Re: Blocked ip by spam

From: Winged (
Date: 05/12/05

Date: Wed, 11 May 2005 21:44:52 -0500

Javier wrote:
> Hi
> My ip was black listed becuase somebody apparently spammed from it.
> As I'm not spamming I think may be there are a worm in some machines in
> the internal net or somebody is using an external smtp server from
> internal net to make spam.
> However, I need to stop this then I need to make something to avoid to
> be black listed again.
> I wonder if somebody out there was having a similar experience and could
> give me a clue to detect why or who is generating the problem.
> Thanks in advance
> J

If I were a betting man and the blocks were widespread I would suspect
the mail server is an open relay. Might check to see if it is listed here:

There is a relatively new vulnerability (4/20) for exchange hosts (2000,
2003) that can allow you mail host to be compromised, exploits are in
the wild. The vulnerability is caused due to a boundary error in the
"SvrAppendReceivedChunk()" function in "xlsasink.dll" when processing
X-LINK2STATE extended verb requests. This can be exploited to cause a
heap-based buffer overflow by connecting to the SMTP service and issuing
a specially crafted command. Essentially this allows the attacker to
run with system privileges.

More on this at:

Getting off blocked lists is far harder than getting on them.

You don't really provide enough data to troubleshoot your problem nor
how long the problem has existed. I am just providing starting look points.