Wow…. Let me just say that I have typically been inundated with junk mail on my primary address. It’s associated with this domain and has been hosted in an older sendmail setup for quite some time (not really by choice, but because that’s what was installed on the old vps.) I’m currently migrating to postfix which I’m a bit more familiar with and had used successfully to at least tag my junk mail as SPAM for sorting at home. Well, my older postfix system didn’t have too many options to add on and tweak and so this weekend I’ve invested some time in migrating the main mail server over to a newer postfix install with amavis and postgrey and a few other tools.
Tag: mailserver
-
Mail Server Rejecting all Messages – Check your Blacklists relays.ordb.org is listing the WORLD
It’s unusual for mail servers to suddenly start rejecting messages internally and from external sources. That’s exactly what I saw though over the weekend. A mailserver running mdaemon on Windows 2000 was rejected ALMOST every message that was sent it’s way whether it was an internal mail sender and recipient or external sender to internal recipient. The really interesting things was to see a message sporadically succeed. This problem was with mdaemon, but could have occured with ANY mail server. Here’s why…
-
Why? (Why couldn’t AT&T make sure their mail servers weren’t using old dialup IPs that are blacklisted….)
Why do I always wind up being the one to discover problems? …. Today in checking mail I found a mail that had bounced back from one of my clients that uses bellsouth… Now bellsouth has recently been bought by AT&T and it appeared as though the mail had been rejected because the mailserver trying to deliver it was in an email blacklist. *(What – a bellsouth mailserver in a blacklist?) Well, we’ve gone through this before with some of the passive blacklists where people might relay junk through their isp, but… on searching the AT&T outbound mailserver 207.115.11.54 was in the dial up block lists at sorbs and nomorefun…. (as was 207.115.11.55) These seem to be the new fmailhost04.isp.att.net and fmailhost05.isp.att.net outbound mail machines.
-
Symantec Antivirus Remotely Exploitable Vulnerability
This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1” and “Symantec Antivirus Corporate Edition 10.1”
They have released IDS updates to try to detect attempted exploits of this….
-
Evolution email error MAIL FROM command failed: Unknown
Some time back, I was teetering on the brink…. I’ve used Evolution as my linux mail client for ages (since I switched), because it had the calender integrated etc… However, Kontact has REALLY looked nice for some time, but I didn’t have time to mess with changing. Then one day, I was trying to send a message with Evolution and got a pop up box saying…….. “error while performing operation”, and “MAIL FROM command failed: Unknown” huh???
-
Network security – what does arp spoofing mean for wireless?
So, if you haven’t already had enough cause to tighten your wireless security…. we’ve been talking about arp poisoning (spoofing) and the basic conclusion is that IF an attacking machine is on the same subnet as your machine (same IP address range), they can “own” all traffic from you machine to the gateway. It doesn’t matter if you’re using wireless or wired for your machine. As a demonstration I connected my laptop to my wireless access point…..
-
Bellsouth mail.lig.bellsouth.net server phasing out?
I haven’t had much time to look into this, but one of the mailservers I administer is typically configured to relay through mail.lig.bellsouth.net, with mail.averyjparker.com as a fallback. Sometime overnight, mail.averyjparker.com started getting heavy use and on checking this morning was getting all of the outbound traffic. So, I did a bit of investigation mail.lig.bellsouth.net is no longer found and I’ve switched the configuration to mail.bellsouth.net and all is churning along well.
-
Network Security guide for the home or small business network – Part 3 – Antivirus
Ok, the first two entries thus far, hardware firewalls and software firewalls have been fairly operating system independant. A hardware firewall is best, but if that’s not possible a software firewall will do until you get a hardware firewall setup. This next item is (currently) a must have for Windows users. However, Mac and Linux users may see the day soon when it is an essential part of security for those systems as well. These days I am stunned to see PC’s that don’t have an antivirus program installed.
-
New Sober variants..
Ok – there are some new variants on the Sober worm circulating. I received one on an address that’s unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the attachment. Sans has a post on it.. Sarc is calling it W32sober.x@mm and rates it at a threat level of three. I’ve seen many outlets tag it as sober.y
-
Ways to deal with Junk Mail (2 of 2)
Okay, in a previous post I talked about a server side solution for junk mail filtering. Now it’s time to ask…. “what if I can’t install filtering software on our mailserver?” Here is one way to deal with the answer… (more…)