On 08/20, Michael Scheidell wrote:
Received: from mx1.secnap.com.ionspam.net ([204.89.241.253])
and, like I said in earlier email, they even have the spf dns records wrong.
host -t txt mxtools.com
mxtools.com descriptive text v=spf1 ip4:68.71.38.3 ip4:209.44.121.50 mx ~all
so, what are
On Mon, 22 Aug 2011 14:01:20 -0400
dar...@chaosreigns.com wrote:
What reason do you have to believe it's a legitimate email from
spamhaus? Have you tried contacting spamhaus or mxtools about it?
The mail might have been legitimate. We've seen a few of these messages
from MX Tools and they
Network Security
-Original message-
From: MXTools Spamhaus Team msm...@mxtools.com
To: Michael Scheidell michael.scheid...@secnap.com
Sent: Sat, Aug 20, 2011 01:20:11 GMT+00:00
Subject: Caution - access to Spamhaus data-feed may be improperly
configured: 204.89.241.253
Dear Spamhaus User,
I
On 8/20/11 2:35 AM, Benny Pedersen wrote:
Resolved mxtools.com to 209.44.121.50
[mxtools.com has 1 MX record mail.mxtools.com.(10)]
is mxtools.com the envelope sender domain ?
Received: from mx1.secnap.com.ionspam.net ([204.89.241.253])
by mx1.secnap.com.ionspam.net
On Sat, 20 Aug 2011 06:30:01 -0400, Michael Scheidell wrote:
so, what are you suggesting, someone HACKED into mxtools and is
sending spam?
spamhaus team testing mxtools mail secuirty :=)
would a mxtools member send From: line ? without space
if mxtools sends mails on behalf of spamhaus
On 8/20/11 9:38 AM, Benny Pedersen wrote:
you still did not post the envelope sender :(
one clue rule.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
*
- access to Spamhaus data-feed may be improperly configured:
204.89.241.253
Dear Spamhaus User,
I am writing to you on behalf of MXtools.com, an authorized Spamhaus reseller.
Our automated server monitoring tools have detected that your organization is
querying Spamhaus public servers
On 8/19/11 9:27 PM, Michael Scheidell wrote:
Bullshit 3.
There isn't even a dns server on this host.
and, checking to see if this is a joe job: considering spf failed:
they can't even get THEIR DNS right, and they think I have my DNS set wrong?
lusers.
Received: from smtp.mxtools.com
On 8/19/11 9:27 PM, Michael Scheidell wrote:
Bullshit 3.
There isn't even a dns server on this host.
noop, no dns server here on this ip.
sockstat -4p53
USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
mx1# ps -ax | grep named
37956 p0 S+J0:00.00 grep named