Straight to the problem I am facing in my organization. I am maintaining
mail server Sendmail (fedora) .we have a recurring problem , Public IP
(internet gateway s/m) is getting black listed because of Spam.. I couldn't
trace anything , How Trojan spam generated ? How to provide the security ?
For this problem I have been changing the public IP , but it not a solution
..
The below message is thrown by CBL.abuse.org for black listing :
*ATTENTION: **This IP is infected with, or NATting for a computer infected
with a high volume spam sending trojan - it is participating in a botnet. *
*This is the Srizbi BOT *
*You need to patch your system and then fix/remove the trojan. Do this
before delisting, or you're most likely to be listed again almost
immediately. *
*If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent
outbound port 25 connections to the Internet except from your real mail
servers. *
Any suggestion for me to give in IPtables or selinux. Your suggestions or
any input for this problem is very much appreciated.
Thanks & Regards,
*Samuel*
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
08-07-2008, 11:30 AM
"David Richards"
IP Black listing problem
First off, I would turn logging on so you can see what is doing what.
This should help you trace it.
Also ensure that your anti-virus is up to date and all patches
installed.
=======================================
Increase computer reliability today!
Eurosoft diagnostic software tests and validates all brands of PCs
during manufacturing and servicing.
Guaranteed immediate service cost savings!
=======================================
Nobody checks out PCs better than Eurosoft!
-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com] On Behalf Of samuel dinakar sama
Sent: 07 August 2008 12:23
To: General Red Hat Linux discussion list
Subject: IP Black listing problem
HI all,
Straight to the problem I am facing in my organization. I am
maintaining
mail server Sendmail (fedora) .we have a recurring problem , Public IP
(internet gateway s/m) is getting black listed because of Spam.. I
couldn't
trace anything , How Trojan spam generated ? How to provide the security
?
For this problem I have been changing the public IP , but it not a
solution
..
The below message is thrown by CBL.abuse.org for black listing :
*ATTENTION: **This IP is infected with, or NATting for a computer
infected
with a high volume spam sending trojan - it is participating in a
botnet. *
*This is the Srizbi BOT *
*You need to patch your system and then fix/remove the trojan. Do this
before delisting, or you're most likely to be listed again almost
immediately. *
*If this IP is a NAT firewall/gateway, you MUST configure the NAT to
prevent
outbound port 25 connections to the Internet except from your real mail
servers. *
Any suggestion for me to give in IPtables or selinux. Your suggestions
or
any input for this problem is very much appreciated.
Thanks & Regards,
*Samuel*
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
08-07-2008, 12:36 PM
"Marcos Aurelio Rodrigues"
IP Black listing problem
Try to find the machine what is sending the spam, unless your own server is
doing it.
On Thu, Aug 7, 2008 at 8:30 AM, David Richards <DavidR@eurosoft-uk.com>wrote:
> First off, I would turn logging on so you can see what is doing what.
> This should help you trace it.
> Also ensure that your anti-virus is up to date and all patches
> installed.
>
> --
> David Richards
> Network Administrator
>
> Eurosoft (UK) Ltd
> 3 St. Stephen's Road
> Bournemouth, Dorset
> BH2 6JL
> United Kingdom
> Tel: +44 (0)1202 297315
> Fax: +44 (0)1202 558280
> Mobile: +44 (0)7725514869
>
> http://www.eurosoft-uk.com
>
> =======================================
> Increase computer reliability today!
> Eurosoft diagnostic software tests and validates all brands of PCs
> during manufacturing and servicing.
> Guaranteed immediate service cost savings!
> =======================================
> Nobody checks out PCs better than Eurosoft!
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com] On Behalf Of samuel dinakar sama
> Sent: 07 August 2008 12:23
> To: General Red Hat Linux discussion list
> Subject: IP Black listing problem
>
> HI all,
>
> Straight to the problem I am facing in my organization. I am
> maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I
> couldn't
> trace anything , How Trojan spam generated ? How to provide the security
> ?
>
> For this problem I have been changing the public IP , but it not a
> solution
> ..
>
>
>
> The below message is thrown by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer
> infected
> with a high volume spam sending trojan - it is participating in a
> botnet. *
>
> *This is the Srizbi BOT *
>
> *You need to patch your system and then fix/remove the trojan. Do this
> before delisting, or you're most likely to be listed again almost
> immediately. *
>
> *If this IP is a NAT firewall/gateway, you MUST configure the NAT to
> prevent
> outbound port 25 connections to the Internet except from your real mail
> servers. *
>
> Any suggestion for me to give in IPtables or selinux. Your suggestions
> or
> any input for this problem is very much appreciated.
>
>
>
> Thanks & Regards,
>
> *Samuel*
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
On Thu, Aug 7, 2008 at 2:22 PM, samuel dinakar sama <
samuel.dinakar@gmail.com> wrote:
> HI all,
>
> Straight to the problem I am facing in my organization. I am maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I couldn't
> trace anything , How Trojan spam generated ? How to provide the security ?
>
> For this problem I have been changing the public IP , but it not a solution
> ..
Block outbound 25 from all servers except your mail server.
--
Thanks and Regards
Nabeel Moidu
Doha, Qatar
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
08-13-2008, 02:03 AM
mark
IP Black listing problem
samuel dinakar sama wrote:
> HI all,
>
> Straight to the problem I am facing in my organization. I am maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I couldn't
> trace anything , How Trojan spam generated ? How to provide the security ?
>
> For this problem I have been changing the public IP , but it not a solution
>
> The below message is thrown by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer infected
> with a high volume spam sending trojan - it is participating in a botnet. *
>
> *This is the Srizbi BOT *
<snip>
That's a WinDoze trojan. Either someone on your network, and going through your
gateway, is infected, or some scum out there is munging emails and putting your
address as the last "received from" address.
Start out by a) looking at your mail logs, and b) have everyone (if possible)
update their virus signatures and make *SURE* that they scan their systems. Or
have your techs go through with bootable CDs and verifiably scan everybody.
mark
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
IP Black listing problem
