[afnog] Also, look for recent HIGH user email traffic - RE: mail blacklisted

Jeff Mason jmason at Nashville-MDHA.org
Tue Jun 18 13:35:54 UTC 2013 

If you have historical logs, go and look for spikes in user outbound email traffic, and you will find the user with the spam-bot infection. When cleared, go back to those blacklist sites, and request to be removed.

J.
________________________________________
From: afnog-bounces at afnog.org [afnog-bounces at afnog.org] on behalf of Chris Wilson [chris+afnog at aptivate.org]
Sent: Tuesday, June 18, 2013 6:41 AM
To: Kwas Lee
Cc: afnog at afnog.org
Subject: Re: [afnog] mail blacklisted

Hi Kwas,

On Tue, 18 Jun 2013, Kwas Lee wrote:

> My server has been blacklisted to UCEPROTECTL1,BACKSCATTERER,SORBS-SPAM
> and MAILSPIKE-BL, am using atmail7 installed on centos 5.5 , the
> spamassasing is working fine.

The only way to solve the problem is to find out why you've been
blacklisted and fix it. Most likely your mail server is being used to
relay spam, regardless of your spamassassin which will never catch 100% of
it, or you are allowing outbound SMTP from your network and one of your
users in infected.

I suggest you closely examine the logs of your mail server to identify
spam messages being sent through it. The blacklists should be able to
provide the date and time of a spam message that caused you to be
blacklisted, which may help you if the spam has stopped.

I recommend that you check that users on your network are NOT allowed to
send email directly by SMTP out to the internet, only through your mail
server, and that this is enforced by your firewall.

Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838
Citylife House, Sturton Street, Cambridge, CB1 2QF, UK

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.


_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog

**********************************************************************
Although MDHA has taken reasonable precautions to ensure no viruses are present in
this email, MDHA cannot accept responsibility for any loss or damage arising from the
use of this email or attachments.

This communication is confidential and may contain privileged information intended 
solely for the named addressee(s). It may not be used or disclosed except for the 
purpose for which it has been sent. If you are not the intended recipient, you must not 
copy, distribute or take any action in reliance on it. Please note that any views or 
opinions presented in this email are solely those of the author and do not necessarily 
represent those of MDHA. If you have received this communication in error, please 
notify MDHA by emailing systemadministrator at nashville-mdha.org, quoting the sender, 
and then delete the message and any attached documents. MDHA accepts no liability or 
responsibility for any onward transmission or use of emails and attachments having left 
the MDHA domain.
**********************************************************************

More information about the afnog mailing list