Steps to prevent server blacklisting

I am wanting to create a checklist/set-up document for configuring exchange servers to prevent them from being blacklisted. Here is what I have so far:

Close SMTP relay
prevent unneccesary outgoing port 25
correctly configure masquerade domain
correctly configure reverse DNS
subscribe to a spam filtering service/configure accepting email only from that service
anti-virus sw throughout the network
configure SPF records if available

What else should we be looking at?

Thanks!

john

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

astorrs

make sure your not using an IP address from a range defined by your ISP as not allowed to send SMTP mail from - sorry I don't remember the list name (royal, HeroPsycho?) Basically anyone who has a cable type connection is at risk of this.

Technowiz

Hey astorrs is that avatar a reference to Animal Farm?

astorrs

Technowiz wrote:

Hey astorrs is that avatar a reference to Animal Farm?

Nope: http://www.techexams.net/forums/viewtopic.php?p=262334#262334

HeroPsycho

I would suggest a few more things.

If you have additional public IP's, have your outbound email systems route out via a different pub IP than clients, especially if blocking outbound SMTP from anything other than your outbound gateways is not possible.

This is especially important if you use a hosted antispam filtering solution like Postini...

Use antispam filtering for YOUR outbound mail. You'd be surprised how many places don't do this.

Speaking of hosted antispam solutions, if you use one, configure your Exchange servers and firewall devices (BOTH!) to restrict incoming and outgoing email to work only to/from your hosted filtering providers' servers.

Ensure your Exchange servers also have Exchange specific AV agents AND OS level agents installed and updated!

Ensure your email system conforms to SMTP RFC's, things like their helo greetings, etc.

http://www.ietf.org/rfc/rfc2821.txt

Finally, invest in a robust monitoring product, and setup monitoring and alerts for things that may indicate your servers are spamming.