Good point. I wanted to press the point with CBL, but didn't want to risk irritating them.
It does sound like in Joel's case the server is compromised. In our case, we verified that our mail servers were clean, and confirmed with CBL that they did not receive any spam from us. I just wanted to raise more awareness of the CBL/IMail HELO issue in this list. Darin. ----- Original Message ----- From: Matt To: [email protected] Sent: Monday, January 29, 2007 12:40 PM Subject: Re: [IMail Forum] Imail vulnerability, or do we have a Virus I believe that Ipswitch should contact them directly, or rather have their lawyers contact them directly, and let them know that their actions related to blacklisting servers that are not sending spam, but instead are failing this test of theirs, is causing harm to their company and their clients and demand that they cease and desist immediately. I would recommend also copying the letter to Spamhaus as well since they are the primary distributer of this list to major ISP's. CBL can implement an automatic workaround in their system if they wanted to keep this test and wanted to avoid tagging IMail servers. Regarding this issue being the cause of Joel's issues...it is possible, but he is also running a vulnerable version of the software, and the people at CBL knew enough to ask him about this. I would not contact CBL again until the box is port scanned and throughly checked for any issues, i.e. turn off all Internet connected services and monitor the bandwidth to see if anything is going on that shouldn't be. A look at the logs is also helpful as there were suspicious instances of addresses reported there, but this isn't necessarily cause for concern unless there is a clear pattern. It could simply be users sending messages with different From addresses than what their accounts have. Matt Darin Cox wrote: Nope... had a long talk with them last week. They did put us on a 90-day delist to allow time for 2006.2 to be released and us to upgrade, but there is no permanent list any longer. In our case that's enough since we will be planning the upgrade soon after 2006.2 is released. Darin. ----- Original Message ----- From: "Matrosity Tech Support" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, January 29, 2007 11:57 AM Subject: RE: [IMail Forum] Imail vulnerability, or do we have a Virus Read the last 4 words in that message and I think you can call them back. Thanks, Bill Foresman MatrosityHosting.com 850.656.2644 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, January 29, 2007 11:54 AM To: [email protected] Subject: Re: [IMail Forum] Imail vulnerability, or do we have a Virus Yep, we found that out last week. They must have changed their policy just before we talked to them, and changed their email text just afterwards. Darin. ----- Original Message ----- From: "Joel Lichtenberger" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, January 29, 2007 11:47 AM Subject: RE: [IMail Forum] Imail vulnerability, or do we have a Virus Marc, Apparently they no longer do this, here is the first line of the email they sent me: [Note: if you have received messages from us about IPSwitch/IMail before, please note that IPSwitch has finally implemented a workaround. Please see below. We will no longer be perm-delisting IMail installations unless there's no alternative.] Joel -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc Sent: Monday, January 29, 2007 10:42 AM To: [email protected] Subject: Re: [IMail Forum] Imail vulnerability, or do we have a Virus Joel, mail to [EMAIL PROTECTED] and ask to remove the entry from the list permanently, because of using imail. http://www.mail-archive.com/[email protected]/msg103112.html but be aware what Matt told you about vulnerable versions of IMail... marc At 15:06 29.01.2007, you wrote: We were added to the CBL list Saturday, after contacting them they asked me if I was using Imail, Why did they ask if I was using Imail. Because of the, IMail - SMTP Vulnerability mentioned here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm? Concerned that I was somehow allowing SPAM to forward/relay through our machine I looked at the SMTP logs and notice mail from [EMAIL PROTECTED] was being sent to [EMAIL PROTECTED] According to the logs the messages originated from our mail server. Have we been exploited by the Imail vulnerability, or do we have a Virus? I'm just trying to figure out which direction to go from here. Thanks, Joel To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ [Scanned for viruses] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
