |
Our IP address of our Internet Server at work has been added to the spam blacklists a few times lately...we are free of viruses so I think its some type of MS Exchange Server setting...I think that Exchange and the Firewall are somehow showing up as open relays...I did a Symantec Security Check and the only three ports that werent closed or stealth were 25, 80 and the pcAnywhere port...pcAnywhere is cool since its all encrypted...I tried blocking port 25 in the firewall software but of course that wouldnt allow anyone to send or receive emails...we are running Exchange 2000 and Winroute Firewall and I need to know how to have everyone able to send and receive emails without our Exchange Server showing up as a relay so that our IP doesnt keep getting added to the spam blocklists...help! thanks
ps the blacklist I'm referring to is the XBL
http://www.spamhaus.org/sbl/index.lasso
[Edited on December 27, 2005 at 11:37 AM. Reason : url] 12/27/2005 11:34:26 AM |
Shaggy All American 17820 Posts user info edit post |
Go to http://www.ordb.org/ and lookup your server's ip address.
if its not there, schedual a test (usually takes 30 minutes for them to get back to you with results).
ORDB tests your mail server to see if its an open relay, and can sometimes offer info on closing it by telling you what you're allowing through.
Other than that just make damned sure your exchange server is not set to send out mail that isn't from your domain.
Also, block inbound mail with a Mail From: address that uses your email domain. Theres absolutely no reason mail from @yourdomain.com should be coming to your server from the internet.
Also since spamhaus is a spam dnsbl as well as an open relay dnsbl you should make sure that you aren't sending out any spam via viruses on your network. 12/27/2005 11:50:43 AM |
TreeTwista10 minisoldr 148441 Posts user info edit post |
thanks I just submitted it...I'll let you know how it goes! 12/27/2005 11:55:00 AM |
Shaggy All American 17820 Posts user info edit post |
We use ORDB and XBL+SBL here at work and the spam reduction is huge. 12/27/2005 11:59:40 AM |
TreeTwista10 minisoldr 148441 Posts user info edit post |
true but its not foolproof...for example if someone at my company wanted to send you an email and we were on the list, you wouldnt get it, even though it was legitimate...i'd rather manually delete some garbage emails from my inbox than have to check my spam folder for legitimate emails...but thats just me 12/27/2005 12:06:53 PM |
CarZin patent pending 10527 Posts user info edit post |
You should run SMTP on port 587. 12/27/2005 12:21:10 PM |
Shaggy All American 17820 Posts user info edit post |
Most users here get either confused or annoyed if they see any spam in their mail at all. And all that comes back to me.
Also, spam does create more load on your server.
And most of them contain viruses.
So the best possible solution is to block them when the offending server attempts to deliver the mail (i.e. using a DNSBL).
Then blocking based on attachments and content.
As for false positives, the SBL+XBL does a pretty good job at identifying actual spammers.
Infact the only ways to get listed on XBL are to actually spam or send viruses to an XBL spamtrap or to be an open relay.
So if your ORDB check comes back negitive, you're probably going to want to go through your network and make sure everyone's antivirus is working.
And like they suggest, blocking outbound traffic on port 25 for everyone except for the outbound mail server would be a good idea. 12/27/2005 12:23:53 PM |