Hi,
Our server is listed due to spam traps: http://www.spamcop.net/bl.shtml?210.9.130.146
I've since made changes so that we don't accept messages and then bounce back delivery failures. But this morning when we were due to be automatically delisted, it's back to 23 hours.
I've used the form to contact Spamcop already, but it's becoming quite urgent so I'm posting here too.
Any help is appreciated.
Thanks
Josh
Full Version: [Resolved] Spam traps help
Sender base shows an unusual increase in trafic recently:
I, however, cannot find any reported history that would shed some light on this. If you already wrote to the deputies, patience is golden, and I am sure you'll be able to resolve your issue. Please let us know.
QUOTE
Report on IP address: 210.9.130.146
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day 4.0 404%
Last 30 days 2.9 -64%
Average 3.3
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day 4.0 404%
Last 30 days 2.9 -64%
Average 3.3
I, however, cannot find any reported history that would shed some light on this. If you already wrote to the deputies, patience is golden, and I am sure you'll be able to resolve your issue. Please let us know.
While waiting for a Deputy response, perhaps take a look at http://psbl.surriel.com/listing?ip=210.9.130.146 .. seems that their spamtraps were also hit today ...
If the volume is up, that can mean a compromised machine that does not use the normal port 25 to send the spew. Check your firewall logs for unusual traffic.
Miss Betsy
Miss Betsy
QUOTE(Miss Betsy @ Sep 8 2006, 10:26 AM) 
If the volume is up, that can mean a compromised machine that does not use the normal port 25 to send the spew. Check your firewall logs for unusual traffic.
and the PSBL evidence shows real fresh spam rather than bounces, which also suggests either a trojanned machine or an SMPT-AUTH hack, rather than the problem being simply auto-replies.
There is also now one human report to add to the spamtrap hits:
Submitted: 08 September 2006 08:11:27 +0100:
Fwd:
* 1912415028 ( 210.9.130.146 ) To: abuse[at]connect.com.au
(which will have reset the delist clock)
looks like the reports are going to your upstream, you might discuss with them getting copies of the reports or registering your own abuse address. It seems you have a real 'live' problem to deal with here, things seem to be going from bad to worse.
The PSBL is pretty interesting:
2006-09-01 00:36:36.18671 received spamtrap mail
2006-09-04 23:13:08.923761 major smtp violation
2006-09-05 19:08:39.299366 received spamtrap mail
2006-09-07 20:03:03.386709 received spamtrap mail
Wonder what a major smtp violation is?
2006-09-01 00:36:36.18671 received spamtrap mail
2006-09-04 23:13:08.923761 major smtp violation
2006-09-05 19:08:39.299366 received spamtrap mail
2006-09-07 20:03:03.386709 received spamtrap mail
Wonder what a major smtp violation is?
Thanks for all the replies.
We located 4 computers infected with variants of w32.stration.
Josh
We located 4 computers infected with variants of w32.stration.
Josh
QUOTE(br53 @ Sep 12 2006, 07:37 PM)
We located 4 computers infected with variants of w32.stration.
...Great going, Josh, and thanks for taking the time to return here to let us know! 
<g>
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.