I'm far ahead of you -- I already knew all this, and have done all the right steps. The server uses strictly SMTP_AUTH; it has not been compromised beyond the account details of the spammer being circulated.
The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet.
Perhaps this would be a good insurance line -- insuring against Rufmord from all these neighbourhood network grannies. But I somehow feel that dealing with the insurance Bürokraten would be worse than dealing with these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here?
The ETH should know better than to be using such people anyway -- I have informed them of the problem.
Charles
-----Original Message----- From: Per Jessen [mailto:per.jessen@enidan.ch] Sent: Wednesday, November 07, 2007 12:03 PM To: swinog@lists.swinog.ch Subject: RE: [swinog] UCEProtect Blacklist -- join the club
Per Jessen wrote:
Charles Buckley wrote:
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason.
mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps.
Uh, sorry - I overlooked that you said "shared". Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it.
/Per Jessen, Herrliberg