RE: message blocked by grandhyattbali.com

  • From: "Mark Morgan" <mkxx111@xxxxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Mon, 28 Nov 2005 16:42:58 -0800

Carl you are the man!!!

My system was compromised by one of my tech's thinking he was blocking spam from that domain. wont happen again they all lost access to the servers.

 

Thanks

 Mark


From: "Carl Houseman" <c.houseman@xxxxxxxxx>
Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Subject: [exchangelist] RE: message blocked by grandhyattbali.com
Date: Mon, 28 Nov 2005 19:27:52 -0500

http://www.MSExchange.org/
Your system is compromised, or someone else has made changes to your Exchange server configuration without telling you.
 
Exchange doesn't start blocking mail in this fashion without somebody doing something.
 
Check in Exchange System Manager, Global Settings, Message Delivery -> Properties.
Look on the Connection Filtering tab.
Is anything configured under Block List Service Configuration?
 
Carl
 

From: Mark Morgan [mailto:mkxx111@xxxxxxxxxxx]
Sent: Monday, November 28, 2005 7:12 PM
To: [ExchangeList]
Subject: [exchangelist] RE: message blocked by grandhyattbali.com

It does or use to accept postmaster and abuse but is being blocked by grandhyattbali.com just like all other mail addrs.


From:  "John T (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
Reply-To:  "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
To:  "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Subject:  [exchangelist] RE: message blocked by grandhyattbali.com
Date:  Mon, 28 Nov 2005 15:53:31 -0800
>
>I was going to say:
>
>=Without seeing more information, I have a couple of guesses in order:
>=
>=1. Some one you know (or one of your users knows) is infected with a virus,
>is sending =out virus laden messages and they are pretending to be from your
>user, those =messages are bouncing back to your server as undeliverable, and
>your server is then =bouncing them as unknown.
>=
>=2.
>
>But while investigating number 2 I found you have server and DNS problems.
>
>http://www.dnsreport.com/tools/dnsreport.ch?domain=palmdrivehospital.com
>
>ERROR: One or more of your mailservers does not accept mail to
>postmaster@xxxxxxxxxxxxxxxxxxxxxx Mailservers are required (RFC822 6.3,
>RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
>palmdrivehospital.com's postmaster response: >>> RCPT
>TO:<postmaster@xxxxxxxxxxxxxxxxxxxxx> <<< 550 5.7.1 66.36.241.109 has been
>blocked by grandhyattbali.com
>
>WARNING: One or more of your mailservers does not accept mail to
>abuse@xxxxxxxxxxxxxxxxxxxxxx Mailservers are expected by RFC2142 to accept
>mail to abuse.
>
>palmdrivehospital.com's abuse response:
>     >>> RCPT TO:<abuse@xxxxxxxxxxxxxxxxxxxxx>
>     <<< 550 5.7.1 66.36.241.109 has been blocked by grandhyattbali.com
>
>WARNING: One or more of your mailservers does not accept mail in the domain
>literal format (user@[0.0.0.0]). Mailservers are technically required
>RFC1123 5.2.17 to accept mail to domain literals for any of its IP
>addresses. Not accepting domain literals can make it more difficult to test
>your mailserver, and can prevent you from receiving E-mail from people
>reporting problems with your mailserver. However, it is unlikely that any
>problems will occur if the domain literals are not accepted (mailservers at
>many common large domains have this problem).
>
>palmdrivehospital.com's postmaster@[63.193.20.130] response:
>     >>> RCPT TO:<postmaster@[63.193.20.130]>
>     <<< 550 5.7.1 66.36.241.109 has been blocked by grandhyattbali.com
>
>Has your IP addresses changed or anything changed?
>
>If not, you better run and found out what is going on.
>
>John T
>eServices For You
>
> > -----Original Message-----
> > From: Mark Morgan [mailto:mmorgan@xxxxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, November 28, 2005 2:48 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] message blocked by grandhyattbali.com
> >
> > http://www.MSExchange.org/
> >
> > I have Exch 2003 sp2, today messages sent to my server are getting bounced
> > back with a message
> > user@xxxxxxx
> > You do not have permission to send to this recipient, for assistance
> > contact your admin.
> > <XXXXX.org # 5.7.1 smtp;550 5.7.1 65.xxx.xxx.xxx has been blocked by
> > grandhyattbali.com>
> >
> > I am not have any connection with grandhyattbali.com we are a small local
> > hospital.
> >
> > Any Ideas?
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as: mkxx111@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx

Other related posts: