Recovering from spam resulting from compromised account

• Previous message (by thread): Recovering from spam resulting from compromised account
• Next message (by thread): H3C Technical List
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello again,

I sincerely appreciate all the suggestions over the past week or so. We are
mostly out of the woods.

Yahoo is still blocking one of our MXs (12.25.180.94), despite repeated
attempts to clear that IP. It appears as though no matter who we contact at
Yahoo, they are all sending the same canned response:

"While we cannot provide you with specific information, we encourage you to
> review some of our recommended best practices for sending to Yahoo! Mail.
> For assistance with delivery issues to Yahoo! Mail, please visit the Yahoo!
> Postmaster help site. Your patience during this process is greatly
> appreciated. Thank you again for contacting Yahoo! Mail."


***If anyone knows of a human at Yahoo who might actually be able to
assist, that would be much appreciated.***

We got our way out of this mess by writing to the major Postmasters,
explaining the situation and then being patient while things cleared up.
Gmail was the most responsive (surprise surprise), and once our mail queue
was cleared of all queued SPAM and we _actually_ stopped sending messages,
they automatically cleared our name without requiring any human
intervention.

Oh, and to add insult to injury, an IP address change at AT&T was
preventing them from slaving our reverse DNS, which expired and caused a
whole mess of further problems to our email. :-( Time to add some
_external_ DNS health checks to our monitoring systems.

Thanks again,
Dave

On Wed, Nov 21, 2012 at 5:53 PM, Dave Sotnick <sotnickd-nanog at ddv.com>
wrote:
> Hello, oh knowledgeable NANOG.
>
> I am the technical lead for network for Pixar. (Note: I am not the
> mail admin, he's on vacation.) Yesterday we had an account compromise
> that resulted in ~2.5M messages being sent through our two MTAs.
>
> I have acknowledged/closed the two SpamCop incidents, and mail is
> starting to flow, slowly, however we are still receiving bounces (some
> hard!) and I am looking for assistance in getting Pixar's IPs cleared
> from the blacklists.
>
> I was pointed to:
>
> http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.66
> http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a12.25.180.94
>
> Which shows we're still listed on Backscatterer and SPAM Cannibal.
>
> Also had reports that we're still seeing bounces to Gmail, Comcast and
> Yahoo accounts.
>
> What can we do to speed things along? We have a ticket open with Gmail
> folks since we have a studio who uses Gmail for Corporate mail. Any
> Comcast or Gmail SMTP contacts on NANOG that can help? Would love to
> get all out stuck mail out of these folks' MTAs.
>
> Or do we need to just remove ourselves from the last two blacklists at
> mxtoolbox?
>
> Thanks,
> David Sotnick
> --
> Pixar
> Emeryville, CA

• Previous message (by thread): Recovering from spam resulting from compromised account
• Next message (by thread): H3C Technical List
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]