Jump to content


  • Posts

  • Joined

  • Last visited

adminu's Achievements


Newbie (1/6)



  1. Thanks Farelf, on doing a google search for cutwail spamBOT, I could download some tools as well for cleaning this. One is ParetoLogic Anti-Virus. Then I also found wireshark and lastly ExterminateItSetup. Rconner - Thanks for the reply. To find out machines spewing the network, you recommend a normal antivirus or anything in addition to that?
  2. Dear Farelf, Thank you for the quick reply. Yes, we are planning a high level audit for tomorrow. In that we'll be doing a thorough scan of all the workstations and machines in the network. Just re-iterating the question again, what according to you is the root cause of this problem? Secondly, which all applications do you recommend we should use to fight this spam? I have already downloaded Microsoft Windows Malicious Software Removal Tool. What else do we need to take into account?
  3. Dear Spamcop Admin, Can you please recommend a set of steps that we need to follow now? Do we need to scan each and every workstation in our network, which applications should we use for scanning? What steps should we follow with the mail server?
  4. Dear Forum members, With a matter of high concern we would like to inform you that our ip-address has been blocked. Understandably, we'd like to know the root-cause of the problem. We have been analyzing, researching, hearing and part of the problem you can attribute to lack of our security experience. What we have done so far >>> Understood possible problem causes a.) Our system is sending mail to SpamCop spam traps in the past week. b.) Some friends are saying the blockage could be due to virus in workstations. c.) Some mentioned that it was due to SpamAssassin's high score which needs to be brought down to be below 5.0. (For e.g. writing 'Dear' in message body etc. This is how the message reads in spam email 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [blocked - see <http://www.spamcop.net/bl.shtml?>] 1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server [ listed in dnsbl.sorbs.net] Open-questions Q.) What should we infer with this? http://www.projecthoneypot.org/ip_61.16.152.210 Q.) What should we infer with this? http://www.senderbase.org/senderbase_queri...g= Q.) Inference with this ? http://www.spamcop.net/w3m?action=checkblo...= Need urgent help. What set of steps apart from delisting request need to be taken?
  • Create New...