Jump to content

Tanquen

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Tanquen

  • Rank
    Member
  1. Thanks again for all the help. I got this email from TelePacific today: Your request for a PTR record was completed. I verified it has propagated out to the internet: How I am searching: Asking c.root-servers.net for 162.48.6.71.in-addr.arpa PTR record: c.root-servers.net says to go to basil.arin.net. (zone: 71.in-addr.arpa.) Asking basil.arin.net. for 162.48.6.71.in-addr.arpa PTR record: basil.arin.net [192.55.83.32] says to go to NS1.TELEPACIFIC.NET. (zone: 48.6.71.in-addr.arpa.) Asking NS1.TELEPACIFIC.NET. for 162.48.6.71.in-addr.arpa PTR record: Reports mail.controlmanufacturing.com. [from 64.60.0.10] My guess is though, if this was the issue we are now permanently blocked by these mail servers as we are on no external black or block list that I can find and the emails are still rejected. TelePacific also said something about verifying our SPF record with our host freerun.com Also, we had passed this test before but now that we have the barracuda ckecking our email we no longer pass this test. Could this cause us to get blocked as well? WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record. mail.controlmanufacturing.com claims to be non-existent host barracuda.fluidiqs.com: <br /> 220 barracuda.fluidiqs.com ESMTP (a17151d77f6dc31b33e5604beffbaca0) <br />
  2. Please tell me more about this FQDN and HELO/EHLO. I would like everything to be set as correct as possible and remove as many future head scratchers as possible. "The machine" This setting is on the Exchange server? Thanks to everyone for the info. Also, is there any issue with the fact that we have changed our company name and email to FluidIQs.com? Should we be updating the MX record to mail.FluidIQs.com or is all good as long as we handle it on our end?
  3. Merlyn thanks so much. I had spoken with our DNS host a few months ago and they had already made a change that was supposed to fix some kind of issue like reverse lookup. I don’t know much about MX records but I thought that the priority (50) for mail.controlmanufacturing.com meant that it would be found or talked to first and if it was not there or communicating then the next record would be used. Are you saying for a reverse lookup to pass you can’t have more than one record?
  4. We have had an issue in the past with an infected computer sending spam. We got that taken care of and got off the all the blacklist that I know of. At that same time I was introduce the world of sites that rate your mail server. We were on this one a few times http://unblock.secureserver.net and one other but now we appear to be on one but the rejection email we get back is void of any info suggesting what list or how to get off it. This is what we get: You do not have permission to send to this recipient. For assistance, contact your system administrator. <mail.ourserver.com #5.7.1 smtp;550 5.7.1 H:MXB<71.6.48.162>Connection refused due to abuse> What is the best way to find out what list it is or if it even is a list?
  5. Tanquen

    71.6.48.162 listed Newbe

    We tried Ad-Aware and Spy-Bot and Panda. I even took it home and ran the online versions of Symantec and Panda anti-virus. Panda did find one more but the PC still keeps spamming. I guess we’re just going to reinstall windows but man I wish there was a scanner that could find it. I still think that’s a little scary. What about the other PC in our network? Are they doomed to be infected/re-infected? Anyone know a good forum for troubleshooting viruses?
  6. Tanquen

    71.6.48.162 listed Newbe

    I disagree. I’m not a fan of MS but there are lots of people involved from other companies even. To just say that it’s “MS FUD†and “Windows is designed with money in mind.†is not very persuasive. Also, I’ve never heard this argument from anyone, it’s just my thoughts on the issue having used computers my whole life. MS operating systems are on most computers (it’s not just about severs or sever apps) and there is way more interest around the world in hacking, spamming from and trying to steal information from these PCs. I’m no expert and I’ve not researched the issue but these people aren’t just going to disappear. If every PC that is now running an MS OS switched to some other OS (in time) we would still have all these issues. Wi-Fi is so easy to hack. Whose fault is that? When Bluetooth started to show up on most phones they started to get hacked. I remember the first solution, turning it off by default. I don’t know. Maybe some Linux guy can make an encapsulation program or container for windows and then all these problems will go away and this Linux guy can be the richest guy on the planet. “Linux's kernel is designed with security and networking in mind.†That sounds just like all the propaganda I’ve ever heard about any piece of software no matter what it is or what it’s supposed to do. Then you buy it and it works, sort of works or it don’t work.
  7. Tanquen

    71.6.48.162 listed Newbe

    I totally get what you are saying but if everyone switches the Linux then it would end up (more than likely) just as virus laden. Then we could call it Lin$ux and wish for an OS free of spammers and hackers. My TSR-80 has the most secure OS ever. Just giving you a hard time man but I can’t help but feel that a big part of why Macs and Linux and whatever is seen as more secure is that they are much less of a target.
  8. Tanquen

