 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Emails at work not being allowed to be sent as IP address keeps getting blocked by 'Spamhaus' website, have to manually de-list it through there site. We run bullguard and they sent me a couple of 'exe' programmes to run, but all comes back clear. A couple of hours after I clear the IP, email works,..... until a random time the next day then I have to go through the process again. Limited IT knowledge here, so any ideas please STW massive?
Is someone semding spam emails purporting to be from your domain? Hacked? Are you now part of a bot-net spamming the world?
Honestly have no idea I'm afraid, not techy really, but the best we have in a small company!
http://mxtoolbox.com/blacklists.aspx
Might help - we had the same once before when we'd been hacked. Something nasty was sending masses of email from our mail server so we got blacklisted. If you don't stop the spam (assuming that's what it is), you'll keep on getting blacklisted I'm afraid.
Our work had the same when one of the sales guys had an infected machine sending out spam.
You need to find the cause first and fix that or you will just keep getting black listed.
No web or email filtering in place to help figure it out?
Can I suggest you implement DKIM and spdif headers. These are text DNS records that provide a proof that your server is what it purports to be and not a spammer to a receiving server. If you are a techno-dunce like I am there are websites to help you with spdif records, you may well need a 'grown-up' to safely implement DKIM as this involves generating a certificate from the command line. The records would be entered via your mail hosting control panel or office server.
To trace the spamming you'll need to get the SMTP logs for the mail server and go through these carefully to find the source. You are using SSL/TLS for you mail send and receive? If you aren't get this done too.
Which spamhaus list do you appear on? Run AV scans on your entire network. Is everything fully patched? Do you send NDR' for unrecognized addresses (don't do this). Do you have any visibility of outbound mail flow? Do you send out mailshots and if so do you action any unsubscribe requests? Does your mail server allow open relays? What is your mail server?
This is also a big part of why we moved our email off-site (to corporate Gmail) instead of hosting our own mail server. Let someone else worry about security, patching etc etc!
Just to add a minor correction to Sandwich's excellent suggestion: the headers that need added are spf, not spdif.
And I would second getting someone in to sort this- blacklist removal has a few traps to the unwary.
@cody, I am not a 'grown up' when it comes to It security stuff. I just about manage to keep our mail server running and patched but it is a Mac version.
Finding a reliable consultant is a nightmare, our last one went bust and does ad hoc support for us. It would appear he has gone completely dark now. Next nearest is Saffron Walden which is a blow. Remote managing can be a pain as we need them to be PCI compliant to do this with our system (advice from the security scanners).
It's a while since I looked at Spamhaus but I'm pretty sure they tell you [i]why[/i] you've been blocked. That'd be my first port of call.
Second would be to virus scan / malware scan all the machines (which you're doing already, right?)
https://www.spamhaus.org/lookup/
If your IP address is listed on one of our IP blocklists; SBL, XBL or PBL (collectively known as the 'Zen' blocklist), this lookup tool will tell you which one and will give you a link to information on what to do.
or
If your Domain is listed on the Spamhaus Domain Blocklist (DBL), this Lookup tool will give you a link to information on what to do.
Appreciate I asked lots of questions but if you can answer some I can help..