Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About konczf

  • Rank
  1. Dear SpamCop, I now am finished and the problem is resolved. Boss believed me and this was even proved by our ISP. I did know that the good will win! For those who have problems with spams I've learned a lot as for I can help others too now: Possible causes: - Allowing automated NDR (if we receive 10 000 spams - non-delivery reports automated bounce back) - making a deny rule for everybody - except the server - for using port 25 (depends on network enviroment too!) - The need of a reverse DNS - Closing relay - Active and good working virus- and spyware cleaners (Nod32+Ad-Aware+SpyBot SD is enough). If possible, scan it through with a Netsky Cleaner and seek after the log of HijackThis. Now I just set up "Connection Filtering" again, but not using relays.ordb.org anymore, but using "sbl.spamhaus.org" and "xbl.spamhaus.org" too. An interesting thing was that my colleauge didn't really wanted to allow me scan his machine too. After 3 hours of asking, he did some Netsky cleaning and we installed the Nod32. Now we're not on the lists. Thank You all people! If possible and needed, I'll look how I could help your work too! On the need I'll love to help other people in Debian...
  2. We have www.mcr.hu as at AtRt. the mx record is ours, we have set up a reverse DNS, that is the reason of resolving mail2.mcr.hu for dial049030 or whatever. And now what? Greets
  3. We both got an ultimate thing: until wednesday, we HAVE to get from the lists off or we're get fired. So, please help me: I send every needed thing: ATRT has Bind with a used linux server with following config: ; mcr.hu ; $TTL 604800 [at] IN SOA ns.atrtnet.hu. postmaster.mcr.hu. ( 2006112101 ; Serial 86400 ; Refresh 7200 ; Retry 3600000 ; Expire 3600 ) ; Negative Cache TTL ; [at] IN NS ns.i-trade.hu. [at] IN NS ns2.i-trade.hu. [at] IN A www IN A mail IN A [at] IN MX 20 mail2 mail2 IN A I'm confused I can send ISA config pictures, but I'm trying to do my best as I will be fired. The router has NAT for port forwarding to port 25 to server and open port too for port 25. ISA has a DENY rule for port 25 as told before. Problem is we cannot send mail because of listings. I don't really find where I should look, please tell me a phone number I can find every needed thing.
  4. Now I know. The DNS is not even registered. So I know the problem lied that I assumed - as told me - everything is working. I assumed that and told the server to look connections after the blacklists. The problem lied in that, everybody just can install a server and tell "I'm mcr.hu". I have to contact the DNS admin that we have no seem to have the record to be an MX. It's a Linux server which I like very-very much so it won't be taking long to set it up. The good thing that the boss believed me that I'm right. "The clever one is not the one who talks much, but the one who is understandable". I'll set up the domain with a strong debian server and tell MX record as mail2.mcr.hu. The correct thing that our Company is not a false Company (from which I was a little bit afraid of). Hopefully, the cruelity will end up now after clearing up the full misconfigured open-proxy and so on...DNS. SpamCop, be patient and please delist us for the following three days, I'm working on the thing! Frank Koncz Systems Admin
  5. I have now the problem I think: The colleague of mine I think has seen, I'm taking the whole system seriously. Has changed on the DNS server something and TOLD THE BOSS THAT THE PROBLEM IS AT CONNECTION FILTERING!!!!! Now the Boss said this should be the problem, this didn't happen before...they deleted relays.ordb.org and sbl.spamhaus.org and xbl.spamhaus.org from the Connection Filtering section AND CHANGED BACK PROBABLY THE DNS ON THE PLACE I CANNOT! Why the ... are people so cool only because they are not fanatic ones?! How could I proove that? I don't want to loose my job only because of a colleauge as he says Microsoft and everybody is stupid only he knows....THIS IS FALSE, PLEASE PROOVE!
  6. Uhh..... Where should I look then? We have a second SBS server in other town; they are both are together with a static routing so that they can communicate. I've stopped already the Default Virtual SMTP Server on the second one. On the router which communicates to the internet, smtp pop and other ports are OPENED and NOT FORWARDED. Could this be a problem? Or should I communicate with the ISP? CBL even does not allow me now to delist!!! The only good thing is that it is weekend so not so many people have mailing problems! Scary... NOW WHAT?!
