Jump to content

mpope

Members
  • Content Count

    2
  • Joined

  • Last visited

Everything posted by mpope

  1. mpope

    Help please

    I am consulting for a company that has been added to the spamcop bl. The address is 24.123.103.228 and the domain is whitegoss.com. They have a rather odd setup (IMHO) and have traffic going to redundant connections through time warner and at&t. The bl was listed 16 hours ago according to spam cop though I have recieved no notification that I am aware of. I actually found out when client email started bouncing (its a law office). Anyway according the person I emailed at spamcop it was phishing emails passing through our server. We sit behind a decent firewall and as far as I can find have no open relay's. This was the reason given: Phish mails: Received: from rrcs-24-123-103-228.central.biz.rr.com (HELO WGEX.domain.com) (24.123.103.228) [trap servername] with SMTP; 27 Oct 2006 05:xx:xx -0000 Received: from User ([24.108.64.181]) by WGEX.domain.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Oct 2006 07:xx:xx -0500 Subject: Update your online banking account information. The 24.108.64.181 traces to the nameserver at iil.com which is according to arin in Canada. Im rather stumped, in the meantime I have an office full of lawyers breathing down my neck for "breaking their email". Any suggestions on what I could start looking for. BTW I am running exchange 2003. Hope i've provided enough info.
  2. mpope

    Help please

    Thanks for the quick response, I'll start digging through that now. Figures things would go bad the week my boss leaves town.
×