Hey Guys,
A couple months ago one of our employees brought a pretty nasty virus into our network. Took some work but everything is now cleaned up. Only thing is we got put on a couple blacklists. Here is some info on our setup:
We have an ASA 5520 firewall.
External port on the firewall is assigned the IP x.x.x.50
Email infrastructure is Exchange 2010. We have 2 hub transport servers.
Our 1st hub transport server is set up on the firewall to NAT to x.x.x.54
Our 2nd hub transport server is set up on the firewall to NAT to x.x.x.55
The IP that is blacklisted is the IP assigned to the external port on the firewall x.x.x.50. The firewall is now set up to only allow smtp on the .54 and .55 addresses which should clear up any future blacklist issues on the firewall external port IP. I am still going through applying to get off all of the blacklists.
I have sent out some test emails from my work account to my yahoo and gmail. The headers in gmail and yahoo all show either x.x.x.54 and 55 as the sender which tells me that the NATs are working correctly. Some of our messages are getting blocked do to the fact that we are on blacklists but the part that I don't understand is that we are getting blocked based on the fact that the firewall external port is on the blacklists. The external IPs/NAT IPs of the hub servers are not on any blacklists. How can the fact that our firewall external port IP is on blacklists cause spam filters to reject our email if the hub server external IPs are not on any blacklists?