I don't find any site compromise, i try to write
to Trend Micro for the third time......
Thanks everybody.
Il 02/05/2017 17:03, Matteo Cazzador ha scritto:
This i s very interesting thanks i follow this suggest.
I was moving on wrog way.
Thanks
Il 02/05/2017 16:52, L.P.H. van Belle ha scritto:
So far i can see, is your web site the target not you mail server.
I personaly use : http://multirbl.valli.org/lookup/netlite.it.html
About the same as mx toolbox, but i did notice that the list of
multirbl is much shorted when the domainname is used.
If i check with this hostname: mail.netlite.it (212.29.157.98)
http://multirbl.valli.org/lookup/212.29.157.98.html
DNSBL Blacklist Test Summary
Ip based: 231 of 231 tests done.
Domain base: 49 of 49 tests done.
Result, not listed anywere.
You are running with out of date wordpress plugins. Checked a few.
Thats asking for problems. Check you webserver logs for strange/out
of the order things.
If you dont use mod security, get it, learn it, install it and stop
the wordpress abuse.
Greetz,
Louis
-----Oorspronkelijk bericht-----
Van: dovecot_...@hotmail.com
[mailto:owner-postfix-us...@postfix.org] Namens Michael Segel
Verzonden: dinsdag 2 mei 2017 16:02
Aan: Kevin A. McGrail
CC: li...@lazygranch.com; Matteo Cazzador; postfix users
Onderwerp: Re: Trace spam activity on mail server
Just to follow up…
I ran the check on his domain:
https://mxtoolbox.com/domain/netlite.it/
Pretty clean, maybe a few things to fix, but he’s not on any
black list.
I don’t know when he set up his domain, it could be that
Trend Micro blocked the IP block due to a previous tenant and
never took them off.
Truthfully, I don’t use much more than Spamhaus these days.
in terms of RBLs.
He’s not running an open relay and if there was a spammer on
his network, Spamhaus would have caught it too. Or someone else.
Its not Matteo’s server and I suspect its Trend Micro.
HTH
-Mike
On May 2, 2017, at 8:56 AM, Kevin A. McGrail
<kmcgr...@pccc.com> wrote:
On 5/2/2017 9:51 AM, Michael Segel wrote:
You can run a check on your MX Server… there are a couple
of web sites that do this… and I think one or two will
identify the RBLs that include you.
One trick I use a lot when I have an infected machine on a
network or a customer with a problem is that I setup a
smarthost running a milter that runs the email through a spam
checker, logs the answer and then tempfails the emails.
Then I can analyze if there is an issue and do a silent
discard by subject or internal IP if we find a compromised
machine while letting everything else go through.
Regards,
KAM
--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Le informazioni contenute in questa e-mail e nei files eventualmente allegati
sono destinate unicamente ai destinatari della stessa e
sono da considerarsi strettamente riservate. E' proibito copiare, salvare,
utilizzare, inoltrare a terzi e diffondere il contenuto della presente
senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n.
196/2003. Se avete ricevuto questo messaggio per errore siete
pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di
cancellarne il contenuto senza procedere ad ulteriore o differente trattamento.
******************************************
Ing. Matteo Cazzador
NetLite snc di Cazzador Gagliardi
Corso Vittorio Emanuele II, 188 37069
Villafranca di Verona VR
Tel 0454856656
Fax 0454856655
Email: mat...@netlite.it
Web: http://www.netlite.it
******************************************
