Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
660 Views 1 Reply Latest reply: Sep 20, 2013 10:41 AM by Brad McGarr RSS
larwilliams Newcomer 1 posts since
Sep 12, 2013
Currently Being Moderated

Sep 12, 2013 11:42 PM

mxlogic.net returning "Connection Refused" errors

Hi,

 

We have been attempting to work with McAfee on this issue for several days using ts-feedback@mcafee.com and saas_falsepositives@mcafeesubmissions.com, and have made no progress. We get the same generic template saying "Success! This has been resolved." However, this is still unresolved and e-mails from our IP 74.63.192.154 are being rejected due to your system. Below is the Exim log for the most recent test message containing nothing more than Subject: test and "test" in the body:

 

LOG: MAIN

  cwd=/usr/local/cpanel/whostmgr/docroot 6 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -v -M 1VKK1z-003EIC-HC

delivering 1VKK1z-003EIC-HC

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.13] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.12] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.144.12] Connection refused

Connecting to trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13]:25 from 74.63.192.154 ... failed: Connection refused

LOG: MAIN

  trimarkconstructors.com.inbound15.mxlogic.net [208.65.145.13] Connection refused

LOG: MAIN

  == sarahl@trimarkconstructors.com R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused

 

Below is the exact source e-mail message being sent by Mozilla Thunderbird:

 

From - Fri Sep 13 00:56:53 2013

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00800000

X-Mozilla-Keys:

Message-ID: <523285FC.2080609@specon.biz>

Date: Fri, 13 Sep 2013 00:56:52 -0230

From: Test <lawrence@specon.biz>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8

MIME-Version: 1.0

To: sarahl@trimarkconstructors.com

Subject: test

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

 

test

 

While this is clearly due to spamming, it was done by the previous owner of this IP address. We only began using this IP on August 15th after purchasing a server    from Limestone Networks (www.limestonenetworks.com) and there is no    spam coming from it, so I would suspect that the previous user of    the IP address is responsible for the block.

 

Also, I checked the IP at    http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=74.63.192.154    and notice that the domain and hostname are incorrect. Our domain is    lcwsoft.com and the server's hostname is zeus.lcwsoft.com. I suspect the rating and information showing are for the previous owner who is the cause of this issue.

 

Please help!!!

 

Regards,

Lawrence

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Sep 20, 2013 10:41 AM (in response to larwilliams)
    Re: mxlogic.net returning "Connection Refused" errors

    Lawrence,

     

    I was able to confirm that your IP, 74.63.192.154, is delisted from our firewall block list and should not be receiving connection refusals. Are you still receiving connection refusals? If so, are there any other IPs which may be sending out mail?


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points