Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Blacklisting gone, but still have mail problem

  • 07-04-2011 6:01pm
    #1
    Ruosullivan
    Closed Accounts Posts: 51 ✭✭


    I was called by a small business complaining of mails bouncing back.

    The NDR showed that they were blacklisted (xbl) by Spamhaus.

    After removing the listing, i discovered the server wasn;t protected by ANY security. They had Eset Mail security installed, but it was a trial that ended months ago.

    As it was after hours at this stage, i downloaded a Symantec Mail security trial to get some protection going.

    All worked great for about 8 hours, but last night, mails started sticking in the queues again.

    The NDR is....

    This message was rejected due to the current administrative policy by the destination server. Please retry at a later time. If that fails, contact your system administrator.
    <domainname.ie #4.3.2>

    I've tried to telnet some of the domains in the queues, but it reports...

    Could not open connection ot the host, on port 25: connect failed

    The port is setup right and using PFportChecker (after stopping smtp in services) it tests fine too.

    I can telnet the server fine with telnet servername.local 25

    but i can't send a test mail.


    Would GREATLY appreciate som help


Comments

  • #2
    ressem
    Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    I'm assuming that your email server is Exchange? Any version number?
    Also assume that you don't have an externally hosted mail cleaner.
    (This has the advantage that you can tell your firewall to only accept mail that has been routed through the external server, and return mail the same way)

    The exchange server was blacklisted. So I guess that it was being abused by spammers.
    If you look through the queue, are many of the mails sent when there would be no-one working in a small business?

    What method were they using to send mail through the local server?

    Possibilities include
    exploiting a weak password to impersonate a user.
    their server may not be correctly configured to prevent mails from being relayed.

    Can your telnet your broadband ISPs server, which usually has little spam protection from internal customers?


  • #3
    Ruosullivan
    Closed Accounts Posts: 51 ✭✭Ruosullivan


    Thanks for the reply Rassem,


    I reset the firewall and setup the ports again........like opening a floodgate, the mails flowed to the recipients....

    I dunno how it happend, because the firewall was setup fine, and the other ports (ftp etc....) were all working okay!


Advertisement