  7. Hi. Thank You for moving my post onto the right place, so where it belongs. What I have done after the confusion - I have read all what You so nicely wrote to me, thanks a lot for it. 1. Unfortunately, the people who wrote me I should read the FAQ's and so on - do You think I would have questions if I would all understand them? I'm not that lazy one who thinks only asking and asking and no google. Anyways I wouldn't prefer mostly debian. Cheers! But anyway, thanks. 2. For maybe a lucky day one good point was that somebody mentioned "I haven't written anything about ISA Firewall"! ---> I simply created a rule before Outbound access: Access: DENY Protocol: SMTP From: Internal To: External Applies to: All Users and everybody Because I've already created a rule: SMTP allow from Local Host To External...BUT NO DENY RULE FOR ANYBODY ELSE! Probably those modifications will first of all stop spamming through my server and so I'll have more time to check the client machines. I've tried to telnet from a client machine, because I couldn't do it, only from the server - it should work smoothly. At least, today no CBLs, hope for same in the following days... One other thing is, that our khm ISP is giving Fix IP-s like after from a pool which is dynamic...so cool solution... I will check the DNS records too I think. Hopefully, my nights will be okay. I'll post Hijackthis to everyone, asking for sending me the logs or the PrtScr screenshot as an attachement. Hopefully they won't send me "pagefile.sys" as for a mistake :-))))) Cheers :-)))
  8. Dear anybody, I am really confused now. I am a fanatic of computers since I'm 8-9 years old. Debian Linux is my favourite. Currently I am working for a company with about 90-100 users, they ONLY WANT TO HAVE a Windows 2003 SBS R1 server with the current ISA 2004 and Exchange 2003 w. sp2 (IMF updated) working. Since the last 14 days, it is my daily routine to delist our IP ( from SpamCop and CBL, sometimes if I'm "late" from even the others (sbl and so on). Until now what I have done: - Tested open relay: from a computer outside the company I telnetted to our IP to port 25, and said "EHLO", then mail from: asdf[at]qwer (answer: sender OK), rcpt to: konczf[at]yahoo.com ---> Relay not allowed! So I think I'm relay secure. However, if I'm writing rcpt to: user[at]mcr.hu (which is our domain and user for example exists) ---> mail is sent. Okay. - I have "Filter recipients who are not in the Active Directory" checked - I have "Connection filtering" --> relays.ordb.org, sbl.spamhaus.org, xbl.spamhaus.org - I have "Sender filtering" ---> *[at]comcast.net, *[at]MidLASurgical.com, *[at]hinet.net - I have IMF kept updated: archive messages greater or equal of 7, but put mail to Junk folder from level 5. - I have picked out checkmark from Non-delivery report sending, but it should send me the mail from not delivered mail - on the ISA 2004 I have a rule of SMTP is only allowed from Localhost (not Internal), so that port 25 should be only allowed through the server - Outlook RPC is only allowed for a single client machine, which uses Nod32. - Past days the server used the Symantec Mail Security for Exchange 2003 (version trial, but the latest one). It filtered messages....some good some not, but no critical happenings. - SpamCop told me dispute listing reason, BUT I CANNOT SEE THE MESSAGES on the Message Tracking Center!! Everybody is in it, but those messages are NOT there. So what now...? What any other reason sends mail through our beloved (khehhmm) IP? What if one of our colleauges are sending spam? People are interesting ones....we have about 50-100 machines, in even different Countries...I simply cannot be at every laptop (there are some laptops too) with my beloved Ad-Aware, SpyBot SD and HijackThis. Please, bigger gurus...should I send the userlist to SpamCop case of one of them is trying to ...ahh.... I have done many things, but not all, please give me ideas. Microsoft VAP Support was not so helpful...! Sincerely, Ferenc Koncz (i.e. Frank Koncz) konczf[at]mcr.hu PS: we have forwarded through the DNS the mails. IP Spoof attacks are to seen in ISA logs. Maybe? But how to resolve?