Steps to prevent server blacklisting
cnfuzzd
Member Posts: 208
I am wanting to create a checklist/set-up document for configuring exchange servers to prevent them from being blacklisted. Here is what I have so far:
Close SMTP relay
prevent unneccesary outgoing port 25
correctly configure masquerade domain
correctly configure reverse DNS
subscribe to a spam filtering service/configure accepting email only from that service
anti-virus sw throughout the network
configure SPF records if available
What else should we be looking at?
Thanks!
john
Close SMTP relay
prevent unneccesary outgoing port 25
correctly configure masquerade domain
correctly configure reverse DNS
subscribe to a spam filtering service/configure accepting email only from that service
anti-virus sw throughout the network
configure SPF records if available
What else should we be looking at?
Thanks!
john
__________________________________________
Work In Progress: BSCI, Sharepoint
Work In Progress: BSCI, Sharepoint
Comments
-
astorrs Member Posts: 3,139 ■■■■■■□□□□make sure your not using an IP address from a range defined by your ISP as not allowed to send SMTP mail from - sorry I don't remember the list name (royal, HeroPsycho?) Basically anyone who has a cable type connection is at risk of this.
-
astorrs Member Posts: 3,139 ■■■■■■□□□□Technowiz wrote:Hey astorrs is that avatar a reference to Animal Farm?
-
HeroPsycho Inactive Imported Users Posts: 1,940I would suggest a few more things.
If you have additional public IP's, have your outbound email systems route out via a different pub IP than clients, especially if blocking outbound SMTP from anything other than your outbound gateways is not possible.
This is especially important if you use a hosted antispam filtering solution like Postini...
Use antispam filtering for YOUR outbound mail. You'd be surprised how many places don't do this.
Speaking of hosted antispam solutions, if you use one, configure your Exchange servers and firewall devices (BOTH!) to restrict incoming and outgoing email to work only to/from your hosted filtering providers' servers.
Ensure your Exchange servers also have Exchange specific AV agents AND OS level agents installed and updated!
Ensure your email system conforms to SMTP RFC's, things like their helo greetings, etc.
http://www.ietf.org/rfc/rfc2821.txt
Finally, invest in a robust monitoring product, and setup monitoring and alerts for things that may indicate your servers are spamming.Good luck to all!