blacklisted
PSBL says they have received spamtrap mail from our IP address. How do I check all my PCs to see which ones are responsible? I have anti-virus on all workstations and servers, anti-spam on the e-mail server, and anti-spyware on the workstations. All is updated regularly. What else do I need to do? Any places anyone can point me? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: blacklisted
Monitor the traffic as it is leaving your firewall. If you see smtp traffic that doesn't belong to you then track down the originating ip from the log and see what is up that way? From: Holstrom, Don [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 10:52 AM To: NT System Admin Issues Subject: blacklisted PSBL says they have received spamtrap mail from our IP address. How do I check all my PCs to see which ones are responsible? I have anti-virus on all workstations and servers, anti-spam on the e-mail server, and anti-spyware on the workstations. All is updated regularly. What else do I need to do? Any places anyone can point me? __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: blacklisted
Block all outbound port 25 on your firewall, except for your mail server. From: Holstrom, Don [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 10:52 AM To: NT System Admin Issues Subject: blacklisted PSBL says they have received spamtrap mail from our IP address. How do I check all my PCs to see which ones are responsible? I have anti-virus on all workstations and servers, anti-spam on the e-mail server, and anti-spyware on the workstations. All is updated regularly. What else do I need to do? Any places anyone can point me? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: blacklisted
First check to see if your server is setup to open relay http://www.checkor.com/ If your email server is not setup to open relay then check your firewall or router logs to see what internal IP address is sending out on port 25. Your firewall should be locked down to ONLY allow outbound port 25 traffic from your email server or SMTP gateway. Additionally setup your firewall (if it has the function) to send you an email alert any time an internal computer attempts to send out email on port 25. That way you know the moment a computer is compromised. Matt On Tue, Sep 30, 2008 at 10:51 AM, Holstrom, Don [EMAIL PROTECTED] wrote: PSBL says they have received spamtrap mail from our IP address. How do I check all my PCs to see which ones are responsible? I have anti-virus on all workstations and servers, anti-spam on the e-mail server, and anti-spyware on the workstations. All is updated regularly. What else do I need to do? Any places anyone can point me? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: *****SPAM***** blacklisted
Yeah the past couple days our Spamassassin has been tagging all of the NTSysadmin mails due to Spamcop. I really dont know why we even bother using them anymore. We're using a 3rd party hosted spam solution and dont even need spamassassin anymore. i.e.: On Sep 30, 2008, at 10:51 AM, Holstrom, Don wrote: Content analysis details: (5.2 points, 5.0 required) pts rule name description -- -- 0.1 HTML_MESSAGE BODY: HTML included in message -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 10 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?64.128.133.151 ] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: *****SPAM***** blacklisted
ironport is blocking here. From: Phillip Partipilo [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 11:01 AM To: NT System Admin Issues Subject: Re: *SPAM* blacklisted Yeah the past couple days our Spamassassin has been tagging all of the NTSysadmin mails due to Spamcop. I really dont know why we even bother using them anymore. We're using a 3rd party hosted spam solution and dont even need spamassassin anymore. i.e.: On Sep 30, 2008, at 10:51 AM, Holstrom, Don wrote: Content analysis details: (5.2 points, 5.0 required) pts rule name description -- -- 0.1 HTML_MESSAGE BODY: HTML included in message -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 10 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?64.128.133.151] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: blacklisted
I always white list any mailing lists I sign up for. These temporary transient blocks are pretty common for mailing lists so best just to avoid the issue up front. From: David McSpadden [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 11:01 AM To: NT System Admin Issues Subject: RE: *SPAM* blacklisted ironport is blocking here. From: Phillip Partipilo [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 11:01 AM To: NT System Admin Issues Subject: Re: *SPAM* blacklisted Yeah the past couple days our Spamassassin has been tagging all of the NTSysadmin mails due to Spamcop. I really dont know why we even bother using them anymore. We're using a 3rd party hosted spam solution and dont even need spamassassin anymore. i.e.: On Sep 30, 2008, at 10:51 AM, Holstrom, Don wrote: Content analysis details: (5.2 points, 5.0 required) pts rule name description -- -- 0.1 HTML_MESSAGE BODY: HTML included in message -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 10 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?64.128.133.151] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: *****SPAM***** blacklisted
IronPort owns Spamcop. On Tue, Sep 30, 2008 at 11:00 AM, David McSpadden [EMAIL PROTECTED] wrote: ironport is blocking here. From: Phillip Partipilo [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2008 11:01 AM To: NT System Admin Issues Subject: Re: *SPAM* blacklisted Yeah the past couple days our Spamassassin has been tagging all of the NTSysadmin mails due to Spamcop. I really dont know why we even bother using them anymore. We're using a 3rd party hosted spam solution and dont even need spamassassin anymore. i.e.: On Sep 30, 2008, at 10:51 AM, Holstrom, Don wrote: Content analysis details: (5.2 points, 5.0 required) pts rule name description -- -- 0.1 HTML_MESSAGE BODY: HTML included in message -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 10 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?64.128.133.151] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~