[plug] any advice

Craig Foster Craig at fostware.net
Sat Aug 14 15:19:08 WST 2010 

Two things...


1)      I wouldn't have posted a mobile on the net like that...

2)      I've always been of the opinion that routers should whitelist servers, photocopiers, and a range of static IPs, and block all port 25 traffic.

Coming from a consultant background, we never know what may be trying to get out when we're cleaning machine.
Personally I'd recommend a separate VLAN and separate external IP for service work, so that SMB/CIFS, SQL, RPC and SSH hacks on office machines are limited by hardware firewalling.
(actually all our service work also goes through a linux box to do SMTP and HTTP transparent proxying so managing/logging issues like yours are easier )


From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf Of Jon L Miller
Sent: Friday, 6 August 2010 9:28 AM
To: plug at plug.org.au
Subject: [plug] any advice

I seem to be having e-mail problems relating to me sending  regular e-mail and getting a message back stating I may have a  spamming mail server.
Looked in the logs to see this quite a bit:
Aug  6 08:37:13 mmtlnx postfix/smtpd[5235]: NOQUEUE: reject: RCPT from brash.confluence.volia.net[93.74.97.23]: 550 SPAM; Client host [93.74.97.23] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=93.74.97.23 - Phone +61 4xx xxx xxx if you believe this to be in error.; from=<ErrolAyala at surfeador.com<mailto:ErrolAyala at surfeador.com>> to=<johnsmithsvt at mmtnetworks.com.au<mailto:johnsmithsvt at mmtnetworks.com.au>> proto=SMTP helo=<brash.confluence.volia.net>
Aug  6 08:37:14 mmtlnx postfix/smtpd[5235]: NOQUEUE: reject: RCPT from brash.confluence.volia.net[93.74.97.23]: 550 SPAM; Client host [93.74.97.23] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=93.74.97.23 - Phone +61 4xx xxx xxx if you believe this to be in error.; from=<ErrolAyala at surfeador.com<mailto:ErrolAyala at surfeador.com>> to=<leanne at mmtnetworks.com.au<mailto:leanne at mmtnetworks.com.au>> proto=SMTP helo=<brash.confluence.volia.net>
Aug  6 08:37:14 mmtlnx postfix/smtpd[5235]: NOQUEUE: reject: RCPT from brash.confluence.volia.net[93.74.97.23]: 550 SPAM; Client host [93.74.97.23] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=93.74.97.23 - Phone +61 4xx xxx xxx if you believe this to be in error.; from=<ErrolAyala at surfeador.com<mailto:ErrolAyala at surfeador.com>> to=<millerjlmiller at mmtnetworks.com.au<mailto:millerjlmiller at mmtnetworks.com.au>> proto=SMTP helo=<brash.confluence.volia.net>


But not too sure what steps to take other than take it off line for the moment


Jon Miller
MMT Networks P/L

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20100814/6f7eaba6/attachment.html>

More information about the plug mailing list