02-27-2017 01:55 AM
Hi
in your database our mailhost inet.schneider-pc.ch is always note as containing Malware..
we can remove but about 1 day later it again on the list..
inet.schneider-pc.ch has no webservices only Mail.. Our daily mailflow is about 9000 Mails
(we have about 150 business-mail-customers) We have the problem that our customers has
mailtraffic with customers with paloalto Firewalls ... and the paloalto-customers cant send
mails to inet.schneider-pc.ch. we need more technical informations about the reasons on blocking..
I know .. a forum is not the right place for discuse such problems but your webseite has no technical contact forms
02-27-2017 07:26 AM
You are also on the Protected Sky blocklist currently, just so you know.
02-27-2017 02:35 AM
Go to https://support.paloaltonetworks.com with same credentials.
Then Tools->Case management and open a case.
Or contact the partner who sold you PA if you have partner enabled support.
02-27-2017 02:54 AM
Im not a paloalto customer
on your link i got https://support.paloaltonetworks.com/Error/UnAuthorizedAccess
02-27-2017 04:10 AM
I would suggest one (or more) of PA customers to contact PA about this then.
For you i'm afraid I don't know what is the correct path to contact PA about this issue. Some PA employess also visit these forums, maybe they will be able to provide more info.
02-27-2017 07:20 AM
Are you saying you have visited https://urlfiltering.paloaltonetworks.com confirmed it's categorized as Malware (which it is) and requested it be recategorized already?
worst case -- and not recommended by any means -- is to have your client with PA firewalls create a whitelist allow rule above the Malware deny rule specifically for your domain.
I have to believe it's in PanDB as Malware for a reason, but Brightcloud and TrustedSource doesn't seem to see it as a problem site.
02-27-2017 07:24 AM
What is it exactly that you are sending out, and if you are a hosted email provider what are your users sending out. If your site is repeatedly getting marked as Malware then someone is reporting it or Wildfire is picking up your attachments as malicious.
02-27-2017 11:14 PM
Thanks for the hint with protected sky... at weekend an Mailaccount was hacked... i dont know if this is real solution of my problem... because the the paloalto firwall customer has contacted me about 2 weeks before.. i wait until my blacklistproblem is solved...
02-28-2017 04:42 AM
A mail account could have shown indications of compromise this past weekend, but unauthorized access could have occurred well before you first obseved malicious behavior.
It's not a stretch that Palo's AV/WF sigs reacted to traffic originating from your enviornment just a few weeks prior to any observed activity.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
