Re: Exchange 2003 and Spam Filters

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

If the connection drops immediately, it's likely not because of RBLs, but as
you suggested - a "hard block" at the network layer perhaps.
If they're using Exchange, IP addresses can be blocked from SMTP virtual
server properties | Access tab | Connection (enter IP address(es).

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


<metahugh@xxxxxxxxxxx> wrote in message
news:1162419530.594721.133510@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've got an interesting issue. We caught the Station virus last week
and we have been having problems ever since. A few of our workstations
caught the virus, started spamming some of the companies that we do a
lot of business with and consequently we got listed on Spamhaus. We
have two Exchange 2003 SMTP servers connected through a internet mail
connector. I checked the two nat'd IP addresses at Spamhaus and they
were not listed.

After going through all of our external IPs I came up with three IPs
with issues. Each of the three IPs is the outside interface IP of our
three firewalls, each one services a different region. Would make
sense because the virus uses it's own built in SMTP engine and the
originating IP is the IP on our firewall. My question about spam
filters is how did it end up blocking all of our domain instead of just
the offending IPs? I'm assuming that it did a reverse lookup on the IP
address, saw the domain name as derrived from the FQDN and that's how
it's blocking us.

The problem with this though is even after removing our IPs from the
DNSBLs we are not able to send mail to these companies. I'm assuming
that the company needs to remove us from their spam filter?

Also when I initiate a telnet session from each of our SMTP servers the
connection drops IMMEDIATELY. It doesn't think, show the banner and
reject after attempting to send a message, it just dumps the connection
immediately. It does this from any of our block of IPs. Does this
sound like a problem on our end or is the other end have a hard block
on our IP range?

Thanks,

Hugh



.

Relevant Pages

  • Exchange 2003 and Spam Filters
    ... We caught the Station virus last week ... After going through all of our external IPs I came up with three IPs ... Also when I initiate a telnet session from each of our SMTP servers the ... reject after attempting to send a message, it just dumps the connection ...
    (microsoft.public.exchange.admin)
  • Re: fc3, sendmail, dovecot: cannot receive from outside
    ... I went to that account and replied to that msg. ... and where the IPs appear make sure they fit the situation which host is ... > normally there is no static ips w/a PPPoE connection but seeing that my ...
    (Fedora)
  • Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
    ... I've seen accesses from various different IPs to 64.40.117.119. ... Before client's connection was without firewall. ... brute force or dictionary attack on a login form, prehaps using a botnet ...
    (Full-Disclosure)
  • Re: FreeS/WAN network-to-network VPN
    ... > servers get virtual IPs so that connections on to/from those IPs are secured ... Or will any connection going from one server's ... If you tunnel, typically only the tunnelled IPs are routed through ipsec0, ... Or to access the firewall itself you could run a separate ipsec connection ...
    (comp.os.linux.networking)
  • Re: FreeS/WAN network-to-network VPN
    ... > servers get virtual IPs so that connections on to/from those IPs are secured ... Or will any connection going from one server's ... If you tunnel, typically only the tunnelled IPs are routed through ipsec0, ... Or to access the firewall itself you could run a separate ipsec connection ...
    (comp.os.linux.security)