Jump to content

Mail Server

Guest Jacek Jurkowski

By Guest Jacek Jurkowski
in Techno Babble

 Share

Recommended Posts

Guest Jacek Jurkowski

Guest Jacek Jurkowski

Posted
Posted

My mail server is blocked again and again by

various anti-spam black lists and It's driving me mad.

 

- I ensured that relaying on my server is allowed

only for domain users.

- I blocked smtp outgoing connections on my firewall

except those established by my proper mail server (IP).

 

The third thing i had read about is a SMTP-PROXY.

What do I need to configure on my server (Win 2003 SBS

with Exchange) to ensure that SMTP-PROXY is closed

on my server?

 

--

------------------------------------------

Jacek Jurkowski

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest ObiWan [MVP]

Guest ObiWan [MVP]

Posted
Posted

<span style="color:blue">

> My mail server is blocked again and again by

> various anti-spam black lists and It's driving me mad.</span>

 

well... in most cases, DNSBLs (anti spam lists) may show

you WHY your server (your IP) is blocked; and that may

give you some hints; sure, knowing your server's IP would

be of help, since I and others here may perform some checks

and could be able to better help you

<span style="color:blue">

> - I ensured that relaying on my server is allowed

> only for domain users.

> - I blocked smtp outgoing connections on my firewall

> except those established by my proper mail server (IP).</span>

 

ok... start here http://www.abuse.net/relay.html and check that

your SMTP isn't really allowing others to relay messages; if

the server passes all the tests then the relay isn't an issue and

you'll have to look elsewhere, so here's a checklist

 

Ensure port 25/tcp is blocked at the firewall and that only your

SMTP server is allowed to contact external hosts through it;

to check that, login at a regular workstation on your network

and then try using telnet to connect to an external SMTP host

for example run "telnet mx1.hotmail.com 25", if you'll see an

error message then .. all ok, if otherwise you'll see the hotmail

SMTP server banner, then you'll have to revise your firewall

settings

 

Next, you'll need to ensure that your DNS setup is correct; let's

say your mailserver is "mail.domain.com", now, set aside the

DNS MX entry (which should be there <g>), you'll also need to

ensure that the both the forward and reverse DNS resolution

(and I mean public DNS resolution) are coherent with your

MX name and with the name your mailserver uses to present

itself to the world; I mean

 

1) a "telnet mail.domain.com 25" should result in a message

carrying "mail.domain.com" and NOT something like "mail"

or "mail.local" or the like; in case, check the settings of your

SMTP server and correct that

 

2) assuming your mailserver public IP is 1.2.3.4, issuing an

"nslookup -type=PTR 4.3.2.1.in-addr.arpa." should result

in a "mail.domain.com" answer otherwise you'll have to

manage to correct your public reverse DNS entry

 

assuming all the above is ok or has been fixed, you'll also

have to look at your network setup; publishing a mail server

on the SAME IP which all the LAN users use to reach the

internet is a BAD idea, since any "nasty" exiting from such

an IP would cause that IP (which is the SAME as the one

used by your mail server) to get into a blacklist, so, better

publishing the server on a different IP, if that isn't possible

then you'll have to setup the mailserver to use an external

SMTP smarthost to send e-mails; in such a case, it would

be a good idea to create a so called "SPF record" into

your DNS; such a record is basically a TXT DNS record

carrying some "special content"; in general, using something

like "v=spf1 a mx -all" should do; but, in case you're using

a smarthost (as for above) you may want to include the IP

and/or the name of the smarthost into your SPF record,

for further infos see http://www.openspf.org/

 

HTH

Guest ObiWan [MVP]

Guest ObiWan [MVP]

Posted
Posted

> ok... start here http://www.abuse.net/relay.html and check that<span style="color:blue">

> your SMTP isn't really allowing others to relay messages; if

> the server passes all the tests then the relay isn't an issue and

> you'll have to look elsewhere, so here's a checklist</span>

 

almost forgot, you'll also need to ensure your mailserver isn't

sending out "delivery failure" reports; the reason is explained

here http://www.dontbouncespam.org/ and since we're in this

group, if your server is an Exchange, to fix this issue you'll have

to configure the recipient filtering so that any mail message

addressed to a non existing mailbox will immediately be rejected

by the server with a 5xx SMTP error message and so without

generating a bounce

 

HTH

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

You'll find support for Windows Mail in this public newsgroup:

microsoft.public.windows.vista.mail

 

Via the web-interface:

http://www.microsoft.com/communities/newsg...dows.vista.mail

 

Via your newsreader:

news://msnews.microsoft.com/microsoft.publ...dows.vista.mail

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

Jacek Jurkowski wrote:<span style="color:blue">

> My mail server is blocked again and again by

> various anti-spam black lists and It's driving me mad.

>

> - I ensured that relaying on my server is allowed

> only for domain users.

> - I blocked smtp outgoing connections on my firewall

> except those established by my proper mail server (IP).

>

> The third thing i had read about is a SMTP-PROXY.

> What do I need to configure on my server (Win 2003 SBS

> with Exchange) to ensure that SMTP-PROXY is closed

> on my server? </span>

Guest ObiWan [MVP]

Guest ObiWan [MVP]

Posted
Posted

> You'll find support for Windows Mail in this<span style="color:blue">

> public newsgroup: microsoft.public.windows.vista.mail</span>

 

hm... you're right; that post is rather OT here; but I think

that a better place would be the SBS group or even the

Exchange one since, if I didn't misunderstood it seems

an exchange/SBS issue more that a Windows Mail one

Guest marcelino martinez

Guest marcelino martinez

Posted
Posted

"Jacek Jurkowski" <jjurkowski@data-comp.local> escribió en el mensaje de

noticias:15D57F9A-D447-4927-A6B2-30BA59FA0233@microsoft.com...<span style="color:blue">

> My mail server is blocked again and again by

> various anti-spam black lists and It's driving me mad.

>

> - I ensured that relaying on my server is allowed

> only for domain users.

> - I blocked smtp outgoing connections on my firewall

> except those established by my proper mail server (IP).

>

> The third thing i had read about is a SMTP-PROXY.

> What do I need to configure on my server (Win 2003 SBS

> with Exchange) to ensure that SMTP-PROXY is closed

> on my server?

>

> --

> ------------------------------------------

> Jacek Jurkowski </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...