Re: Locking Down Exchange 2003 to Prevent it from being Blackliste

Dan,

If your Spam software is up-to-date ( Assuming there is decent product) and
the mail server is patched and configured correctly and Client desktops are
locked down ( port 25) and scanned with AV and outlook plug in, there should
not be any issues going forward handling and maintaining health messaging
environment.
In the recipient filtering you can include the entire domain by adding
@domain.com. You need to relay on your spam software reporting capabilities
to see what domain or what IP address is generations most spam to your SMTP
domain. The spam software should be doing similar functionality as recipient
filtering. You may even need to tune that up by login into it , finding out
the spammers domain or IP and adding into black list on the spam software or
even In the exchange.
If you perform this for some time, you will quickly notice the difference,
and also don’t forget to educate the users
Best,
Oz

--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +


oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)


"Dan V" wrote:

When i get to the area for setting up receipient filtering What emails
should i add? Can i download a list of known spammers?

Where Can i download Exchange tools to test against my server?

thanks again.

"oz.ozugurlu" <ozozugurlu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EA836DD4-D063-4EA4-9163-F5E8C487870B@xxxxxxxxxxxxxxxx
Dan,
sure no problem let us know how it goes

--oz


--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +


oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)


"Dan V" wrote:

Thanks for the info.


"oz.ozugurlu" <ozozugurlu@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A136C808-D952-4655-B87D-EAA3AF94E620@xxxxxxxxxxxxxxxx


a.. Do not allow unsolicited ads and other bulk e-mails to be sent from
your server, by the hosted accounts; *How do i prevent this?

Use limits on the Exchange server ( 10 meg limit etc ), watch the mail
queues for spikes etc
b.. Do not run pro spam services like: spam websites, drop mail boxes
for
replies to spam e-mail ads, DNS for junk mailers, payment processing
services for the products advertised in spam messages, junk mail tools
(like
lists of e-mail addresses); *How do i prevent this?
You need good spam protection, or set the server correctly, check the
article I put together to see if any of the tips helps you out to tune
the
mail server
A lot of spam targeted at my Exchange server
http://smtp25.blogspot.com/2007/05/lot-of-spam-targeted-at-my-exchange.html

c.. Make sure all your hosts are as secure as possible; *I have a
firewall
and virus scanners on all computers and server.
d.. Make sure you do not have any spam bots on your systems; *Virus
scanners runs daily.
e.. Make sure your mail server is not an open relay; *Checked this and
OK.
f.. Make sure your proxy server is not an open proxy; *Don't have a
proxy
server.
g.. Check that the abuse@xxxxxxxxxxxxxx and postmaster@xxxxxxxxxxxxxx
addresses exist and that they are functional; *I just created these
two
accounts.
h.. Make sure the information provided in the domain registration
service
(whois) is updated and complete; *Not sure how this will help?
i.. Make sure all your mail servers accept mail from: delivery
notifications (NDR); *Need help with this?

IF you tune up the server as I indicated above I think you will be
fine

j.. Don't use an ISP that has a bad reputation when it comes to spam.
Doing so may get you blacklisted just because your IP address is part
of
their allotted subnet; *Their ISP is well know
k.. Make sure your DNS is properly set up and that you are complying
with
the RFC rules regarding service configuration; *Using the standard
setup
from the 2003 server, Internal DNS only and using ISPs DNS as
fowarders.
l.. Make sure your mail server does not send poorly-formatted
messages;
*Need help with this.
You need to point your exchange server as its Primary DNS to the domain
controller, so if the domain controller IP is 192.168.1.2, this will be
the
DNS configured on the exchange server.Your domain controller needs to
point
itsels as its DNS ( assuming DC/DNS), and you needs to use forwarder on
the
DNS to forward queries, which your domain is not authoritative for.
Do not point your DC/DNS servers to your ISP DNS servers
http://smtp25.blogspot.com/2007/07/do-not-point-your-dns-servers-to-your.html


m.. Deploy Domain Keys and SPF for outgoing messages; *Created an SPF
Record for their domain.
n.. Use secured connections (SSL/TLS) as much as possible; *Customer
is
cheap and wont buy a ssl cert.


o.. Do not allow unauthenticated users to send e-mails neither locally
nor
remotely. * Need help with this.
They are saying make sure no one else is sending mail out from the mail
server except the valid users, this will be the case if you are open
relay
or
a user hit by e-mail worm or kind, if you have good spam and AV
protection
you don't have to worry about this

Good Luck
oz

--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +


oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)


"Dan V" wrote:

I have a customer whom has a 2003 exchange Server with 5 users.

