Jump to content

mremotti

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mremotti

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Linden, NJ USA
  1. OOOHHH BOOOYYY another Fryday I hope you Gurus are reading this, we just experienced a critical malfunction of our Firewall and reverted to the old configuration sending mail from 209.19.30.34 instead of our 209.19.30.46 or .45 mail servers PTR's CISCO has shipped a spare and will be here within hours, PLEASE keep us out of the blacklist while we work on this problem. Thanks Marcelo E. Remotti Information Systems Manager Camin Cargo Control, Inc. 230 Marion Ave., Linden - NJ 07036 Phone: 908-523-0616 Cell: 732-309-6923 Fax: 908-862-2545 mremotti[at]camincargo.com
  2. Derek, Wazoo Thanks for your interest in helping. We did close all the loopholes we thought we had and reconfigured the PTR record on our mail server to the correct one. Now we may still be vulnerable in some way or another and any suggestions are welcomed but remember PLEASE this is a one man show (for now) and I am not a technical expert so all your testing with VRFY on-off, the RTFM, the AVG and alike acronyms don't help me much unless I know how to set that up without taking a Microsoft University Degree Course ..... only have 24 hours, a job and a family :-) Regards Marcelo
  3. yes, thanks. I'm checking every 30 mins/1hr to see how it goes.
  4. We had 5 AVirus layers, 1 AntiSpam...and after a lot of scanning, probing, sniffing,,, we found one virus and killed it , although I am not convinced yet it was the one and the only... One issue brought up in this forum was that my server was sending NDR's when I had it set to NOT but maybe I had not restarted the smtp service ??? Still I don't think that would be a reason to be blacklisted??? I was doing the 'right thing' then.. before spammers made our life a misery right? We are changing the PRT record with our ISP to point to the correct IP of the mail server not the firewall... We installed a sniffer in our outgoing firewall port (damage control only because is a freeware and is not realtime) Unfortunately I can't afford the wait-and-see game so I am still working on re-checking everything I did yesterday and open to suggestions. Thanks to all and please let me know (in plain-er English please, I'm not a Exchange Guru) what else can I do.
  5. weird because the Default properties for the Internet message Format have the Advanced tab setting Allow non-delivery reports unchecked...
  6. I saw it a second too late, I see you were talking about SMTP version, which is odd since we had upgraded the OS and I thought the WIn 2000 SRV SP3 and Upgrade would have updated that service as well. WE are downloading the latest SP tomorrow early and will apply asap.
  7. My ms1 server is version 6.0 Build 6249.4:SP3 ??? are we talking same server?
  8. Derek T when I disable the Anonymous Access Authentication option on the SMTP Access Control I get no incoming messages at all...
  9. never enough info, just looking at that topic in the FAQ. Remember I wasn't the one seetin gup the Exchange (he's gone) and I coping with the consequences, not fully MS Exchange versed... any changes I make can create a bigger disaster...
  10. Hi Derek T No we are sending NDR from the smtp and we don't run mailing lists. We don't allow automatic replies, forwards or OOF. Also our AntiSpam software GFI Mail Essentials does not send any NDR's Traffic on our smtp's virtual servers appears to be valid and normal. thanks
  11. Dear Spamcop Forum Members I am the Systems Administrator of Camin Cargo Control whom you have listed under IP 209.19.30.4 ms1.cs1.camincargo.net and need some assistance from your side to get this problem resolved. I notice our server being listed yesterday and started looking for possible causes not finding yet the one that may have created the listing. Your services indicate this 209.19.30.34 server has sent messages to one of your traps, and also gave me some recommendations as to where to look for problems or security holes. Unfortunatelly I just lost my network admin tech person and are limited in resources and technical knwoledge in thsi area, therefore I ask you for some help. The company is currently suffering tremendously since our product is information sent via email to our customers, I need to get this listing lifted as soon as possible. Our company has a private WAN with a firewall Cisco PIX 515 public IP 209.19.30.34 to the internet and a back end MS Exchange 2000 Server with a public IP 209.19.30.45, that is why you get this : 209.19.30.34 PTR record: ms1.cs1.camincargo.net. [TTL 86400s] [A=209.19.30.45] *ERROR* A record does not point back to original IP. All our smtp traffic is sent via the Exchange server's smtp to the firewall and then to th einternet, teherefore our mail is always going out as 209.19.30.34 but incoming traffic must go to 209.19.30.45 who is listening for messages and has a tunnel to a front server on the DMZ who performs Virus/Anti_spam scanning running GFI Mail Essentials to screen for spam, and GFI MailSecurity with 5 antivirus engines for virus checking, then relaying to our Inside Exchange Server who also is running Symantec Mail Security on the stores and smtp traffic. Our workstations (100+) are using Symantec Anti-virus Corporate Edition and managed via a centralized console, all signatures up to date and last scan as of today came clean. Our server logs do not show any abnormal behaviour. I had the Cisco Tech Support person logged to my firewal but we can't find any malicious connection to the firewall or abnormal traffic out to the internet. All open ports are authorized web pages or Yahoo IM for example. We also installed a sniffer without any visible indications of offending traffic. We have checked repeatedly for spyware and virus like activity and could not pinpoint the offending machine, without much information from your side it is very difficult for just one person to tackle this without shutting down my company entirely. If there any information or guidance like an inside IP, date time, text of messages, etc you can give me to help find a faster resolution please let me know. At this point I am not sure whether the problem is inside or was reported by another source. Thanks Marcelo Remotti mremotti[at]camincargo.com -----Original Message----- From: SpamCop robot [mailto:summaries[at]admin.spamcop.net] Sent: Tuesday, October 18, 2005 1:25 AM To: Marcelo E Remotti Subject: [spamCop summary report] [ SpamCop V1.493 Summary Report ] -- See footer for key to columns and notes about this report -- IP_Address Start/Length Trap User Mole Simp Comments RDNS 209.19.30.34 Oct 13 19h/4 19 0 0 0 blocklisted ms1.cs1.camincargo.net
×