Our IP has been Black Listed - Please Remove

[Derek T]

On another note. I want to prevent this from happening again and will follow throught FAQs and suggestions. However for redundancy and to prevent major email disruption from happing again I want to implement the following:

1. Create another mx (mail2.charterhall.com.au) record that will point to ip 203.48.247.107

2. Configure required Firewall settings to have this IP ready for use with Exchange server, but have it only deny until required.

3. If for unforseen reason ie. new vulnerability, we are listed anywhere.

4. Change FQDN in Exchange Virutal SMTP Server to mail2.charterhall.com.au

5. Change external IP of firewall to 203.48.247.107

5. Deny all SMTP for 203.48.247.108

6. Re-route all SMTP traffic via 203.48.247.107

There is a largish body of opinion that would suggest:

7. Disconnect Exchange server from WAN and put a linux/unix server inbetween :-)

[Telarin]

Yeah Derek, that may have been true for earlier versions of Exchange, but I would say for exchange 2000+, the lack of ability is not with the software. The problem is that it is GUI based, which makes people that have no idea what they are doing think they are mail server admins. The safety with Linux is that you have to be at least somewhat proficient to get it working at all. Exchange works pretty much right out of the box without having to deal with any advanced configurations. Thus a non-proficient user can get it up and running without taking into consideration any of the ramifications of their (lack of) configuration options.

[Derek T]

Yeah Derek, that may have been true for earlier versions of Exchange, but I would say for exchange 2000+, the lack of ability is not with the software.

Thanks for bringing me up-to-date. Have all the 'unsafe' defaults, standard accounts etc. now been corrected 'out of the box'?

[Telarin]

There are still a number of "out of the box" configuration problems, which is one of the problems with Exchange. The unsafe accounts have pretty much been dealt with, but there are some configuration changes that must be made to prevent unsolicited bounces, etc. People think that because it is a GUI, they don't need any experience as an email admin to set it up correctly, and that is an incorrect assumption, and leads to many of the problems that are associated with Exchange.