MattLog.net » smtp http://mattlog.net Matts Admin Tips Wed, 21 Jul 2010 01:37:45 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Whitelist Request Forms/remove from RBL http://mattlog.net/2008/08/06/whitelist-request-formsremove-from-rbl/ http://mattlog.net/2008/08/06/whitelist-request-formsremove-from-rbl/#comments Wed, 06 Aug 2008 00:59:11 +0000 Matt Shadbolt http://mattlog.wordpress.com/?p=20 AOL:
Request whitelist – http://postmaster.info.aol.com/whitelist/whitelist_guides.html
Remove from RBL – http://postmaster.info.aol.com/waters/sa_form.html

Hotmail:
Remove from RBL – http://ipremoval.sms.symantec.com/lookup/

Yahoo!:
Request whitelist – http://help.yahoo.com/l/us/yahoo/mail/postmaster/postmaster_wl.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html
Remove from RBL – http://help.yahoo.com/l/us/yahoo/mail/postmaster/defer.html?from_url=http://help.yahoo.com/l/us/yahoo/mail/postmaster/index.html

For all other smaller mail providers you can use this free lookup tool for the major RBL services

http://www.mxtoolbox.com/blacklists.aspx

]]> http://mattlog.net/2008/08/06/whitelist-request-formsremove-from-rbl/feed/ 2 Locking down outbound SMTP http://mattlog.net/2008/07/30/locking-down-outbound-smtp/ http://mattlog.net/2008/07/30/locking-down-outbound-smtp/#comments Wed, 30 Jul 2008 09:22:35 +0000 Matt Shadbolt http://mattlog.wordpress.com/?p=10 I’ve recently had issues with my companies IP address being blacklisted by a bunch of RBL’s (Realtime Block Lists) blocking mail delivery from our server on the basis that we are sending SPAM. We of course didn’t realize there was a rouge client on our network sending bulk unsolicited emails.

After weeding out the client – and confirming their AV was installed and up-to-date, it was now time to stop this from happening again. And its actually relitively simple.

In this (and most) instances, the virus installs a light-weight SMTP server on the client and spews email on behalf of the SPAMmers. To stop this we need to block rouge emails being sent from within our network.

My company only has one mail server so the update to our outbound Cisco ACL was simple.

Sample:

ip access-list extended sample-inbound
allow ip any host 192.168.168.100 eq SMTP
deny ip any any eq SMTP
allow ip any any (yes I know, not good practice but a good example!)

OK, so fairly straight forward. As the traffic leaves our network the outbound ACL is run through. Firstly, if the SMTP traffic is from the server (192.168.168.100) the traffic is allowed. If the traffic doesn’t map the host IP address it drops to the second line. Obviously the next line deny’s any SMTP traffic – this is the condition that will stop any other client on the network from sending mail they shouldn’t be.

Simple as that.

NOTE: Be sure you apply the ACL to the correct interface! You should apply it to the interface that is connected to the server – in this example the default gateway of the 192.168.168.x network

]]> http://mattlog.net/2008/07/30/locking-down-outbound-smtp/feed/ 1