Re: Email blacklists blocking campus mail servers

[Harry Hoffman <hhoffman () IP-SOLUTIONS NET>]

Hi John,

Lots of us have scripts in place to identify compromised accounts by the
frequency and volume at which mail is being sent.

Once a account meets that threshold you can take some action: reject
mail, change password, etc. Blacklisting usually doesn't happen on
"occasional" spam run with very low volume.

You'll need to implement the same thing in any webmail offerings.

Reach out to the service that blacklisted you and work with them to get
un-blacklisted (or is it de-blacklisted.. I never know).

If you use something like Nagios there's a plugin to check various
blacklist feeds and report/alert if a specific ip address is on the
blaclist. Implement this or something similiar so you know ASAP.

Cheers,
Harry

On 04/04/2013 12:40 PM, John Bambenek wrote:
> I was wondering how many people had experience with this type of
> incident where you campus mail servers got listed in email blacklists
> for compromised accounts sending out spam.
>
> How did you mitigate the problem once identified?
>
> j