Try to find the machine what is sending the spam, unless your own server is doing it. iptables -I FORWARD -p tcp --dport 25 -i $LOCAL_DEVICE -o $EXT_DEVICE -s $IP_LAN -d! $IP_LOCAL_SERVER -j LOG --log-prefix "SPAM_DETECTED" []s, Marcos On Thu, Aug 7, 2008 at 8:30 AM, David Richards <DavidR@xxxxxxxxxxxxxxx>wrote: > First off, I would turn logging on so you can see what is doing what. > This should help you trace it. > Also ensure that your anti-virus is up to date and all patches > installed. > > -- > David Richards > Network Administrator > > Eurosoft (UK) Ltd > 3 St. Stephen's Road > Bournemouth, Dorset > BH2 6JL > United Kingdom > Tel: +44 (0)1202 297315 > Fax: +44 (0)1202 558280 > Mobile: +44 (0)7725514869 > > http://www.eurosoft-uk.com > > ======================================= > Increase computer reliability today! > Eurosoft diagnostic software tests and validates all brands of PCs > during manufacturing and servicing. > Guaranteed immediate service cost savings! > ======================================= > Nobody checks out PCs better than Eurosoft! > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of samuel dinakar sama > Sent: 07 August 2008 12:23 > To: General Red Hat Linux discussion list > Subject: IP Black listing problem > > HI all, > > Straight to the problem I am facing in my organization. I am > maintaining > mail server Sendmail (fedora) .we have a recurring problem , Public IP > (internet gateway s/m) is getting black listed because of Spam.. I > couldn't > trace anything , How Trojan spam generated ? How to provide the security > ? > > For this problem I have been changing the public IP , but it not a > solution > .. > > > > The below message is thrown by CBL.abuse.org for black listing : > > *ATTENTION: **This IP is infected with, or NATting for a computer > infected > with a high volume spam sending trojan - it is participating in a > botnet. * > > *This is the Srizbi BOT * > > *You need to patch your system and then fix/remove the trojan. Do this > before delisting, or you're most likely to be listed again almost > immediately. * > > *If this IP is a NAT firewall/gateway, you MUST configure the NAT to > prevent > outbound port 25 connections to the Internet except from your real mail > servers. * > > Any suggestion for me to give in IPtables or selinux. Your suggestions > or > any input for this problem is very much appreciated. > > > > Thanks & Regards, > > *Samuel* > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- ======================================== Marcos Aurelio Rodrigues <deigratia33@xxxxxxxxx> CCNA, MCSO, Security+ Mirabilia laudo semprer, Dei ======================================== -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
