Jump to content

115.178.12.xxx - group is blocked


Recommended Posts

Hello,

I have been trying to figure this on my own with no success. I have very limited understanding of technical problems like these but a lot of tenacity in trying to solve them. I have read as much as I could before posting, but I am still foggy on what I can do to help myself. I would REALLY appreciate your assistance.

This is the history of the problem:

Our household has a desktop with a router and a laptop. The problem is with the laptop. I am using Outlook to send/receive emails from a couple of yahoo accounts I have. A couple of months ago I noticed that my emails are being directed to people's spam folders but ignored it. About a week ago, I sent out a personal email to a few recipients, and two of them were bounced back to me with my DNS listed with SpamCop. I delisted myself and waited out a bit. I have not sent any emails from Outlook except 3 or 4 a day just to test whether I was delisted as promised. No such luck.

Upon being blocked, I ran all sorts of scans on my computer and removed a Trojan. I thought that would fix everything. It's been a few days now, but every time I try to email out, I get a bounce from SpamCop. When I follow the link, I get "it'll be delisted in 22 hours"; so I wait 22 hours and try again and yet another DNS gets blocked and so it goes. This is the email I get back:

____________________________________________________________________________

Failure Notice

MAILER-DAEMON[at]nm1.bullet.mail.sg1.yahoo.com

Sorry, we were unable to deliver your message to the following address.

<xxx[at]1111spiritroad.com>: [this type of bounce is typical for multiple domains - my note]

Remote host said: 550 http://www.spamcop.net/bl.shtml?115.178.12.238" [RCPT_TO] [the last three digits vary each time I do an email test - my note]

--- Below this line is a copy of the message.

Received: from [115.178.12.220] by nm1.bullet.mail.sg1.yahoo.com with NNFMP; 05 Apr 2011 04:20:41 -0000

Received: from [115.178.12.219] by tm1.bullet.mail.sg1.yahoo.com with NNFMP; 05 Apr 2011 04:20:41 -0000

Received: from [127.0.0.1] by omp1004.mail.sg1.yahoo.com with NNFMP; 05 Apr 2011 04:20:41 -0000

X-Yahoo-Newman-Id: 55309.51349.bm[at]omp1004.mail.sg1.yahoo.com

Received: (qmail 29367 invoked from network); 5 Apr 2011 04:20:40 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=s1024; d=yahoo.com;

h=DKIM-Signature:Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language;

b=2EHfB9OkPFRUIrBt+LlTXpMkoNzOJO4XOAvTn64MgXlNQ8s5fwT/Qv/WWKF9ds7nTIyZ9Albf6j58KzXpqM0JOx1ALCZEpAmQ/SQg6Sp2/+QcvJwQ8NjUVCWNUQ6m0I3Bz72VYkjWSmmnuG1fVvIJKGuWadY9Y9XUPfuM0S8q+o= ;

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1301977240; bh=oTo87cJ4MZAZ/P49rPCZeN1vxe+uQR7VWry64Q471H8=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language; b=iE39Ec6hSayNa+4C7VhsAvX/oBNZJO0zFrkXBKRqEt0PGTsp1j+H5DLSUpRZCsCMSn9bvRL3pgEEW2Thhi3bbqU1qbV0kGkz4lXkXKHIXWt72bc3QOH+lPfwodARrfkDkgTJbw0ueXJW9rBd7mkor2iujJUPk8jEo958O4sNV3Y=

Received: from "laptop name" (xxx[at]24.84.97.42 with login)

by smtp114.mail.sg1.yahoo.com with SMTP; 05 Apr 2011 12:20:40 +0800 SGT

X-Yahoo-SMTP: ZhMMcieswBCPm9qG91HBtC91.IRtygP2lw--

X-YMail-OSG: h5xsp8AVM1kNRd0s8xQ0nThPHnmIUwc6JKjT.5kepMu3kyl

frwSVmkPV0vk.j.xOtYBa_Oz61qfyeEWfU5SiLP8VZqq1U2r0wKvh2BiSGWw

FWNB9R9XH3UA288OHhzh27hYI8xj4Gz9w7NvtV_CSWTrJX94eE47D9T98Uqn

zWRt0IfNUd2m6Lxrt.5CTU8FNHv5wnE.K6Jgj3Gi28fgeb70RBDFSN4U.oNT

kRZ5qUSe_6JJLWAgNCqkAUL1ttEme5n8cFNFaCx1ThE.kh2cV_60Mwoqfd7h

7CmNk.q0zSjaAC.FoUhFeBEUeZ88T0BFYRlJKJ3DmaR1Enadt4hC8ZOI9ZE4

bDmszGNf28AdZ322.ljOGJA3forDrASgDCLJw

X-Yahoo-Newman-Property: ymail-3

_____________________________________________________________________________

I have contacted my ISP (shaw in Canada), who say it's not their fault and directed me to yahoo mail services. I have sent an email to them with no response (2 days ago). I really don't know what to do.

I hope I have given you enough information here to guide me to a solution.

Thank you so much for looking at this.

Anna.

Link to comment
Share on other sites

Good that you checked/found/removed some bad stuff, However, just runnung a tool or two on 'one' system isn't enough. Both systems need to be checked, using several tools. You didn't say, but an easy assumption would be that the router offers wireess connections, and the security of that connection needs to be looked at, WPA2 being the current resommendation for encryption.

