When you were blacklisted do you see what RBL you were listed on, or why you were listed? I had a site where there was a lone workstation in the far end of the warehouse used only for checking schedules, sure enough that was the affected/infected PC that was part of bot-net causing the blacklisting.
Jean-Paul Natola Date: Wed, 9 Apr 2014 11:54:11 -0500 Subject: Re: [Exchange] Relaying From: [email protected] To: [email protected] I've also put a firewall rule into the default domain policy to block all port 25 traffic between clients. I'll see if that helps. On Wed, Apr 9, 2014 at 11:49 AM, J- P <[email protected]> wrote: You can get blacklisted without SMTP traffic, simply by machines trying to access certain websites known as sinkhole servers http://www.spamhaus.org/faq/section/Spamhaus%20XBL Date: Tue, 8 Apr 2014 21:55:27 -0500 Subject: Re: [Exchange] Relaying From: [email protected] To: [email protected] I think Don has not been in this conversation yet, and i do use Vipre for backscatter and spam protection. I don't think having 600 messages undelivered in the queue is reasonable. We have been blacklisted a couple of times and been delisted so far. I also have all traffic on port 25 blocked out of the firewall except for the Exchange box. I'm looking at the smtp logs and can;t seem anything off yet. On Tue, Apr 8, 2014 at 7:07 PM, Richard Stovall <[email protected]> wrote: I think this answer is correct in some circumstances, but not universally by any means. Don, do you have any backscatter protection enabled? This would eliminate these as NDRs resulting from spam from spoofed addresses you own. If you don't have backscatter protection, my guess is that spam which does spoof existing addresses would be far more problematic than that which does not. On Tue, Apr 8, 2014 at 7:13 PM, Mike Tavares <[email protected]> wrote: the sender <> is normal exchange NDR’s being delivered. Since your exchange server is authoritative for you domain any messages addressed to non existent email address will cause these, since a lot of spam has bogus address you tend to see them sitting in your ques for a while. They will eventually time out and go away on their own. Nothing to worry about. From: Steve Ens Sent: Tuesday, April 08, 2014 4:30 PM To: [email protected] Subject: [Exchange] Relaying I'm running exchange 2010 here with all the service packs. I think that I must have misconfigured one of my receive connectors. I know I am not an open relay from the outside, but I think I have a machine inside my network that is compromised and using exchange to send out since I have many messages sitting in my queue that are undeliverable. Any suggestions as to how I'd determine from which IP these messages are originating? The sender always looks like <> I've opened up the message tracking logs, but can't find any incriminating evidence there.
