There are a few preventative measures you can take to reduce the chances that your e-mail server will end up on...
1. Run antispyware software
First, run a good antispyware application and desktop firewall on all computers in your network. If a workstation is infected, it may not directly affect your Exchange Server, but it can still result in your Exchange server being blacklisted.
Most organizations only have one or two publicly accessible IP addresses. Often, the public IP address is assigned to a router that directs inbound messages to your Exchange server. Since workstations connected to the Internet often use Network Address Translation (NAT), the router uses its own IP address to retrieve Web content on behalf of the client requesting it.
This is important because, depending on how your network is configured, Web requests from workstations could potentially be using the same IP address as your Exchange Server.
Therefore, if a Trojan is causing a workstation to spew spam, it could potentially cause your company's publicly accessible IP address to become blacklisted, which essentially has the same effect as blacklisting your Exchange server.
2. Make sure your Exchange Server is not an open relay
A second preventative measure is to check your Exchange server for the existence of an open relay, and close the relay if it is open.
- In Exchange Server 2003, go to Exchange System Manager -> Administrative Groups -> your administrative group -> Servers -> your server -> Protocols -> SMTP -> Default SMTP Virtual Server.
- Right click on the Default SMTP Virtual Server and select Properties.
- Select the Access tab and click the Relay button.
- You will see a dialog box that allows you to configure mail relay for the server. I recommend using the "Only the List Below" setting.
If you have multiple SMTP virtual servers configured, you will have to repeat this procedure for each one.
3. Use Sender Policy Framework (SPF)
When recipients receive a message that claims to be from you, their antispam software can compare the IP address the message originated from against your e-mail server's IP address. If the addresses don't match, the message can be assumed fraudulent, and the recipient doesn't think that your mail server is sending out spam.
The Sender Policy Framework is still relatively new and a bit controversial because of some alleged weaknesses. However, it is a tool that could potentially help prevent you from being blacklisted.
TUTORIAL: HOW TO PROTECT EXCHANGE SERVER FROM SPAM BLACKLISTS
Part 1: How your Exchange server can get blacklisted
Part 2: How to keep your Exchange server off spam blacklists
Part 3: How to remove your Exchange server from spam blacklists
Part 4: Related links on spam prevention and management
|ABOUT THE AUTHOR:|
| Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
Dig Deeper on Spam and virus protection