[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Newbie at wits end with spammers through server

Subject: [cobalt-security] Newbie at wits end with spammers through server
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
Date: Tue, 14 Aug 2001 20:30:27 +1200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi yah excuse me if this has been discussed prior but I'm at wits end ...

Have taken over the lease of Cobalt RAQ3i from a previous hosting company
(they went bankrupt too many customers with them so we took on the lease
easier than moving everyone). Anyway over the last few weeks my server
provider has shut us down twice because of spam complaints.

First of all it was smtp relying through the server - after resolving this I
had one of providers techs jump into the machine to check that what was done
was correct and also they confirmed that the pop before smtp was working
correctly... excellent no more spamming.

Wrong several days later I'm shut down again and I'm told that it's because
the one of the spammers is using a yahoo.com address now but the IP is still
resolving to the server. 3 Days later they decide to turn the server back
on - after trying to phone them and find out why this is happening and how I
can stop this from happening again before I loose all my customers. I was
told by their tech support to switch off the email services and check the
log files.

The IP in question was the main IP address for the server, I found that
there were also 4 other customers using the same IP (set-up by previous
server owners). When I checked the site settings/DNS records I found one
didn't have reverse lookup in the dns and none including the ns had any MX
records.

Being none the wiser I have now corrected that so every customer account now
has mx records and reverse lookup in the DNS.

I've told their tech support that I'd even pay for a tech to check the
machine as long as they can guarantee that after checking they are not going
to shut me down again...

I'm at the end of my tether with the spamming and if it continues I can see
me loosing the server and the customers. Can any of you knowledgeable
users/administrators say where I'm going wrong, is the server set-up wrong
or is it just life and hope that it all dies down.

Many thanks in advance

Chae

Follow-Ups:
- Re: [cobalt-security] Newbie at wits end with spammers through server
  - From: Michael Stauber
- Re: [cobalt-security] Newbie at wits end with spammers through server
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-security] No telnet on saturdays??
Next by Date: Re: [cobalt-security] DANGER WILL ROBINSON!!! A tool for MIM/c*apfilt and poisoning listed on /.
Previous by thread: Re: [cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack
Next by thread: Re: [cobalt-security] Newbie at wits end with spammers through server

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index