Some of my cli­ents run a mail server on their local net­work enabling them to have full con­trol over their email sys­tem. Most Inter­net facing mail serv­ers will con­sult a black­list for all incom­ing email, com­par­ing the iden­tity of the send­ing server to known spam sources. When you are a busi­ness you abso­lutely do not want to have your mail server black­lis­ted as your cus­tom­ers mail serv­ers will simply refuse to receive email from your company.

Photo From Stick­Bus

A com­mon cause of black­list­ing, in my exper­i­ence, is when cli­ent PCs are infec­ted by mal­ware and become part of a bot­net. The own­ers of the bot­net then use the infec­ted machines to send out thou­sands of spam emails and its not long before this is noted and your con­nec­tion appears on a black­list, effect­ively pre­vent­ing your legit­im­ate email from get­ting to recipients.

To pre­vent black­list­ing I adopt these best prac­tices:

1. Allow the local mail server to send email and block all other out­go­ing con­nec­tions on port 25 at the firewall
2. Con­fig­ure the mail server to only accept con­nec­tions from authen­tic­ated mail clients.

Now only legit­im­ate users that are logged in to the mail server can send mail, any attempt by an infec­ted machine to con­tact an external mail server to send email is blocked at the fire­wall. If PCs then become infec­ted, the fire­wall logs will alert you to the out­go­ing con­nec­tion attempts on port 25 and the infec­tion can be dealt with.