Jump to content

listed as 127.0.0.2


datalink

Recommended Posts

Posted

Can someone see if my exchange 2k3 server has a hole in it. One of my users received this in a email from a remote system stating that the domain was blacklisted by spamcop. We are not listed on ordb.org, and I have submitted a test with the site.

I have relay set up for authenticated users. We currently have goldmine poping mail from the exchange server, only internally. We are planning to phase out goldmine.

the server ip is 151.198.236.211.

We have symantec enterprise and all pc are up to date and scanned.

can someone help?

Thanks in advance

Posted
the server ip is 151.198.236.211.

Your server seems to be more hole than server these days.

DNSStuff shows you as listed in several blocklists as does OpenRBL. Senderbase shows that your outbound email volume has gone up 2579% since yesterday. I'd pull the plug on that server before the whole world has you blocked, since many lists are much less forgiving than SpamCop. I can't assist you technically, but I'm sure someone will be along momentarily who can.

Good luck!

Posted

Well you definately have an insecure server.

Google for "Exchange AUTH Hack"

the mail server you are running has many holes:

220 RACGM.RAC.regentatlantic.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Thu, 29 Jul 2004 12:23:37 -0400

Someone else (a spammer) has more control of your server than you do...........

You better secure that thing. For the services you offer it is not good to be running an insecure machine. If I were you I would unplug it now. Lots of confidential data you do not want leaked out. Very bad press indeed.

Good luck.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...