CogentMemberJun 19, 2006 at 7:41 pm #113052
I have a situation where my mail server is constantly getting blacklisted. From my troubleshooting I have narrowed the issue down to two things, a client computer sending from my public IP address has a virus (the clients contact the router directly I am not using a windows 2003 firewall).
Or there is some sort of relaying going through the exchange 2003 box, I have checked all the security settings and run the Microsoft Exchange best practices and Microsoft Baseline security which don’t show up any issues.
In order to try and work out what is going on I have implemented a smarthost to send mail. This helps but our public IP address is still getting blacklisted and the domain name is blacklisted as well on some mailservers. The main two entities that are blacklisting us are spamcop and spamhaus.
In the queues folder in the mailroot I have from time to time noticed emails addressed to domain users and other ficticious users @ourdomainname with spam like messages. I manually delete these messages when I see them.
What procautions or tests can I run to see that the mail server is not relaying mail and possibly block viruses from sending from this public IP address / Mail server. I have done a port scan and most of our ports are blocked on our routers wan interface, however I have noticed that recently port 1001 (which is a common trojan port) shows up as stealthed, but not blocked?.
My internal clients are going quite nuts at this point as this has been a bit of a long standing issue.
Any help you can offer me here would be greatly appreciated it is getting to a bit of a desperate stage.
You must be logged in to reply to this topic.