In the other hand, the data you have provided shows that the problem you're complaining about is due to Yahoo's loss of control over their output servers. Please see http://www.senderbase.org/senderbase_queri...=115.178.12.238 for current status (another 23 hours at the tie of this ost)

Short-term workaround, go with another account elsewhere. You didn't say anything about your current ISP/Host's e-mail service, GMail is available to all at this point, etc.

Link to comment
Share on other sites

Yes, to put it another way, nm1-vm0.bullet.mail.sg1.yahoo.com (115.178.12.238) appears to be a major outgoing server for Yahoo and you are just one of many users of that server. Someone (or several someones) is feeding spam through it, not necessarily through your connection but you need to ensure both (wireless) router and PC/notebook are secure to do your part, especially if there is an indication your notebook has already been compromised once. And might still be - as Wazoo indicates, no single AV or malware "solution" picks up every kind and every one of those infections at any time.

Compounding that, you have no control over just which outgoing Yahoo server is used at any given time and there is a heap of them rotating through the SCbl - http://spamcop.net/w3m?action=checkblock&a...=115.178.12.238 currently indicates others (by IP address) as 115.178.12.199, 115.178.12.200, 115.178.12.201, 115.178.12.202, 115.178.12.203, 115.178.12.204, 115.178.12.208, 115.178.12.209, 115.178.12.223, 115.178.12.224, 115.178.12.225, 115.178.12.226, 115.178.12.230, 115.178.12.239, 115.178.12.240, 115.178.12.241, 115.178.12.242, 115.178.12.243, 115.178.12.244, 115.178.12.245 and 115.178.12.249 - and that list will keep changing as some "time out" of the SCbl and others get added.

When the people you send to (or their service provider, more likely) use the SCbl to divert possible spam and when the outgoing server you happen to have used is on the SCbl then there will be a rejection or your message will be routed to their spam folders. You won't necessarily be advised of all rejections (in fact that is less common these days), just to make it worse. As Wazoo says, Yahoo have lost control of their outgoing servers. They have been, at times, quite good about keeping spam from leaving their network which was remarkable since they have NEVER been famous for receiving and acting on complaints from outside their network about "Yahoo" spam.

Around September-October last year (and ongoing) there was a viral thing that spread itself through the address books of infected PCs (and co-opted the familiar addresses to sneak under the radars of a spreading wave of unwary recipients). I wouldn't have thought it would affect webmail accounts (if address books are not locally stored) but I don't really know the detail of the infection. If webmail is relatively secure - and I guess different outgoing servers are used for webmail - then maybe you can at least continue to use those Yahoo accounts to send, but via webmail rather than through the Outlook interface.

Anyway, that virus will have placed a lot of strain on networks which is possibly why Yahoo is evidently struggling as if we were back in the "bad old days" when a much higher proportion of spam made it through to the inboxes of we, the afflicted.

Keep up the good work in poking at the security of your installation and maybe try the Yahoo webmail for sending. Don't be afraid to continue complaining to Yahoo (especially if you are paying for those accounts, or even if not - they still lose when there are large-scale non-deliveries).

Link to comment
Share on other sites

Yahoo servers are sending a ton of spam these days, which puts many of their servers on our blocking list. You basically have two options...

115.178.12.238 is nm1-vm0.bullet.mail.sg1.yahoo.com

1. Talk to Yahoo and demand that they stop the spam so their servers will go off our list and your mail can be delivered.

2. Use a different service for your mail services.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

.

Link to comment
Share on other sites

Thank you everyone for your responses. It's a sad state of affairs, indeed. I will double-check all security issues on my end, but by the sound of it, there is no recourse for me except to bug Yahoo and/or choose a different service provider.

Web-based correspondence does seem to be fine.

I wonder if it's possible to use a different delivery path, like SMTP of my ISP rather than yahoo's. Am I making any sense here?

Thank you again.

Anna.

Link to comment
Share on other sites

<snip>

I wonder if it's possible to use a different delivery path, like SMTP of my ISP rather than yahoo's.

<snip>

Hi, Anna,

...If your ISP permits that and does a better job of stopping spam (and reacting to reports of spam that manages to slip through) then, yes, that would seem to be a very good alternative.

Link to comment
Share on other sites

I can confirm that this is happening on my end as well. The funny thing is that it happens only to one yahoo mail address but not others. So not all of yahoo is blocked...its just a matter of hit or miss. Still this is a big problem for people who have clients that use a yahoo mail.

Remote host said: 550 http://www.spamcop.net/bl.shtml?115.178.12.225 : [RCPT_TO]

Remote host said: 550 http://www.spamcop.net/bl.shtml?115.178.12.242 : [RCPT_TO]

Remote host said: 550 http://www.spamcop.net/bl.shtml?115.178.12.240 : [RCPT_TO]

Remote host said: 550 http://www.spamcop.net/bl.shtml?115.178.12.226 : [RCPT_TO]

Link to comment
Share on other sites

<snip>

The funny thing is that it happens only to one yahoo mail address but not others. So not all of yahoo is blocked...its just a matter of hit or miss.

...Not really. Yahoo sends lots of e-mail, most of it not spam. In order to be listed on the SpamCop BL, the number of reported spam or spam e-mail sent to SpamCop spamtraps (see Glossary) from an outgoing IP address must exceed a certain threshold relative to the "good" e-mail. Some Yahoo outgoing IPs meet the threshold, others don't (for more details about this, see SpamCop FAQ [link near top left of every SpamCop Forum page] entry "What is on the list?").
Still this is a big problem for people who have clients that use a yahoo mail.

<snip>

...See 77581[/snapback].
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...