Re: Blocked ip by spam
From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: Wed, 11 May 2005 23:26:12 -0700
> Javier wrote:
>> My ip was black listed becuase somebody apparently spammed from it.
>> As I'm not spamming I think may be there are a worm in some machines in
>> the internal net or somebody is using an external smtp server from
>> internal net to make spam.
>> However, I need to stop this then I need to make something to avoid to
>> be black listed again.
>> I wonder if somebody out there was having a similar experience and could
>> give me a clue to detect why or who is generating the problem.
>> Thanks in advance
> If I were a betting man and the blocks were widespread I would suspect
> the mail server is an open relay. Might check to see if it is listed
> There is a relatively new vulnerability (4/20) for exchange hosts (2000,
> 2003) that can allow you mail host to be compromised, exploits are in
> the wild. The vulnerability is caused due to a boundary error in the
> "SvrAppendReceivedChunk()" function in "xlsasink.dll" when processing
> X-LINK2STATE extended verb requests. This can be exploited to cause a
> heap-based buffer overflow by connecting to the SMTP service and issuing
> a specially crafted command. Essentially this allows the attacker to
> run with system privileges.
> More on this at:
> Getting off blocked lists is far harder than getting on them.
> You don't really provide enough data to troubleshoot your problem nor
> how long the problem has existed. I am just providing starting look
When you come across info like that post it. It is good that the group
-- "Trusted Computing" is a SCAM http://www.gnu.org/philosophy/can-you-trust.html Protect your rights http://www.eff.org/ http://www.publicknowledge.org/