Problems sending mail, Have I been black listed

[neutec]

Hello all,
I have been having problems sending mail out from my exchange 2003 server. All mail the is sent out stops at the queue and never goes any further. I have checked my DNS and I am able to resolve name to whoever I send mail to. I checked my smtp service and its running fine. I have deleted all my from the queue and that didnt help. I have noticed something odd, I have noticed mail being sent out from postmaster to an email address I dont know( canada.com) Is it possible that I have been hacked/spoofed and someone is using my mail server to spam and my ip has been black listed?

I can figure out what this could be. I havent made any changes to my server? I have even formatted and reinstalled everything, but still no luck. Thanks for your help in advance.

 

[rye8261]

You can find out if you have been blacklisted here:

http://www.ordb.org/

They can also test to see if you are an open relay.

 

[vfear]

I know how you can get yourself unblocked--- they put you on the block list based on your external ip (the ip the cable company gives you) the cable company cant change your ip, however you can get it changed... your ip depends on your mac address of your router.. if you have a router like linksys you can edit the mac address.. .once you change the mac address .. go to the status button and renew your ip and it will give you another one .. and you are no longer black listed

 

[rye8261]

You are put on a blacklist when your email server is found to be an open relay. To get yourself off the blacklist, make sure that you are no longer an open relay and then submit your ip address at the site i gave above and they will retest your email server. If it is still an open relay you will remain on the open relay list, if it is not an open relay any longer they will remove you. The way that vfear described might get you off the list for a little bit, but it doesnt address the problem at hand of being an open relay.

 

[pschwarz]

Since you mentioned that "All mail sent out..." is being stopped at the que, it is unlikely that black listing is your problem (simple check is mentioned above). If you are being used as a mail relay... you will get black listed, and would also cause your que to remain full, as you might be sending quite a few e-mails outbound.

http://www.spammarshall.com/SpamMarshallWeb/NetworkTools.jsp

is a way to check as well. Firewall issues? Disabled outbound mail (under system manager/server properties), are other possiblities.

 

[matrixsolutions]

Neutec - what did you ever find?

We have Exchange Server and found today there a lots of messages sitting in the queue to/from strange addresses. We are also on a couple of black lists even though our server passes the 'relay test.'

Let us know if you found anything out.

Thanks.

Mike Lenoir

 

[xmsre]

Don't forget DNS reverse lookups. IF you don't have a ptr record in your external dns, many mail domains will reject you. Also, check on that queued outbound mail. It may just be ndrs caused by virii elsewhere that spoof the from address, or it may be someone relaying off you. I suspect the former since you passed the relay test.

 

[neutec]

My Mail problem was a DNS issue. Once I fixed it everything seemed to work again. I still notice mail from unknown domains at times sitting in the Que. Im not sure what they are from. My server passed the Relay Test aswell.

 

[xmsre]

many of the current crop of virii spoof the from address with mail domains from address book entries. When such an email with a spoofed from address is sent to a recipient that does not exist, the destination domain sends an ndr to the spoofed domain on the from address. Since the address was spoofed, it usually does not exist. So, the spoofed domain's mail server sends NDRs to the NDRs. This can cause a denial of service as queues fill with NDRs to non-existent addresses and slow down or halt mail flow.

The bottom line is, if all the messages are NDRs, you may want to stop the NDR spamming. To do so:

Open ESM, and expand Global Settings, go to Message Delivery and display it's property page. On the Recipient Filtering Tab, check the box labeled "Filter recipients who are not in the Directory"

When you click OK you will get a message that you have to manually enable the filter in the SMTP server VS, that's OK, that's the next step.


Go to your SMTP Virtual Server, and open it's property page. On the General Tab, click the Advanced button. Select your server's IP address and click Edit, and check the "Apply Recipient Filter" box. Click OK to close all the property pages.

Now you will need to stop and restart the SMTP service.

 

[LemonDrop]

The bottom line is, if all the messages are NDRs, you may want to stop the NDR spamming. To do so:

Open ESM, and expand Global Settings, go to Message Delivery and display it's property page. On the Recipient Filtering Tab, check the box labeled "Filter recipients who are not in the Directory"

>>>When you click OK you will get a message that you have to manually enable the filter in the SMTP server VS, that's OK, that's the next step.


Go to your SMTP Virtual Server, and open it's property page. On the General Tab, click the Advanced button. Select your server's IP address and click Edit, and check the "Apply Recipient Filter" box. Click OK to close all the property pages.

Now you will need to stop and restart the SMTP service.<<<

Can you elaborate on the same procedures for SBS 2000? Couldn't find the "Apply Recipient Filter" box on the Message Delivery window.

 

[johnny99]

You can use

http://dnsstuff.com/

to check most of the DNS and blacklist stuff.
Used just two hours ago to fint an error on one of my own PTR's

Remember that most mailservers that use blacklists will give you a type 5xx error (permanent error) so that your mailserver will return the email to the sender right away.

/johnny