We currently run windows server 2003 with exchange mail, but have been blocked with spamhaus.org even though we don't send out spam mail. My question is, what settings do I need to set with smtp to ensure people from outside can't send spam through our servers? I have gone into the Exchange System Manager and chosen the properties of the Default SMTP Virtual Server, the configuration is as follows:
Access / Authentication – Anonymous access is ticked, so is basic authentication and integrated windows authentication
Delivery / Outbound Security – Anonymous access is selected
Is this correct?
Best Answer
Contrary to some public opinion, Spamhaus don't block people for the lols but for a reason. That isn't to say that I always agree with all their reasons, but rather that if they are blocking you then they are doing so for a reason which you should be able to get from them along with evidence.
First of all you say "we don't send out spam mail". Glad to hear it. Do you mean that you are 100% certain that no spam email is sent by your servers by anyone, period, or is that a coded way of saying "Our server is sending out spam but its not ours, HELLLLLLLLP!"?
Anyway if you say your servers don't send spam yet they have listed you, then either you are mistaken (and their evidence should help you see how and fix that issue directly) or they are not blocking you because you are sending spam - either your IP is dynamic or is caught in a generalised block of IP ranges from a ISP that spamhaus considers to be a problem.
In the first case then having the evidence will help you pinpoint any problem and fix it far more efficiently than fiddling around with settings will, and in the latter two cases then the settings on your own server are completely irrelevant to the issue. In all cases it comes back to knowing why you've been listed before doing anything else.
If you have been listed because you are in a dynamic range or because Spamhaus has blocked a range of IP addresses that you just happen to fall into then you are unlikely to get reliable mail service for a variety reasons. At that point, I'd suggest using a smarthost at either your ISP (if your mail server IP is dynamic) or a 3rd party (if Spamhaus think your ISP is a spam haven then they're probably not the only people blocking email from their IP ranges).