Jump to content

VigilantIT

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About VigilantIT

  • Rank
    Newbie
  1. Hi All , We have now been delisted and a test email has been sent and received. I will be investigating why we were not forwarded emails that were sent to aunic[at]internode.com.au to provide us with some sort of early warning. Thanks to everyone who provided help. Cheers !
  2. Hi, Much thanks for your speedy reply as your expert advice is very much appreciated. I had read the Why am I Blocked? post but clearly missed the important information. So after a careful re inspection of our client machines we to our surprise / ignorance we realized that port 25 was not blocked for these machines at the firewall. This has now been corrected at the firewall and confirmed on the client that this is no longer accessible. We are still currently running more spyware / virus scans on the client machines and have so far found 1 piece of spyware on a client machine that could have been the culprit. What is the best way to now tell if the flow of unsolicited mail traffic has stopped ? Hi Wazoo , The ip address for this mail server has been up for around 3 - 4 months. Many Thanks
  3. Hi All, One of our outgoing mail servers was listed. IP : 59.167.235.170 . It is a Windows 2003 SBS server with service pack 2 installed and Microsoft Exchange also is running Service Pack 2. The server is running Microsoft ISA Firewall 2004 and has CA eTrust Antivirus software running on it. I have also run an additional scan using trend micro's sysclean utility and no viruses have been reported and the machine is not showing any visible signs of an infection. I have also run Microsoft Exchange Best Practices Analyser & Microsoft’s Baseline Security Analyser which both list the server as having no error's. All clients on the network are have CA eTrust Antivirus installed on them and are also running windows defender. Both report no virus or spyware activity and again there are no visible signs on any of the machines of this being the case. But we are currently running additional scanning software on these. Also the mail server is currently delivering mail for two distinct domain names , the reverse lookup can only be allocated to one of these. Could this be a possible issue ? This is the info provided by spam cops. 59.167.235.170 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours. Causes of listing • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) • SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) • System administrator has already delisted this system once We originally had the IP delisted as we were thinking this was in error but we were re listed. This is the info that we were provided with at that time. Received: from unknown (192.168.1.108) by [trap servername] with QMQP; 26 Sep 2007 10:xx:xx -0000 Received: from mail.qexecutive.com.au (59.167.235.170) by [trap servername] with SMTP; 26 Sep 2007 10:xx:xx -0000 Date: Wed, 26 Sep 2007 20:xx:xx +1000 Any help to get this issue resolved would be greatly appreciated. Cheers.
×