1 Reply Latest reply: Sep 20, 2013 10:41 AM by Brad McGarr RSS

    mxlogic.net returning "Connection Refused" errors

    larwilliams

      Hi,

       

      We have been attempting to work with McAfee on this issue for several days using ts-feedback@mcafee.com and saas_falsepositives@mcafeesubmissions.com, and have made no progress. We get the same generic template saying "Success! This has been resolved." However, this is still unresolved and e-mails from our IP 74.63.192.154 are being rejected due to your system. Below is the Exim log for the most recent test message containing nothing more than Subject: test and "test" in the body:

       

      LOG: MAIN

        cwd=/usr/local/cpanel/whostmgr/docroot 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -v -M 1VKK1z-003EIC-HC

      delivering 1VKK1z-003EIC-HC

      Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13]:25 from 74.63.192.154 ... failed: Connection refused

      LOG: MAIN

        trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13] Connection refused

      Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12]:25 from 74.63.192.154 ... failed: Connection refused

      LOG: MAIN

        trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12] Connection refused

      Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12]:25 from 74.63.192.154 ... failed: Connection refused

      LOG: MAIN

        trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12] Connection refused

      Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13]:25 from 74.63.192.154 ... failed: Connection refused

      LOG: MAIN

        trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13] Connection refused

      LOG: MAIN

        == sarahl@trimarkconstructors.com R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused

       

      Below is the exact source e-mail message being sent by Mozilla Thunderbird:

       

      From - Fri Sep 13 00:56:53 2013

      X-Mozilla-Status: 0001

      X-Mozilla-Status2: 00800000

      X-Mozilla-Keys:

      Message-ID: <523285FC.2080609@specon.biz>

      Date: Fri, 13 Sep 2013 00:56:52 -0230

      From: Test <lawrence@specon.biz>

      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

      MIME-Version: 1.0

      To: sarahl@trimarkconstructors.com

      Subject: test

      Content-Type: text/plain; charset=ISO-8859-1; format=flowed

      Content-Transfer-Encoding: 7bit

       

      test

       

      While this is clearly due to spamming, it was done by the previous owner of this IP address. We only began using this IP on August 15th after purchasing a server    from Limestone Networks (www.limestonenetworks.com) and there is no    spam coming from it, so I would suspect that the previous user of    the IP address is responsible for the block.

       

      Also, I checked the IP at    http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=74.63.192.154    and notice that the domain and hostname are incorrect. Our domain is    lcwsoft.com and the server's hostname is zeus.lcwsoft.com. I suspect the rating and information showing are for the previous owner who is the cause of this issue.

       

      Please help!!!

       

      Regards,

      Lawrence