Stopping Bots From Blacklisting Your Mail Server

Most Internet facing mail servers will consult a blacklist for all incoming email, comparing the identity of the sending server to known spam sources. When you are a business you absolutely do not want to have your mail server blacklisted as your customers mail servers will simply refuse to receive email from your company.

Some of my clients run a mail server on their local network enabling them to have full control over their email system. Most Internet facing mail servers will consult a blacklist for all incoming email, comparing the identity of the sending server to known spam sources. When you are a business you absolutely do not want to have your mail server blacklisted as your customers mail servers will simply refuse to receive email from your company.

Anger Bot!
Photo From StickBus

A common cause of blacklisting, in my experience, is when client PCs are infected by malware and become part of a botnet. The owners of the botnet then use the infected machines to send out thousands of spam emails and its not long before this is noted and your connection appears on a blacklist, effectively preventing your legitimate email from getting to recipients.

To prevent blacklisting I adopt these best practices:

  1. Allow the local mail server to send email and block all other outgoing connections on port 25 at the firewall
  2. Configure the mail server to only accept connections from authenticated mail clients.

Now only legitimate users that are logged in to the mail server can send mail, any attempt by an infected machine to contact an external mail server to send email is blocked at the firewall. If PCs then become infected, the firewall logs will alert you to the outgoing connection attempts on port 25 and the infection can be dealt with.