nanog mailing list archives
Recovering from spam resulting from compromised account
From: Dave Sotnick <sotnickd-nanog () ddv com>
Date: Wed, 21 Nov 2012 17:53:19 -0800
Hello, oh knowledgeable NANOG. I am the technical lead for network for Pixar. (Note: I am not the mail admin, he's on vacation.) Yesterday we had an account compromise that resulted in ~2.5M messages being sent through our two MTAs. I have acknowledged/closed the two SpamCop incidents, and mail is starting to flow, slowly, however we are still receiving bounces (some hard!) and I am looking for assistance in getting Pixar's IPs cleared from the blacklists. I was pointed to: http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.66 http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.94 Which shows we're still listed on Backscatterer and SPAM Cannibal. Also had reports that we're still seeing bounces to Gmail, Comcast and Yahoo accounts. What can we do to speed things along? We have a ticket open with Gmail folks since we have a studio who uses Gmail for Corporate mail. Any Comcast or Gmail SMTP contacts on NANOG that can help? Would love to get all out stuck mail out of these folks' MTAs. Or do we need to just remove ourselves from the last two blacklists at mxtoolbox? Thanks, David Sotnick -- Pixar Emeryville, CA
Current thread:
- Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
- Re: Recovering from spam resulting from compromised account Matthew Barr (Nov 24)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Andrew Jones (Nov 21)
- Re: Recovering from spam resulting from compromised account Suresh Ramasubramanian (Nov 21)
- Re: Recovering from spam resulting from compromised account Jimmy Hess (Nov 24)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 21)
- Re: Recovering from spam resulting from compromised account Dave Sotnick (Nov 30)