Posted 20 May 2009 - 10:00 AM
Recently one of my company's satellite offices lost the ability to send mail. We do not have Exchange, but each of our three location uses the same email provider with the same pop/smtp settings. After some quick investigative work (helo, mail from:, recpt to:) it showed that our IP gateway for that office had been blacklisted at sbl-xbl.spamhaus.org.
Going to their site, I read the FAQ and it stated that 1 or more of 3 things could put us on the blacklist.
1) A workstation had been compromised or infected with a Trojan horse, bot, etc and the machine was being used as a mass mailer.
2) Because of an "open proxy"
3) Because of open relay smtp issues. BUT, it also said that this blocking list did not report open relay issues - so this was not the case. (My email provider confirmed that it was not as well - just to double check and be safe)
I first assumed that it was Option 1. Since we only have 3 PCs at that specific office, it did not take long to run extensive scans (HijackThis, Spybot, Adaware, TrendMicro, Windows Defender, Malwarebytes) on the machines. Nothing was found.
Hoping it was an error, I submitted a request to be delisted at the blocking sites (XBL and CBL). A few hours later we were able to send mail again, and a few more hours later we were not.
Currently heres where I'm at, looking at Option 2:
I am unable to find relevant information on what is/could cause/how to secure an open proxy. Because of its name, "open proxy", google searches return sites that offer free proxies, rather than a description of what they are, making research a tad difficult.
In hopes that someone more familiar with this could perhaps enlighten me, I'll go ahead and explain our network set up for the satellite office that has it's IP blacklisted.
The office is situated in a trailer in a compound with other trailers of different companies. Because of the need to share files/management systems/scheduling between companies, Company X, offers us a connection into their network. This does not grant us internet access however. Instead, we have our own T1 line that goes only to our office.
Each PC in our office has two network cards. Connected to one is the T1 connection, and the other connects us to Company X's network, essentially allowing PCs access to each network simultaneously.
My question is....
- Could this create/be the cause of an "open proxy"?
- How else could this effect/complicate our network?
A bit long winded, sorry, let me know if anything is unclear, and thank you thank you thank you in advance, as any advice is very much appreciated