Re: Blocked ip by spam

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 05/12/05 

Date: Wed, 11 May 2005 23:26:12 -0700

Winged wrote:

> Javier wrote:
>>
>> Hi
>>
>> My ip was black listed becuase somebody apparently spammed from it.
>>
>> As I'm not spamming I think may be there are a worm in some machines in
>> the internal net or somebody is using an external smtp server from
>> internal net to make spam.
>>
>> However, I need to stop this then I need to make something to avoid to
>> be black listed again.
>>
>> I wonder if somebody out there was having a similar experience and could
>> give me a clue to detect why or who is generating the problem.
>>
>> Thanks in advance
>>
>> J
>
> If I were a betting man and the blocks were widespread I would suspect
> the mail server is an open relay. Might check to see if it is listed
> here:
>
> http://www.ordb.org/faq/
>
> There is a relatively new vulnerability (4/20) for exchange hosts (2000,
> 2003) that can allow you mail host to be compromised, exploits are in
> the wild. The vulnerability is caused due to a boundary error in the
> "SvrAppendReceivedChunk()" function in "xlsasink.dll" when processing
> X-LINK2STATE extended verb requests. This can be exploited to cause a
> heap-based buffer overflow by connecting to the SMTP service and issuing
> a specially crafted command. Essentially this allows the attacker to
> run with system privileges.
>
> More on this at:
>
> http://secunia.com/advisories/14920/
>
> Getting off blocked lists is far harder than getting on them.
>
> You don't really provide enough data to troubleshoot your problem nor
> how long the problem has existed. I am just providing starting look
> points.
>
> Winged

When you come across info like that post it. It is good that the group
knows...

Michael 

-- 
"Trusted Computing" is a SCAM
http://www.gnu.org/philosophy/can-you-trust.html
Protect your rights
http://www.eff.org/
http://www.publicknowledge.org/

Relevant Pages

  • Re: Blocked ip by spam
    ... >> As I'm not spamming I think may be there are a worm in some machines in ... >> the internal net or somebody is using an external smtp server from ... > the mail server is an open relay. ...
    (alt.computer.security)
  • Re: Blocked ip by spam
    ... > the internal net or somebody is using an external smtp server from ... the mail server is an open relay. ... There is a relatively new vulnerability for exchange hosts (2000, ...
    (alt.computer.security)