IP Blacklisted
in [Microsoft Exchange]
|
From: Jake on 28 May 2010 23:06 I just checked my mail server external IP address at mxtoolbox site. Note: I only have 1 static IP assign to send/receive email. Incoming mail is routed/NATted from ext to privateIP. Similarly, there's a rule for all outgoing mail from my Exchange internal mail server (privateIP) to the internet. Anyway, here's the result from http://cbl.abuseat.org/ : This IP is infected (or NATting for a computer that is infected) with the gheg spambot. False "gheg" detections have been seen with M&Wise's MTA software, "UMS". Please contact your vendor for a patch. We believe that most installations using this software have already been patched. False "gheg" detections have also been observed with challenge/response messages from the "TotalBlock" challenge-response (C/R) anti-spam solution (www.totalblock.net). Please contact your vendor for a patch. Note: Since virtually all spam has forged From lines, C/R is a bad idea in the first place because it bombards innocent third parties with challenges to emails that they didn't send. The CBL does _not_ list on this basis (it has no way of knowing the email is a challenge), but other DNSBLs do. In the TotalBlock case, the challenge emails are implemented poorly and trigger gheg detections. ---------------------------- My IP was listed at around 12 noon PST Friday. Is this a guarantee that my Exchange Server 2003 or a machine in the LAN is pumping out spam? I don't see any proof of mail volume increase the whole day today. Exchange SMTP log looks normal, just like any other day. My firewall doesn't show any indication of massive SMTP outgoing connections. There is only 1 way out for all SMTP traffic from the internal LAN to the internet, that is, from my Exchange server, thru the firewall, out to the whole world. I'm thinking it's a false detection. Has anyone been mistakenly blacklisted because of a non existent spambot?
From: Jake on 28 May 2010 23:17 Btw, the only change I did recently (about 1-2 weeks ago) was enabling Allow Non Delivery Reports. This is an Exchange Server 2003 SP2 with up to date patches. I got my recipient filtering enabled years ago. "Jake" <someone> wrote in message news:etKtzvt$KHA.5808(a)TK2MSFTNGP02.phx.gbl... >I just checked my mail server external IP address at mxtoolbox site. Note: >I only have 1 static IP assign to send/receive email. Incoming mail is >routed/NATted from ext to privateIP. Similarly, there's a rule for all >outgoing mail from my Exchange internal mail server (privateIP) to the >internet. > > Anyway, here's the result from http://cbl.abuseat.org/ : > > This IP is infected (or NATting for a computer that is infected) with the > gheg spambot. > > False "gheg" detections have been seen with M&Wise's MTA software, "UMS". > Please contact your vendor for a patch. We believe that most installations > using this software have already been patched. > > False "gheg" detections have also been observed with challenge/response > messages from the "TotalBlock" challenge-response (C/R) anti-spam solution > (www.totalblock.net). Please contact your vendor for a patch. > > Note: Since virtually all spam has forged From lines, C/R is a bad idea in > the first place because it bombards innocent third parties with challenges > to emails that they didn't send. The CBL does _not_ list on this basis (it > has no way of knowing the email is a challenge), but other DNSBLs do. In > the TotalBlock case, the challenge emails are implemented poorly and > trigger gheg detections. > ---------------------------- > > My IP was listed at around 12 noon PST Friday. > > Is this a guarantee that my Exchange Server 2003 or a machine in the LAN > is pumping out spam? > > I don't see any proof of mail volume increase the whole day today. > Exchange SMTP log looks normal, just like any other day. My firewall > doesn't show any indication of massive SMTP outgoing connections. > > There is only 1 way out for all SMTP traffic from the internal LAN to the > internet, that is, from my Exchange server, thru the firewall, out to the > whole world. > > I'm thinking it's a false detection. Has anyone been mistakenly > blacklisted because of a non existent spambot? >
|
Pages: 1 Prev: Can not Email 17mb file outside our SMTP connector Next: Resend Mail from Server |