If there are end user computers that are behind the same Internet/firewall, make sure you don't have a zombified pc sending out spam on behalf of some botnet. In my experience, that's a more likely source of bad outbound traffic that gets you put on blacklists.
For a start, check outbound traffic at your firewall for any SMTP originating from a box other than the Exchange server. On Apr 26, 2011, at 8:30 PM, "Don Kuhlman" <drkuhl...@yahoo.com<mailto:drkuhl...@yahoo.com>> wrote: Hi folks. This is probably a very basic question for the Exchange gurus...I'm trying to support of an exchange 2007 server (on SBS 2008) and found that it looks like we're being blacklisted by certain sites. Internal users were reporting that they couldn't receive emails from outside customers using comcast.net<http://comcast.net>, and hitachi among others. I tried to send to emails internally from comcast and was also getting errors that we were being blocked or not allowed from comcast. I ran some scans from different sites such as <http://www.mxtoolbox.com/SuperTool.aspx> http://www.mxtoolbox.com/SuperTool.aspx that show if you're blacklisted and found a couple instances where we were. I've been trying to find a way (internally from the server logs or firewall logs) to see if the Exchange 2007 server was hijacked or is being used as a relay. I'm not sure what to look for as traffic patterns on the firewall so that I can set rules to block this, nor what I might want to try initially on the server to protect it. I looked (googled) for how to test for blacklisting and all I'm finding is sites that tell you how to request you be removed temporarily from a blacklist or how to test your ip for blacklist status. Are there good sites that I can study to find out from the server's perspective or how to make sure it's not being used maliciously for relaying or spamming or some sites that tell me how to lock it down or verify it's okay (not to mention getting it permanently off the blacklists) ? Thanks! Don K --- To manage subscriptions click here: <http://lyris.sunbelt-software.com/read/my_forums/> http://lyris.sunbelt-software.com/read/my_forums/ or send an email to <mailto:listmana...@lyris.sunbeltsoftware.com> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist This e-mail and any files transmitted with it are confidential, are intended solely for the use of the addressee, and may be legally privileged. If you have received this e-mail in error, please notify the sender immediately; disclosing, copying, distributing, or taking any action in reliance on the contents of this information is strictly prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
