Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bentwing

  • Rank
  1. Bentwing

    outgoing mail filter??

    FOUND A GOOD ONE... mxlogic not only inbound, but with ease set outbound rules as well. i spoke to someone who put one in place for the lambda phi national , and was most impressed .. i wanted to run a cpl of demos from others, but now that i found mxlogic i found a cpl others as well. i have found at this office that my mail problems tend to arise from something passed around the office and the outbound .
  2. Bentwing

    outgoing mail filter??

    i am intrested in placing an out going mail filter on exchange/server 2003 i have app river for my incoming mail filter, i have avg server side, and avg on the client.. but still .. the abilty to stop any great outflux or put a block in check for those that make the honest mistake of mass emails to an infected box spraying spam... has anyone had experience with these?
  3. yes it did... indeed. got yo love the firm partners that think they are tech savy. an endura and thunder bird account and mindspring account (personal) was infected. a laptop and irc bots. all one man... i know this poor guy is going to get a letter from the local cable host... erethral netstat zone alarm oh my, hear the bells ring. thank you guys for your pointers and knowledge. can you as well point me to something along the lines of "spam" 101 and or the idiots guide to mail for these attorneys?
  4. k, thanks. cookies for your help and knowledge. as admins you rock.
  5. we are able to send mail as of today, appriver sees it going through them as well. however appriver stated when they went to release the mail to us they recieved an "out of memory error" from the exchange server. i have since cleared mem and gone voer registry, and yes i believe the server has been compromised, yet how can the mail still be sent by volumes in such a way when the servers were offline last night. would this lead to the router being used as the relay? Received: from KSMLAWEX.ksm-law.com (nsc66.147.47.237.newsouth.net []) by ns2.bizsystems.net with ESMTP id l42FSkFN027403 for <michael[at]bizsystems.com>; Wed, 02 May 2007 08:28:48 -0700 (PDT) Received: from User ([]) by KSMLAWEX.ksm-law.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 2 May 2007 11:33:42 -0400 this is the one is the one that caused our first listing, why the different headers? From service[at]paypal.com Sun Apr 29 21:22:04 2007 Return-Path: <service[at]paypal.com> Delivered-To: munch-mtg[at]charon.mit.edu Received: (qmail 19478 invoked from network); 29 Apr 2007 21:22:04 -0000 Received: from unknown (HELO ahnhancpas.com) ( by charon.mit.edu with SMTP; 29 Apr 2007 21:22:04 -0000 Received: from quimby.hornok.com ([]) by ahnhancpas.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 29 Apr 2007 17:20:15 -0400 Received: from User ([]) by quimby.hornok.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 29 Apr 2007 17:07:12 -0400 though this one with the HELO is the same as our ksm-law header, even with the same made up user ip. fyi all mail from ksm is on a manual hold. all att. are using alternate emails (backup system, yes i do have opposable thubs still.) currently scanning with and streching it with the being a server with some scans.. current avg sever/exchange edition nonstop spybot hijackthis ewido trend bitdefender also ccleaner windows live care and a couple of others.
  6. i am going for the unplug tonight. but i must wait for the buisness hours to close. and more excederine. i will not bother you with log files that are under way from researching. but as stated above i have a rather unique system to crawl through for several hours. to find our hitchhiker. i did notice in the header packet of on of the violation letters a unique user number as in Received: from User ([]) by KSMLAWEX.ksm-law.com this same setup has been sending from other sources as well...as in Received: from User (unknown []) by mail.timeact.co.uk (Postfix) with ESMTP id 94227489D1A; and http://nety.cec.eu.int/youth-white-paper-o...nternetHeader=1 all are paypal phishing emails ... again thank you guys for pointers and direction.
  7. ok register.com claims to be of no help. nuvox/newsouth says they have nothing to do with it. hwoever being that all destops were scanned and shut down, along with the servers and kept that way for the entire night.. i noticed that sender base volume actually went up from 4.7 to 4.9 throughout the night.. and all mail has been held since wensday from the appriver. i am at a loss of knowledge here.... currently sifting through log files, checking ports....
  8. like i said...OUR SERVER IS NOT AND HASNT sent mail in the last 18 hours. appriver has held everything! and that is any mail! alright to help aliviete this situation i am running all scans again and will be shutting network and servers down for the night, untill 4:30 am est. at which time cybertek will notify appriver to release all incoming and outgoing mail at that time. so if we are listed within this time frame, i know it is not our servers and network, no? thank you for your suggestions and responces!
  9. could there be an open relay outside of ksm-law network that is being used?
  10. as to the volume - one of the largest bankruptcy attonerys files through emails into the ECF system. this is done through emails. as well as several corperate atty's have been sending and recieving huge contracts for bellsouth/at&t as well as sony music ect ect... the appriver handled by another company working with our email filters( cybertek), so our mx records hosted by register.com, appriver is one of our outside filters handled by cybertech , and nuvox/newsouth our line carrier. http://www.dnsstuff.com/tools/lookup.ch?na...com&type=MX so i see our mx records just fine. i have been on the phone all afternoon with all of them, and they see us clean and fine. appriver has all our mail incoming and out going have been on hold for the last 18 hours. this was stated by both cyberteck (trentc[at]cybertek-eng.com who has read this thread as well) and appriver. as well i have run on all local clients... adaware,spybot,avg, panda online scan, and hijack this and the servers i ran the avg for exchange, went to microsoft as well, and panda scan for servers. only one comp came back with a funweb products which adaware promptly removed with adaware.
  11. why would the delist go from 4 hours at 11 am est to 15 hours [at] 3 pm eastern? we should have been in the home stretch, and as a corperate and governments attorneys office for ksm-law.com why do the mx records shoot back to newsouth.net (which is only the line carrier)? our mx records are hosted at register.com but mainly, why when we should have been in a short time as of now, 15 more hours were added when i go to the delist page?????