Unofficial IT person needs help very bad with work network!

I’m not even sure where to begin or exactly what information to give but this concerns our work server and email and internet. I posted a long time ago in the Welcome thread stating that I was the “Unofficial” IT person at my job. Lucky me. Lol.
Right now I’m home so this is from memory as best as I can do.
We have 2 servers – 1 for data and it runs Windows 2000. The other one is for email and runs Windows 2003. We have our own domain name, a static IP address and the MX record is directed to our server.
We have 10 other computers and laptops (OS is XP except for 2 which still run 2000 Professional) all networked and the blue wires go from our computers to a hub which is connected to a router which goes into our ISP’s cable modem. The router is a linksys and I have no idea what the hub is.
My problem is this: We are able to receive email but almost every email we attempt to send is bounced back. For the most part the bounced emails just say a 5.5.1 error and to contact our system administrator. Unfortunately that is me.
Some of the bounced emails do state that our IP has been blocked being considered spam.
We have an IT person who we usually contact for big problems but he has been extremely busy lately and not able to get to us and my bosses are screaming for this to be fixed. The real IT person did a scan at some DNS place and a list of places like spamcops came up that we were blocked because of spamming people.
Our antivirus sucked and was out of date so just upgraded to AVG Business antivirus to cover the servers and workstations. I scanned every computer and both servers. Most were clean but a few did have spam, spyware, tracking cookies and a few viruses. I am pretty sure AVG got them all. Afterwards I went to all the places like spamcops and requested unblocking. It worked. For 1 day. The next day our sent emails were bouncing again. Around this time our internet also started creeping very slow as if we had dialup instead of cable. I did notice that if I had Outlook up (outlook 2000) the internet was slower than if I did not have it up and running.
I contacted our busy IT person who said we may just have to change our static IP address and then reconfigure the router and have the MX record redirected all of which will take up to a few weeks. I just wanted to know if there was anything else I could do and to ask if anyone knows just how all this happened to begin with. Where we high-jacked? And if so was it our server? I have limited knowledge on how all this spam stuff works to begin with so I’m just not sure what is going on and any help is greatly appreciated.
I do know that of the computers that had viruses, 1 does some online shopping and 2 went to some, umm, questionable sites. I know on one hand I should say “Don’t go to these sites!!” but I can’t because it is the bosses going there. We also have a webpage and our email addresses are listed there with clickable links. I have only recently been reading at PC World that we shouldn’t do that without having the email addresses in a different html code to confuse the bots, or something like that. Please help direct me to where to learn what I can do. Thanks.

 

It sounds like your IP or your domain name have been added to one of the many real-time DNS blacklists (http://en.wikipedia.org/wiki/DNSBL). I would go to a few of them and look up your domain name. Problem #1 is that if you're listed, it's extremely difficult to get de-listed. Extremely. I wish you luck. I've never had to do it and I don't envy your task.

Next, you should set up a Sender Policy Framework record with your DNS provider. This is a special DNS TXT record that will list servers that your organization guarantees do not send spam:
http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://www.openspf.org/

You should also be checking that your email server is only sending email for authorized and authenticated users. Anonymous email relays are perfect for spammers to hijack.

As an aside, you're going to need to budget upgrading from Windows 2000 on your clients and your servers. The OS is no longer supported and it is a security risk. Arguably, you should also consider budgeting and upgrade from XP and Server 2003 since both of those products will be entering less robust support stages within a few years. I understand that small businesses have very tight budgets, but you must understand that unless you maintain your systems that there is a very real risk that all data within the company -- that is, any digital asset -- will be destroyed. If no disaster recovery and no backup is in place, it will be destroyed beyond recovery.

Any more than that and you'd have to pay me.

 

Thanks so much for replying. I do know our IP is what showed up as being blocked, but I never tried just our domain name. I will try that tomorrow from work. Thanks for the links, the info on Sender Policy Framework and the wishes for luck. I am going to need it, lol.
I really do realize the need for upgrading and have mentioned it to the "bosses" several times to no avail. They are *whispers* cheap! It's why I'm the "unofficial" IT person along with my regular full time duties of Secretary. lol. The real IT person wants them to sign a yearly contract which they claim is too costly even though I explained to them that it would include monthly maintenance on all computers. They think I have time to do that and with my workload as it is I just do the best I can. Ok, enough of my pity pot, lol and off to read the links you sent.
Thanks a bunch

 

Oh, no, trust me. I've dealt with more than enough cheap bosses in my day. I don't understand paying top dollar for accountants and tax attorneys and then neglecting maintenance on your business. It's merely setting you up for disaster. Penny wise and pound foolish. And then they'll expect you to be a miracle worker when things break because they're not configured correctly or they've fallen into disrepair.

I completely understand the situation your IT serviceman is in. They didn't pay for a service contract and now they want platinum service at copper rates. Here's a little line I've memorized: "Your poor planning does not constitute an emergency for me."

If they'd done it right the first time they wouldn't have a problem. Now they're going to have to wait because they're not my only responsibility. You pay me for 40 hours time a week. You want more than that? We can talk. It's going to cost you.