Jump to content

mtsupport

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mtsupport

  • Rank
    Newbie
  1. mtsupport

    blocklisted 38.104.99.170

    Thanks for everyone's feedback. Everything is back online. There seems to be some residual effects of the blocklist. ATT and sbcglobal.net are still showing blocks. I have modified the firewall to only allow port 25 traffic from the mail server as suggested. I've install enterprise virus management software, so I can see which machine get infected. I have inventoried all the machines, assigned asset tags and documented their LAN IPs. Ran auto updates on all the servers. Downloaded the firewall access log, excel ran out of space, I'll review later to identify the spam output. Otherwise things aren't too bad. I'm sure I will have an interesting discussion with by boss, hopefully i'm still employed. Thanks again guys, you are all a great teem!
  2. mtsupport

    blocklisted 38.104.99.170

    This is a really good forum. I will frequent it often. I'm sure the Spamcop admin have their hands full. Anyways, you guys are a wealth of information. Do you belong to any other forums or groups? Any recommendations on a good server anti-spam application, I hear GFI is pretty good. Anyone have experiences with SpamTitan?
  3. mtsupport

    blocklisted 38.104.99.170

    I have a question for everyone. Are there any early warning tools or utilities to get jump start on this before it escalates? Thanks, for all the help.
  4. mtsupport

    blocklisted 38.104.99.170

    Wazoo, Thanks for the words of encouragement. I've used packet sniffers before. SnifferPro. I just want to monitor or listen to that external ip. I have VLANs and switched networks, even with a promiscuous card I have trouble seeing all traffic. May need to install 4 port hub at the WAN port. I just don't want this to happen again, it has been a total nightmare. I wish someone from spamcop.net would relay some feedback. I've been on this for 13 hours straight. Thanks again.
  5. mtsupport

    blocklisted 38.104.99.170

    Steven, I have frantically checked 35 workstation behind this location. Have both PC and Mac clients updated and clean. One of our less disciplined employees had a couple of trojans on his machine, but all clean now. Is there any utility or tool you would recommend to see whats coming from 38.104.99.170. I need to be absolutely sure that this is fix by morning. It could mean my job. Thanks for everyones input. PS I did not know there was a paid membership option.
  6. mtsupport

    blocklisted 38.104.99.170

    Thanks Andrew, I was under the assumption that the admin in this forum could actually check the status of a blocklisted ip. I read a previous thread replying to a blocked user saying they could still see spam coming from their server. I just want to be sure everything is in order, so that 9 hours later we are not still blocklisted. Any advice will be helpful.
  7. mtsupport

    blocklisted 38.104.99.170

    My apologies, you are absolutely correct. We have 6 Windows 2003 SBS Servers behind a single linksys firewall rv016. One of them is running Exchange 2003 SP2 I did automatic updates on all the servers. There were 17 security updates installed. Ran updates on Mcafee Virus and Spamkiller Server definition and signature lists current. Ran Malwarebytes, it detected some tracking cookies, but nothing else. Can you guys check to see if your traps are still seeing things from 38.104.99.170. I'm assuming there's trojan or bot that might be causing this. We are just trying to run a nice clean mail server. BTW, this is the first time this server has been listed. ( twice ) Thanks,
  8. Got blocklisted, checked all the servers. Updated security patches, definition lists, spamware, spyware. Any assistance or details on how to fix would be greatly appreciated.
×