IP Black listing problem

Marcos Aurelio Rodrigues deigratia33 at gmail.com
Thu Aug 7 12:36:04 UTC 2008 

Try to find the machine what is sending the spam, unless your own server is
doing it.

iptables -I FORWARD -p tcp --dport 25 -i $LOCAL_DEVICE -o $EXT_DEVICE -s
$IP_LAN -d! $IP_LOCAL_SERVER -j LOG --log-prefix "SPAM_DETECTED"


[]s,
Marcos


On Thu, Aug 7, 2008 at 8:30 AM, David Richards <DavidR at eurosoft-uk.com>wrote:

> First off, I would turn logging on so you can see what is doing what.
> This should help you trace it.
> Also ensure that your anti-virus is up to date and all patches
> installed.
>
> --
> David Richards
> Network Administrator
>
> Eurosoft (UK) Ltd
> 3 St. Stephen's Road
> Bournemouth, Dorset
> BH2 6JL
> United Kingdom
> Tel: +44 (0)1202 297315
> Fax: +44 (0)1202 558280
> Mobile: +44 (0)7725514869
>
> http://www.eurosoft-uk.com
>
> =======================================
> Increase computer reliability today!
> Eurosoft diagnostic software tests and validates all brands of PCs
> during manufacturing and servicing.
> Guaranteed immediate service cost savings!
> =======================================
> Nobody checks out PCs better than Eurosoft!
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of samuel dinakar sama
> Sent: 07 August 2008 12:23
> To: General Red Hat Linux discussion list
> Subject: IP Black listing problem
>
> HI all,
>
> Straight to the  problem I am facing in my organization.  I am
> maintaining
> mail server Sendmail (fedora) .we  have a recurring problem , Public IP
> (internet gateway s/m) is getting black listed because of Spam.. I
> couldn't
> trace anything , How Trojan spam generated ? How to provide the security
> ?
>
> For this problem I have been changing the public IP , but it not a
> solution
> ..
>
>
>
> The below message is  thrown  by CBL.abuse.org for black listing :
>
> *ATTENTION: **This IP is infected with, or NATting for a computer
> infected
> with a high volume spam sending trojan - it is participating in a
> botnet. *
>
> *This is the Srizbi BOT *
>
> *You need to patch your system and then fix/remove the trojan. Do this
> before delisting, or you're most likely to be listed again almost
> immediately. *
>
> *If this IP is a NAT firewall/gateway, you MUST configure the NAT to
> prevent
> outbound port 25 connections to the Internet except from your real mail
> servers. *
>
> Any suggestion for me to give in IPtables or selinux. Your suggestions
> or
> any input for this problem is very much appreciated.
>
>
>
> Thanks & Regards,
>
> *Samuel*
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
========================================
Marcos Aurelio Rodrigues
<deigratia33 at gmail.com>
CCNA, MCSO, Security+
Mirabilia laudo semprer, Dei
========================================

More information about the redhat-list mailing list