FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-07-2008, 11:22 AM
"samuel dinakar sama"
 
Default IP Black listing problem

HI all,

Straight to the problem I am facing in my organization. I am maintaining
mail server Sendmail (fedora) .we have a recurring problem , Public IP
(internet gateway s/m) is getting black listed because of Spam.. I couldn't
trace anything , How Trojan spam generated ? How to provide the security ?

For this problem I have been changing the public IP , but it not a solution
..



The below message is thrown by CBL.abuse.org for black listing :

*ATTENTION: **This IP is infected with, or NATting for a computer infected
with a high volume spam sending trojan - it is participating in a botnet. *

*This is the Srizbi BOT *

*You need to patch your system and then fix/remove the trojan. Do this
before delisting, or you're most likely to be listed again almost
immediately. *

*If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent
outbound port 25 connections to the Internet except from your real mail
servers. *

Any suggestion for me to give in IPtables or selinux. Your suggestions or
any input for this problem is very much appreciated.



Thanks & Regards,

*Samuel*
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-07-2008, 11:30 AM
"David Richards"
 
Default IP Black listing problem

First off, I would turn logging on so you can see what is doing what.
This should help you trace it.
Also ensure that your anti-virus is up to date and all patches
installed.

--
David Richards
Network Administrator

Eurosoft (UK) Ltd
3 St. Stephen's Road
Bournemouth, Dorset
BH2 6JL
United Kingdom
Tel: +44 (0)1202 297315
Fax: +44 (0)1202 558280
Mobile: +44 (0)7725514869

http://www.eurosoft-uk.com

=======================================
Increase computer reliability today!
Eurosoft diagnostic software tests and validates all brands of PCs
during manufacturing and servicing.
Guaranteed immediate service cost savings!
=======================================
Nobody checks out PCs better than Eurosoft!
-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of samuel dinakar sama
Sent: 07 August 2008 12:23
To: General Red Hat Linux discussion list
Subject: IP Black listing problem

HI all,

Straight to the problem I am facing in my organization. I am
maintaining
mail server Sendmail (fedora) .we have a recurring problem , Public IP
(internet gateway s/m) is getting black listed because of Spam.. I
couldn't
trace anything , How Trojan spam generated ? How to provide the security
?

For this problem I have been changing the public IP , but it not a
solution
..



The below message is thrown by CBL.abuse.org for black listing :

*ATTENTION: **This IP is infected with, or NATting for a computer
infected
with a high volume spam sending trojan - it is participating in a
botnet. *

*This is the Srizbi BOT *

*You need to patch your system and then fix/remove the trojan. Do this
before delisting, or you're most likely to be listed again almost
immediately. *

*If this IP is a NAT firewall/gateway, you MUST configure the NAT to
prevent
outbound port 25 connections to the Internet except from your real mail
servers. *

Any suggestion for me to give in IPtables or selinux. Your suggestions
or
any input for this problem is very much appreciated.



Thanks & Regards,

*Samuel*
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-07-2008, 12:36 PM
"Marcos Aurelio Rodrigues"
 
Default IP Black listing problem

Try to find the machine what is sending the spam, unless your own server is
doing it.

iptables -I FORWARD -p tcp --dport 25 -i $LOCAL_DEVICE -o $EXT_DEVICE -s
$IP_LAN -d! $IP_LOCAL_SERVER -j LOG --log-prefix "SPAM_DETECTED"


[]s,
Marcos


On Thu, Aug 7, 2008 at 8:30 AM, David Richards <DavidR@eurosoft-uk.com>wrote:

> First off, I would turn logging on so you can see what is doing what.
> This should help you trace it.
> Also ensure that your anti-virus is up to date and all patches
> installed.
>
> --
> David Richards
> Network Administrator
>
> Eurosoft (UK) Ltd
> 3 St. Stephen's Road
> Bournemouth, Dorset
> BH2 6JL
> United Kingdom
> Tel: +44 (0)1202 297315
> Fax: +44 (0)1202 558280
> Mobile: +44 (0)7725514869
>
> http://www.eurosoft-uk.com
>
> =======================================
> Increase computer reliability today!
> Eurosoft diagnostic software tests and validates all brands of PCs
> during manufacturing and servicing.
> Guaranteed immediate service cost savings!
> =======================================
> Nobody checks out PCs better than Eurosoft!
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com] On Behalf Of samuel dinakar sama
> Sent: 07 August 2008 12:23
> To: General Red Hat Linux discussion list
> Subject: IP Black listing problem
>
> HI all,
>
> Straight to the problem I am facing in my organization. I am
> maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I
> couldn't
> trace anything , How Trojan spam generated ? How to provide the security
> ?
>
> For this problem I have been changing the public IP , but it not a
> solution
> ..
>
>
>
> The below message is thrown by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer
> infected
> with a high volume spam sending trojan - it is participating in a
> botnet. *
>
> *This is the Srizbi BOT *
>
> *You need to patch your system and then fix/remove the trojan. Do this
> before delisting, or you're most likely to be listed again almost
> immediately. *
>
> *If this IP is a NAT firewall/gateway, you MUST configure the NAT to
> prevent
> outbound port 25 connections to the Internet except from your real mail
> servers. *
>
> Any suggestion for me to give in IPtables or selinux. Your suggestions
> or
> any input for this problem is very much appreciated.
>
>
>
> Thanks & Regards,
>
> *Samuel*
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
========================================
Marcos Aurelio Rodrigues
<deigratia33@gmail.com>
CCNA, MCSO, Security+
Mirabilia laudo semprer, Dei
========================================
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-07-2008, 12:38 PM
"Nabeel Moidu"
 
Default IP Black listing problem

On Thu, Aug 7, 2008 at 2:22 PM, samuel dinakar sama <
samuel.dinakar@gmail.com> wrote:

> HI all,
>
> Straight to the problem I am facing in my organization. I am maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I couldn't
> trace anything , How Trojan spam generated ? How to provide the security ?
>
> For this problem I have been changing the public IP , but it not a solution
> ..


Block outbound 25 from all servers except your mail server.

--
Thanks and Regards
Nabeel Moidu
Doha, Qatar
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-13-2008, 02:03 AM
mark
 
Default IP Black listing problem

samuel dinakar sama wrote:
> HI all,
>
> Straight to the problem I am facing in my organization. I am maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I couldn't
> trace anything , How Trojan spam generated ? How to provide the security ?
>
> For this problem I have been changing the public IP , but it not a solution
>
> The below message is thrown by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer infected
> with a high volume spam sending trojan - it is participating in a botnet. *
>
> *This is the Srizbi BOT *

<snip>
That's a WinDoze trojan. Either someone on your network, and going through your
gateway, is infected, or some scum out there is munging emails and putting your
address as the last "received from" address.

Start out by a) looking at your mail logs, and b) have everyone (if possible)
update their virus signatures and make *SURE* that they scan their systems. Or
have your techs go through with bootable CDs and verifiably scan everybody.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 07:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org