jamesbrentstanfi
asked on
How do I get off SORBS after removing Trojan?
On September 27th, a desktop computer behind our NAT firewall was infected by a Trojan. It sent out spam and we were listed on multiple blacklists. On Monday the 29th, I identified the computer and removed the Trojan. In addition i blocked outbound port 25 from any computer other than our secured mail server.
I have requested de-listing from all of the blacklists and all but SORBS have done it quickly.
SORBS however is proving to be very problematic and unresponsive. I go on, submit for delisting and I am delisted. But, about 24 hours later, I am listed again. When I check their database it shows that I have been re-listed for the same email from Saturday the 27th!
The only place I have found to actually type text stating the circumstances and that the situation has been resolved, only sends me a ticket stating that the service is not for use of requesting delisting and has been deleted.
Any help is very much appreciated!
I have requested de-listing from all of the blacklists and all but SORBS have done it quickly.
SORBS however is proving to be very problematic and unresponsive. I go on, submit for delisting and I am delisted. But, about 24 hours later, I am listed again. When I check their database it shows that I have been re-listed for the same email from Saturday the 27th!
The only place I have found to actually type text stating the circumstances and that the situation has been resolved, only sends me a ticket stating that the service is not for use of requesting delisting and has been deleted.
Any help is very much appreciated!
Vulnerabilities Database
Listing is a manual and automatic process and is performed whenever a host is suspected of being hacked or abused. The automated part is when an infected host contacts a SORBS test server and attempts to exploit known worm code.
Delisting is manual and will be performed when you mail the SORBS support system indicating the problem is fixed and the host is patched against further attack. If a particular host is relisted more than four times, the listing will be set for a period of one year minimum.
Listing is a manual and automatic process and is performed whenever a host is suspected of being hacked or abused. The automated part is when an infected host contacts a SORBS test server and attempts to exploit known worm code.
Delisting is manual and will be performed when you mail the SORBS support system indicating the problem is fixed and the host is patched against further attack. If a particular host is relisted more than four times, the listing will be set for a period of one year minimum.
ASKER
That is the problem. I cannot find a way to email them the information. Whenever I have done this, I get a reply stating that my email was sent to a queue that is not used for de-listing. I have had to request de-listing about 10 times so far for the same email that they recieved once. When I check the database, they show the same email that they recieved a week ago. I have folled every instruction on their site and clicked every link. If anyone knows an email address I can use then I would be most grateful.
Thanks for the information.
Thanks for the information.
That is why I would not recommend anyone use SORBS as an RBL for checking inbound email.
The collateral damage of false listings is too high.
How many MTA's are blocking you because you are on SORBS?
To check if you are on any other RBL's try
http://www.robtex.com/rbl/
The collateral damage of false listings is too high.
How many MTA's are blocking you because you are on SORBS?
To check if you are on any other RBL's try
http://www.robtex.com/rbl/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.au.sorbs.net/overview.shtml