cancel
Showing results for 
Search instead for 
Did you mean: 
larwilliams
Level 7

mxlogic.net returning "Connection Refused" errors

Hi,

We have been attempting to work with McAfee on this issue for several days using ts-feedback@mcafee.com and saas_falsepositives@mcafeesubmissions.com, and have made no progress. We get the same generic template saying "Success! This has been resolved." However, this is still unresolved and e-mails from our IP 74.63.192.154 are being rejected due to your system. Below is the Exim log for the most recent test message containing nothing more than Subject: test and "test" in the body:

LOG: MAIN

  cwd=/usr/local/cpanel/whostmgr/docroot 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -v -M 1VKK1z-003EIC-HC

delivering 1VKK1z-003EIC-HC

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13] Connection refused

LOG: MAIN

  == sarahl@trimarkconstructors.com R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused

Below is the exact source e-mail message being sent by Mozilla Thunderbird:

From - Fri Sep 13 00:56:53 2013

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00800000

X-Mozilla-Keys:

Message-ID: <523285FC.2080609@specon.biz>

Date: Fri, 13 Sep 2013 00:56:52 -0230

From: Test <lawrence@specon.biz>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

MIME-Version: 1.0

To: sarahl@trimarkconstructors.com

Subject: test

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

test

While this is clearly due to spamming, it was done by the previous owner of this IP address. We only began using this IP on August 15th after purchasing a server    from Limestone Networks (www.limestonenetworks.com) and there is no    spam coming from it, so I would suspect that the previous user of    the IP address is responsible for the block.

Also, I checked the IP at    http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=74.63.192.154    and notice that the domain and hostname are incorrect. Our domain is    lcwsoft.com and the server's hostname is zeus.lcwsoft.com. I suspect the rating and information showing are for the previous owner who is the cause of this issue.

Please help!!!

Regards,

Lawrence

0 Kudos
1 Reply
cascadia
Level 12

Re: mxlogic.net returning "Connection Refused" errors

Lawrence,

I was able to confirm that your IP, 74.63.192.154, is delisted from our firewall block list and should not be receiving connection refusals. Are you still receiving connection refusals? If so, are there any other IPs which may be sending out mail?

0 Kudos