0

All outgoing email to external recipients from my Exchange 2003 server is getting blocked by RBL lists. I'm new to administrating Exchange and i checked the Message Tracking Center under System Manager on the Exchange server and it's showing that an email address called inform@mydomain.com is sending tens of messages an hour to all sorts of recipient email addresses.

I don't have an email address called inform@mydomain.com so i'm sure this is the culprit.

How can i stop this and protect my server in the future ?

  • RBLs generally don't block domains, but they do block IP addresses - like the IP address of your server, the one that's probably sending spam or has sent at one point in time. – Chris S Feb 08 '11 at 21:20

2 Answers2

1

The first thing to do is check and see if you are an open relay. Go to mxtoolbox and run the smtp test against your mail server, that will get you started.

If that comes up clean, you probably have some type of infection on the inside, and a client PC may be the culprit. Turn on SMTP logging on the server and see whats coming through the server.

DanBig
  • 11,393
  • 1
  • 28
  • 53
1

The first step is to disallow your server to relay emails from internal IPs. That can be done in the properties of the SMTP connector. Second, you'll need to track, where those connections are coming from. You should be able to see in the SMTP log that connections from some IP are being blocked. Raise diagnostic level logging for that. Identify the machine and remove the trojan/virus/malware installed on it.

If you just discovered this today, it probably means that you are properly protected from relay from OUTSIDE, however as mentioned in the previous post, go to MXTOOLBOX to validate that.

Now that you're blacklisted, it usually takes up to the 7 days the clean the mess and have servers in the world be updated with your "clear" record.

Vick Vega
  • 2,398
  • 16
  • 22