Hi,
I represent an Irish supplier of eLearning services, as part of this, we have to send mail from production servers to students of client companies to notify them that they have training due, and we also have a development system that hosts a CRM and customer support system.
About 2 weeks ago, it became clear to me that most of our servers are blacklisted by Symantec/Brightmails Global Bad Sender List. I've attempted to flag these as false positives with the Investigate option, and I've also beefed up our use of SPF and DKIM to reduce the likliehood of these mails being flagged as illegitimate.
I specifically checked one of the servers, the one this has caused the most problems with, with ClamAV and found no problems (checked the entire server volume), and also tested it with Linux Malware Detection and found no issues. It's even more unusual because these servers are heavily firewalled, with IP firewall restrictions that make it almost impossible to get to an SSH login prompt without being in our offices. Although some servers were de-listed after I clicked "investigate" they've been re-listed a short time later.
The IPs are accused of sending out spam, with some being associated with "snowshoe techniques", I would like to know on what basis this claim is made, and if possible samples of supposed spam from these servers.
The following IPs are listed:
85.25.120.251
85.25.124.186
85.25.124.19
188.138.126.123
188.138.102.53
85.25.44.55
188.138.0.155
Thanks in advance for any advice you can offer.
-Sean