Rico a écrit:J'ai voulu me connecter un forum depuis le taf aujourd'hui. J'ai réussi, mais à chaque fois que j'ai voulu poster j'ai eu ce message
Un admin aurait-il black lister mon poste du taf ou est-ce que c'est le responsable informatique de ma boite qui a grillé que je faisais autre chose que travailler sur mon poste qui m'a bloqué certains accès?
IP Address 80.12.105.241 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2016-01-20 17:00 GMT (+/- 30 minutes), approximately 1 days, 15 hours, 29 minutes ago.
This listing is caused by behaviour strongly correlated to the Cutwail (amongst others) botnet.
There is one particular instance where this is not the case. It shows up most often when you have a several internal devices (such as printers, UPS or firewall monitoring systems) that can send email and when 80.12.105.241 is a NAT gateway. If these internal devices send email directly to the recipient or to especially a smarthost/relay not hosted on your internal network, there is a potential for a listing if the device or software is configured in a non-standard compliant fashion.
If the above situation describes your setup, there are two methods by which you should be able to resolve it. The best way (from a simplicity, security and maintainability perspective) is to set up a mail server of your own, and have all these devices (and your users) send their email via this mail server. If your network is big enough to have multiple users and devices, it's big enough to have a mail server to make operating your network simpler, enhance security, provide unified logging, and permits you to configure your NAT to disable outbound port 25 connections from all but your mail server. In this way you can absolutely prevent rogue malware spamming to the Internet and at the same time identify which machine is infected.
To do this, you would set up a mail server on your internal network, and configure each of your devices to send email to it, and let the mail server on your own network relay to the rest of the world (or just to your external relay). Then you would configure your NAT gateway firewall to prevent outbound connections to the Internet (destination port 25) except for your mail server, and log all attempts to violate this rule.
The second method to resolve it is to investigate each device and make sure that they identify themselves (hostname/helo configuration) as a fully qualified domain name. For example, if your domain is "example.com", you could name your devices "printer1.example.com", "printer2.example.com" etc.
The remainder of this page is our standard answer for most behavioural detections.
This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.
Ta boite a un trojan qui fou la merde et du coup tu est listé dans une des 3 grandes bases anti spam, le system phpbb qui motorise notre forum ce réfère a ces 3 bases pour limité les spams qui nous tombent mécaniquement sur la tronche.
Posté: 20 Mai 2014 14:28
et pensez à vos caisses pour l'heure 
