Re: Blocked ip by spam
From: Winged (Winged_at_nofollow.com)
Date: Wed, 11 May 2005 21:44:52 -0500
> My ip was black listed becuase somebody apparently spammed from it.
> As I'm not spamming I think may be there are a worm in some machines in
> the internal net or somebody is using an external smtp server from
> internal net to make spam.
> However, I need to stop this then I need to make something to avoid to
> be black listed again.
> I wonder if somebody out there was having a similar experience and could
> give me a clue to detect why or who is generating the problem.
> Thanks in advance
If I were a betting man and the blocks were widespread I would suspect
the mail server is an open relay. Might check to see if it is listed here:
There is a relatively new vulnerability (4/20) for exchange hosts (2000,
2003) that can allow you mail host to be compromised, exploits are in
the wild. The vulnerability is caused due to a boundary error in the
"SvrAppendReceivedChunk()" function in "xlsasink.dll" when processing
X-LINK2STATE extended verb requests. This can be exploited to cause a
heap-based buffer overflow by connecting to the SMTP service and issuing
a specially crafted command. Essentially this allows the attacker to
run with system privileges.
Getting off blocked lists is far harder than getting on them.
You don't really provide enough data to troubleshoot your problem nor
how long the problem has existed. I am just providing starting look points.