?
Solved

How do I get off SORBS after removing Trojan?

Posted on 2008-10-05
5
Medium Priority
?
649 Views
Last Modified: 2013-12-09
On September 27th, a desktop computer behind our NAT firewall was infected by a Trojan. It sent out spam and we were listed on multiple blacklists. On Monday the 29th, I identified the computer and removed the Trojan. In addition i blocked outbound port 25 from any computer other than our secured mail server.
I have requested de-listing from all of the blacklists and all but SORBS have done it quickly.
SORBS however is proving to be very problematic and unresponsive. I go on, submit for delisting and I am delisted. But, about 24 hours later, I am listed again. When I check their database it shows that I have been re-listed for the same email from Saturday the 27th!
The only place I have found to actually type text stating the circumstances and that the situation has been resolved, only sends me a ticket stating that the service is not for use of requesting delisting and has been deleted.
Any help is very much appreciated!
 
0
Comment
Question by:jamesbrentstanfi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 19

Expert Comment

by:bevhost
ID: 22646541
0
 
LVL 19

Expert Comment

by:bevhost
ID: 22646551
Vulnerabilities Database
Listing is a manual and automatic process and is performed whenever a host is suspected of being hacked or abused. The automated part is when an infected host contacts a SORBS test server and attempts to exploit known worm code.
Delisting is manual and will be performed when you mail the SORBS support system indicating the problem is fixed and the host is patched against further attack. If a particular host is relisted more than four times, the listing will be set for a period of one year minimum.
0
 

Author Comment

by:jamesbrentstanfi
ID: 22647190
That is the problem. I cannot find a way to email them the information. Whenever I have done this, I get a reply stating that my email was sent to a queue that is not used for de-listing. I have had to request de-listing about 10 times so far for the same email that they recieved once. When I check the database, they show the same email that they recieved a week ago. I have folled every instruction on their site and clicked every link. If anyone knows an email address I can use then I would be most grateful.

Thanks for the information.
0
 
LVL 19

Expert Comment

by:bevhost
ID: 22647292
That is why I would not recommend anyone use SORBS as an RBL for checking inbound email.
The collateral damage of false listings is too high.

How many MTA's are blocking you because you are on SORBS?

To check if you are on any other RBL's try
http://www.robtex.com/rbl/
0
 

Accepted Solution

by:
jamesbrentstanfi earned 0 total points
ID: 23467648
This final comment is very late being posted but the issue was resolved about two weeks after the original post. After numerous emails to every possible address I could find at SORBS, the IP was finally removed.

No explanation for the long delay from SORBS or even a hint of regret. I am sure that they think they are the saviors of the internet but the smug Bas****s are hurting a lot of businesses. I agree with bevhost above. Every MTA, other than SORBS, responded within 24 hours to my de-listing requests after the problem had been resolved and they were contacted with the actions taken to minimize future issues.

As a temporary work-around, I setup a mail server at a different IP and relayed the email through the new IP. That was the only way the business email could go out.

Please everyone; get a filtering app. that has a "REAL" support team that can be easily contacted if a similar situation arises.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month12 days, 20 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question