This is a windows xp domain with one 2003 server with exchange on it.
They have the TrendMicro Worry Free Suite with has and exchange
scanner
with
it. All the computers are up to date and virus scanners are running on
them.

This is the third time they have been blacklisted from ivmSIP. I would
like
to setup the exchange server so i can find out which users email is
compromised and also i have found this info and would like steps to
lock
down this exchange server to prevent this from getting listed.

I have answered most of these statements. Please help me with the
others.
There are a few steps you should take to in order to prevent being
blacklisted. The most important ones are closely related to securing
your
mail server and making sure no third-party can use it to send e-mails
in
an
unsecured fashion:

a.. Do not allow unsolicited ads and other bulk e-mails to be sent
from
your server, by the hosted accounts; *How do i prevent this?
b.. Do not run pro spam services like: spam websites, drop mail
boxes
for
replies to spam e-mail ads, DNS for junk mailers, payment processing
services for the products advertised in spam messages, junk mail tools
(like
lists of e-mail addresses); *How do i prevent this?
c.. Make sure all your hosts are as secure as possible; *I have a
firewall
and virus scanners on all computers and server.
d.. Make sure you do not have any spam bots on your systems; *Virus
scanners runs daily.
e.. Make sure your mail server is not an open relay; *Checked this
and
OK.
f.. Make sure your proxy server is not an open proxy; *Don't have a
proxy
server.
g.. Check that the abuse@xxxxxxxxxxxxxx and
postmaster@xxxxxxxxxxxxxx
addresses exist and that they are functional; *I just created these
two
accounts.
h.. Make sure the information provided in the domain registration
service
(whois) is updated and complete; *Not sure how this will help?
i.. Make sure all your mail servers accept mail from: delivery
notifications (NDR); *Need help with this?
j.. Don't use an ISP that has a bad reputation when it comes to
spam.
Doing so may get you blacklisted just because your IP address is part
of
their allotted subnet; *Their ISP is well know
k.. Make sure your DNS is properly set up and that you are complying
with
the RFC rules regarding service configuration; *Using the standard
setup
from the 2003 server, Internal DNS only and using ISPs DNS as
fowarders.
l.. Make sure your mail server does not send poorly-formatted
messages;
*Need help with this.
m.. Deploy Domain Keys and SPF for outgoing messages; *Created an
SPF
Record for their domain.
n.. Use secured connections (SSL/TLS) as much as possible; *Customer
is
cheap and wont buy a ssl cert.
o.. Do not allow unauthenticated users to send e-mails neither
locally
nor
remotely. * Need help with this.













.

Relevant Pages

  • Re: How to prevent DC from trying to register on root DNS servers
    ... The dynamic registration of the DNS record '. ... DNS server IP address: ... If you are hosting a public domain on the internet, and you host your own email, then I would create an MX record to tell the rest of the world what the mail exchanger is. ... They are only for MTA to MTA (mail server to mail server) communication. ...
    (microsoft.public.windows.server.dns)
  • Re: content filtering
    ... While that's an admirable goal (refer to Bill Gates saying that spam ... If you want to consider the presence of an IP address in a DNSBL ... If a server is set up properly and message bounced with a SMTP ... 550 code would come to the attention of the mail server admin who could ...
    (microsoft.public.exchange.admin)
  • Re: DNS and email problem
    ... Basically our situation boils down to Comcast performing ... a reverse DNS to the wrong IP address for our mail server but I'm not ... The "error" is that our mail server does have a correct PTR and all ...
    (microsoft.public.windows.server.sbs)
  • Re: Noob : Is BIND necessary for mail server ?
    ... Another DNS that will also work fine is ... > djdns from the guy that made qmail. ... This is my first mail server set up, and I can say that I now have it up ...
    (alt.os.linux.redhat)
  • Re: Unable to bind to the destination server in DNS
    ... > Not sure were to post this one, but I'll start in the DNS discussion. ... > My gateway mail server (Win2k3 IIS6 SMTP) will stop delivering ...
    (microsoft.public.windows.server.dns)
Loading