It was a site called bluehost. If I went to mxtoolbox, we weren't listed anywhere.
On Wed, Apr 9, 2014 at 4:04 PM, J- P <jnat...@hotmail.com> wrote: > When you were blacklisted do you see what RBL you were listed on, or why > you were listed? > I had a site where there was a lone workstation in the far end of the > warehouse used only for checking schedules, sure enough that was the > affected/infected PC that was part of bot-net causing the blacklisting. > > > Jean-Paul Natola > > > > ------------------------------ > Date: Wed, 9 Apr 2014 11:54:11 -0500 > > Subject: Re: [Exchange] Relaying > From: stevey...@gmail.com > To: exchange@lists.myitforum.com > > I've also put a firewall rule into the default domain policy to block all > port 25 traffic between clients. I'll see if that helps. > > > On Wed, Apr 9, 2014 at 11:49 AM, J- P <jnat...@hotmail.com> wrote: > > You can get blacklisted without SMTP traffic, simply by machines trying to > access certain websites known as sinkhole servers > http://www.spamhaus.org/faq/section/Spamhaus%20XBL > > > > > > > ------------------------------ > Date: Tue, 8 Apr 2014 21:55:27 -0500 > Subject: Re: [Exchange] Relaying > From: stevey...@gmail.com > To: exchange@lists.myitforum.com > > > I think Don has not been in this conversation yet, and i do use Vipre for > backscatter and spam protection. I don't think having 600 messages > undelivered in the queue is reasonable. We have been blacklisted a couple > of times and been delisted so far. I also have all traffic on port 25 > blocked out of the firewall except for the Exchange box. I'm looking at the > smtp logs and can;t seem anything off yet. > > > On Tue, Apr 8, 2014 at 7:07 PM, Richard Stovall <rich...@gmail.com> wrote: > > I think this answer is correct in some circumstances, but not universally > by any means. Don, do you have any backscatter protection enabled? This > would eliminate these as NDRs resulting from spam from spoofed addresses > you own. If you don't have backscatter protection, my guess is that spam > which does spoof existing addresses would be far more problematic than that > which does not. > > > On Tue, Apr 8, 2014 at 7:13 PM, Mike Tavares <miketava...@comcast.net>wrote: > > the sender <> is normal exchange NDR’s being delivered. Since your > exchange server is authoritative for you domain any messages addressed to > non existent email address will cause these, since a lot of spam has bogus > address you tend to see them sitting in your ques for a while. They will > eventually time out and go away on their own. > > Nothing to worry about. > > > *From:* Steve Ens <stevey...@gmail.com> > *Sent:* Tuesday, April 08, 2014 4:30 PM > *To:* exchange@lists.myitforum.com > *Subject:* [Exchange] Relaying > > I'm running exchange 2010 here with all the service packs. I think that > I must have misconfigured one of my receive connectors. I know I am not an > open relay from the outside, but I think I have a machine inside my network > that is compromised and using exchange to send out since I have many > messages sitting in my queue that are undeliverable. Any suggestions as to > how I'd determine from which IP these messages are originating? The sender > always looks like <> I've opened up the message tracking logs, but can't > find any incriminating evidence there. > > > > >