To stay off blacklists, filter port 25 outbound at your firewall or Internet router. There is absolutely no reason for anything other than mail servers to connect out from your domain.
-- be - MOS Telepathy: Knowing what people think when really they don't think at all. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Tony Nguyen > Sent: Friday, May 26, 2006 6:27 PM > To: Exchange Discussions > Subject: RE: Blacklisted > > I deleted already. At the moment I just wanted the laptop to > be clean and remove our IP address from blacklisted. > > -----Original Message----- > From: Alex Eckelberry [mailto:[EMAIL PROTECTED] > Sent: Friday, May 26, 2006 3:06 PM > To: Exchange Discussions > Subject: RE: Blacklisted > > > I would submit the file to Virustotal - > http://www.virustotal.com/vt/ and see what comes up. > > Also, you can submit it to the Norman Sandbox for analysis. > http://sandbox.norman.no/ > > You'll at least find out what you're dealing with. > > > Alex Eckelberry > Sunbelt Software > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Michael Henry > Sent: Friday, May 26, 2006 1:02 PM > To: Exchange Discussions > Subject: RE: Blacklisted > > Binary file virus, two files working together to stay loaded. > The thought being you are never fast enough to delete both. > > Best method of removal, remove drive and slave mount it to a > system with a current AV, custom scan the drive, and it will > usually kill both files while their dormant. If it's a > really new virus, scan for .exe,.dll that have a new date > since the infection time. > > Regards, Michael > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Tony Nguyen > Sent: Friday, May 26, 2006 10:04 AM > To: Exchange Discussions > Subject: Blacklisted > > Any seem this before. One of or sale guy came back from a > trip and his laptop was infected with maybe a virus I am not > sure but it put a file call "s2842p03.exe" on the c:\ and > when I delete the file it come back after a reboot. The next > thing I know we were blacklisted by cbl.abuseat.org. I think > the laptop is sending out multi SMTP packet but not sure. > Anyone know of a way to track this down and remove it? > > Thank and sorry about the long disclaimer. It just a company policy. > Tony > > [Disclaimer] The receiving party represents and warrants that > no technical data furnished by the disclosing party shall be > exported from the United States without first complying with > all requirements of the International Traffic in Arms > Regulations and the Export Administration Act and regulations > hereunder, including the requirement for obtaining any export > license, if applicable. > > The receiving party shall first obtain the written consent of > the disclosing party prior to submitting any request for > authority to export any such technical data. > > The receiving party shall indemnify and hold the disclosing > party harmless of all claims, demands, damages, costs, fines, > penalties, attorney's fees and all other expenses arising > from failure of the Receiving party to comply with this > clause or the International Traffic in Arms Regulations and > the Export Administration Act and applicable regulations. > > The receiving party may make the technical data furnished > available only to its employees, contract employees and other > parties working on the program within the receiving party's > facility and having a "need to know" with respect to said > purpose. In connection therewith, the parties shall advise > each such employee, contract employee or other party of its > obligations under this agreement. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