    71.6.48.162 listed Newbe

    We think we have the PC that was infected and causing the problem but there is another one that also has passed all scans but it has some odd activity in the firewall logs. It looks like it is port scanning or something. SRC=172.26.10.21:1368 DST=207.68.179.219:80 SRC=172.26.10.21:1370 DST=207.68.179.219:80 SRC=172.26.10.21:1368 DST=207.68.179.219:80 SRC=172.26.10.21:1370 DST=207.68.179.219:80 SRC=172.26.10.21:1025 DST=172.18.106.5:161 SRC=172.26.10.21:1025 DST=172.17.106.200:161 SRC=172.26.10.21:1025 DST=172.18.106.5:161 SRC=172.26.10.21:1463 DST=66.102.7.104:80 SRC=172.26.10.21:1466 DST=66.102.7.104:80 SRC=172.26.10.21:1466 DST=66.102.7.104:80 SRC=172.26.10.21:1463 DST=66.102.7.104:80 SRC=172.26.10.21:1502 DST=66.102.7.104:80 SRC=172.26.10.21:1502 DST=66.102.7.104:80 SRC=172.26.10.21:1025 DST=172.18.106.5:161 SRC=172.26.10.21:1025 DST=172.17.106.200:161 StevenUnderwood - We have the full Trend Micro product that we bought on recommendation just this year. (been nothing but trouble) We had Symantec mail and virus software that we paid for before that. I was just look for free trials with the latest signatures hoping that one of them could find the virus that is defiantly spamming from that PC. It’s a little troubling that we have something that none of these scanners can find.
  9. Tanquen

    71.6.48.162 listed Newbe

    Trend Micro can't find it. Norton AntiVirus can't find it. Kaspersky can't find it. Could not find a free trial of MacAfee.
  10. Tanquen

    71.6.48.162 listed Newbe

    Yes. I had already found the computer in question in our DHCP leases. It had the latest version of Trend Micros Office Scan on it. So we tried a demo version of Symantec software and it finds some stuff in the registry and says that it may be an unknown virus. Fun! It labels it Bloodhound.SONAR.1. Any better trial scanner that we should try? Also, with it off the network it looks like our Spamming has stoped. Thanks for all the help.
  11. Tanquen

    71.6.48.162 listed Newbe

    Like this: SRC=172.16.10.114:2504 DST=210.4.3.2:25 NAT=71.6.48.162:2504 <ipwan> SRC=172.16.10.114:2504 DST=210.4.3.2:25 NAT=71.6.48.162:2504 <ipwan> SRC=172.16.10.114:2128 DST=141.2.1.1:25 NAT=71.6.48.162:2128 <ipwan> SRC=172.16.10.114:2172 DST=12.4.86.1:25 NAT=71.6.48.162:2172 <ipwan> SRC=172.16.10.114:2128 DST=141.2.1.1:25 NAT=71.6.48.162:2128 <ipwan>
  12. Tanquen

    71.6.48.162 listed Newbe

    We just upgraded our Symantec software to Trend Micro Office Scan. We have done many full system scans and have not found anything. Is there a chance that Office Scan is missing it?
  13. Spamcop info: 71.6.48.162 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Here is an email: -----Original Message----- From: CMCAdmin Sent: Tuesday, April 10, 2007 8:11 AM To: Jeihri Subject: Mail could not be delivered ****** Message from InterScan Messaging Security Suite ****** Sent <<< [session Initiation] Received >>> 554 service unavailable; client host [71.6.48.162] blocked using bl.spamcop.net; blocked - see http://www.spamcop.net/bl.shtml?71.6.48.162 Unable to deliver message to <badams[at]reverecontrol.com>. ************************ End of message ********************** We have been trying to get this fixed for a few days now. We have been listed two other times that I know of and that was because relaying was on in the Exchange sever. After we turned relaying off we were all good. This time we are having a real hard time finding the issue. We are getting spam traps and reports. Ive tried looking through the mail server logs and I set up the Syslog on our Kentrox firewall to log everything. Looking trough it in Excel Im not seeing the culprit. Im not sure what to look for. I see lots of line like this that look like the firewall is doing what it should be: Apr 10 14:21:26 NAPA: firewall | inform | Terminate session - normal: TCP, SRC=209.219.62.3:1372, DST=172.16.0.10:443, NAT=71.6.48.162:443 <ipwan> And one likes that look to be legitimate: Apr 10 14:21:28 NAPA: firewall | inform | Start session: TCP, SRC=208.69.113.119:55242, DST=172.16.0.20:25, NAT=71.6.48.162:25 <ipwan> And some like this that I dont know what it is: Apr 10 14:21:26 NAPA: firewall | inform | Start session: TCP, SRC=172.16.0.20:3993, DST=207.44.141.137:25, NAT=71.6.48.162:3993 <ipwan> Thanks for any help. -Richard
×