Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About vzinchenko

  • Rank
  1. vzinchenko

    History of blocking

    Thanks. That's exactly what I needed.
  2. Hi! Could someone please give some detailed history of blocking my SMTP server One of the employers caught a trojan/spam mallware, so SMTP got listed. I believe I'd cleared the threat on Monday and should be unblocked yesterday [at] about 1PM GMT. But today it's still blocked, well yeah, blocked for more 0 hours, but if there's some more details available (when the ip was reported again, and thus block was prolonged) it might somehow help me. I'm checking network activity periodically now, so no suspicious SMTP activity was detected yesterday and now it's all clear. That's why I'm surprised still seeing me blocked. Thanks
  3. vzinchenko Blocked again!

    Recently I'd found an infected PC in my net by watching through the list of temporary NAT/firewall port mappings. I have detected multiple outgoing SMTP connections (on port 25) to different servers from one of internal IPs, which were perfectly identified in the mappings table. The rest wasn't a big problem.
  4. vzinchenko

    [Resolved] Blacklisted again

    However, I can confirm the strange behavior of senderbase, noticed by Wazoo earlier. It can report the magnitide around 4, or 0, even now, when our net is free of trojans and stuff (I'm checking open connections like a junky - every 15 minutes). So I'm not sure what it's all about. I guess it cannot report our "clean" statistics too accurate anyway, because it's 99,9% of russian-only traffic, and I don't believe they have a good watch over here.
  5. vzinchenko

    [Resolved] Blacklisted again

    Has cleaned the threat... Some unknown kind of trojan that was not identified by up-to-date McAfee %) Will send it to anti-virus labs for further investigation. Thanks guys for assistance, sorry for being such an a**h*#e.
  6. vzinchenko

    [Resolved] Blacklisted again

    I have found in logs some suspicious activity on outgoing SMTPs from one of PCs in my net. Looks like there it is. Gonna check it tomorrow.
  7. vzinchenko

    [Resolved] Blacklisted again

    I'm just trying to find out the reason why the 24hr counter has restarted today. Even after I switched to another SMTP. Probably because I'd switched at nearly 11AM GMT yesterday and I still have to wait some time.
  8. vzinchenko

    [Resolved] Blacklisted again

    According to SMTP logs it's obviously not right. Traffic counters don't show any suspicious increase as well. Talking about numbers, it is close to monthly amount of spam we receive, but it's not a daily value indeed. I have realized that. By the way is there a way to check whether the server is reported (or has hit spam traps) during last n hours or not? Like 24 or 48 hours? And how many times...
  9. vzinchenko

    [Resolved] Blacklisted again

    Thanks... Now I know in what direction I should dig. I've applied the filter, will monitor the results.
  10. vzinchenko

    [Resolved] Blacklisted again

    Thanks for taking your time, things coming more clear now... I'm not sure it was the digit you mentioned above anyway, as I've been on that page before... But I agree it was a good idea to check additional information on a problem IP. So the idea is to filter bad-recipient-addressed e-mails on incoming SMTP, thus not letting them to be accepted at all at the earlier stage. Something like that?
  11. vzinchenko

    [Resolved] Blacklisted again

    Sorry, it's still unclean... I don't get where from this digit comes up, as I can see there's 0.0 when I open http://www.senderbase.org/search?searchBy=...g= And still I cannot undertsand why it's a good solution to blacklist servers that bounce undeliverable mail... Thanks for pointing to, but it makes no sense,because it's not mine. There're a lot of subnets around in 212.113.100.*, probably around 100, coz there're all small-business companies with the only gateway, we're probably the only one having 2 ones.
  12. Hello. Second Monday in a row starts with a headache, unfortunately not because of hot drink-n-party weekends, but because of users complaints that their e-mails won't reach recepients... Ahhh, blacklisted again! Man, I'm really gonna make http://www.spamcop.net/w3m?action=checkblo...p= my browser startpage one day! Last week (when blacklisted first time) I've doublescanned every computer here in LAN for trojans, the server, analyzed logs and... Found nothing! But those spam traps addresses make me sick. All about these bounces I guess... But why should I configure my system to do not send out failed delivery status notifications? It is not prohibited to send those! If the reason is "Do so to do not get blacklisted by us", my answer is bold fat NO. I don't know much about your spamtraps, but could you make them a bit more intelligent, so they analyze what they receive - real spam or just a bounced notifications due to forged FROM? I think the meaning of spam traps to identify spammers, so make them act acordingly! If they identify bounces as spam then it's nothing, but fake. Use smart stuff or don't use it at all. That's the same problem as false spam reporting. Fortunately, I have another SMTP in my net, so I put all outgoing e-mail traffic through that (surprisingly still) "clean" server. But what I see today? Countdown timer to make my poor clean is restarted and counting again from 24 hours to 0. Since all the outgoing mail goes now through another machine, I'm wondering how is that possible? I've expected to get out of BL today, as nothing is sent from the BL'd IP now. But instead, 24 hours countdown again... All that makes me sick... Everything was working for more than 2 years already, but these 2 weeks just a complete headache. I'm completely lost.