Why don't you go in reverse? Take the all out to see if it stops. If it doesn't, your hacked and you can probably put the IPs back in and deal with that issue. If it does stop, them start putting them back in, one at a time until you see a problem.
Darin. ----- Original Message ----- From: "Richard Farris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 11, 2004 12:06 PM Subject: Re: [Declude.JunkMail] Fw: Help, I have been blacklisted My log files have trippled in size the last 3 days. I have taken out several IPs to send for that were questionable and still I think I am hijacked but I cannot figure out where it is coming from...I have no viruses (except in the virus folder) so I must be hijacked.. Is there a way I can tell where the emails are coming from..I guess I can keep taking out IPs until it stops? Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" ----- Original Message ----- From: "Richard Farris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 10, 2004 2:18 PM Subject: [Declude.JunkMail] Fw: Help, I have been blacklisted > This is just from SpamCop....I am not open relay but have several IPs to > relay for and am taking most of them out and making customers authenicate.. > > Richard Farris > Ethixs Online > 1.270.247.5555 Office > 1.800.548.3877 Tech Support > "Crossroads to a Cleaner Internet" > > ----- Original Message ----- > From: "SpamCop/Ellen" <[EMAIL PROTECTED]> > To: "Richard Farris" <[EMAIL PROTECTED]> > Sent: Friday, September 10, 2004 1:35 PM > Subject: Re: Help, I have been blacklisted > > > > Hi -- I do not see spam right now and your IP is scheduled for delisting > > within the next 2 hours. The headers below are indicative of all the > headers > > in the database. If you have fixed the problem then we should not see any > > further spam and everything will be fine. If you have not fixed the > problem > > and the spammer abusing your server is just laying low waiting for the > > delist then I would expect that we will be seeing more spam in the next 2 > or > > 3 days which will cause the IP to relist. > > > > Ellen > > > > Please include all previous correspondence with replies > > > > > > > > ----- Original Message ----- > > From: "Richard Farris" <[EMAIL PROTECTED]> > > To: "SpamCop/Ellen" <[EMAIL PROTECTED]> > > Sent: Friday, September 10, 2004 1:08 PM > > Subject: Re: Help, I have been blacklisted > > > > > > > Even now you see spam coming out to you? > > > Is there an exact IP I can trace or is it just the IP of my server > > > 65.240.164.10 > > > > > > Richard Farris > > > Ethixs Online > > > 1.270.247.5555 Office > > > 1.800.548.3877 Tech Support > > > "Crossroads to a Cleaner Internet" > > > > > > ----- Original Message ----- > > > From: "SpamCop/Ellen" <[EMAIL PROTECTED]> > > > To: "Richard Farris" <[EMAIL PROTECTED]> > > > Sent: Friday, September 10, 2004 11:47 AM > > > Subject: Re: Help, I have been blacklisted > > > > > > > > > > Hi Richard -- we are seeing spam being sent thru that IP: > > > > > > > > Received: from host-10.ethixs.com (HELO ethixs.com) (65.240.164.10) > > > > by <trap server> > > > > Received: from scene [201.128.42.9] by ethixs.com with ESMTP > > > > (SMTPD32-7.11) id <x>; Wed, 08 Sep 2004 14:xx:XX -0400 > > > > Subject: ONlY THE BEST F0R URS... > > > > > > > > The cause can be one of several things -- a worm/virus infection on > the > > > > server or a machine nat'd behind the server or it could be an > SMTP/AUTH > > > > exploit where the spammer has authenticated to your server and is > > > > sending/relaying spam thru it. Other possibilities include an insecure > > > cache > > > > or proxy on the server or php or cgi script. The headers do not > clearly > > > > indicate what the exploit is. > > > > > > > > Ellen > > > > > > > > Please include all previous correspondence with replies > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Richard Farris" <[EMAIL PROTECTED]> > > > > To: "SpamCop/Ellen" <[EMAIL PROTECTED]> > > > > Sent: Friday, September 10, 2004 12:41 PM > > > > Subject: Re: Help, I have been blacklisted > > > > > > > > > > > > > 65.240.164.10 > > > > > > > > > > Thank you very much... > > > > > > > > > > Richard Farris > > > > > Ethixs Online > > > > > 1.270.247.5555 Office > > > > > 1.800.548.3877 Tech Support > > > > > "Crossroads to a Cleaner Internet" > > > > > > > > > > ----- Original Message ----- > > > > > From: "SpamCop/Ellen" <[EMAIL PROTECTED]> > > > > > To: "Richard Farris" <[EMAIL PROTECTED]> > > > > > Sent: Friday, September 10, 2004 11:35 AM > > > > > Subject: Re: Help, I have been blacklisted > > > > > > > > > > > > > > > > Hi Richard -- what is the IP that is listed? > > > > > > > > > > > > Ellen > > > > > > > > > > > > Please include all previous correspondence with replies > > > > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Richard Farris" <[EMAIL PROTECTED]> > > > > > > To: <[EMAIL PROTECTED]> > > > > > > Sent: Friday, September 10, 2004 12:18 PM > > > > > > Subject: Help, I have been blacklisted > > > > > > > > > > > > > > > > > > I am the owner of ethixs.com and iolky.com and have been > > > listed..nothing > > > > > > could be further from the truth as we spend great amount of energy > > > > > filtering > > > > > > spam for our users...this is probably the reason I have had many > > > reports > > > > > of > > > > > > undeliverable mail in the last couple of days....PLEASE HELP > > > > > > > > > > > > Richard Farris > > > > > > Ethixs Online > > > > > > 1.270.247.5555 Office > > > > > > 1.800.548.3877 Tech Support > > > > > > "Crossroads to a Cleaner Internet" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
