IP Black listing problem
mark
m.roth2006 at rcn.com
Wed Aug 13 02:03:44 UTC 2008
samuel dinakar sama wrote:
> HI all,
>
> Straight to the problem I am facing in my organization. I am maintaining
> mail server Sendmail (fedora) .we have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I couldn't
> trace anything , How Trojan spam generated ? How to provide the security ?
>
> For this problem I have been changing the public IP , but it not a solution
>
> The below message is thrown by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer infected
> with a high volume spam sending trojan - it is participating in a botnet. *
>
> *This is the Srizbi BOT *
<snip>
That's a WinDoze trojan. Either someone on your network, and going through your
gateway, is infected, or some scum out there is munging emails and putting your
address as the last "received from" address.
Start out by a) looking at your mail logs, and b) have everyone (if possible)
update their virus signatures and make *SURE* that they scan their systems. Or
have your techs go through with bootable CDs and verifiably scan everybody.
mark
More information about the redhat-list
mailing list