I've been blacklisted. I have three emails on my thunderbird account, main one is love[at]daintyrose.net, another one at daintyrose.net (it has my personal name in it, so I'm not going to post it... it doesn't really get any email), and a third email address is my school's address. I don't own the server myself (like have it in my room) but I own server space for daintyrose.net. My host is really anal about keeping things clean... so I don't know how there could be a security breach... I mean, if I don't update my wordpress like a weekafter it comes out, they take it down like it's a bomb. There's another email address, but I don't check it on my computer, and it's the administrator one, daynah[at]daintyrose.net. It's filled with spam, but again, it's never looked at by a computer and it doesn't have a quota. I'm just deleteing it all right now, in case that's the problem. I have linux... so... I know my computer's not gone borg. And if I share my ip address with my roommate in my dorm... she's got a mac. We're windows-virus free.

I have to look at all of these continginces because... I didn't get this phantom email I hear about in all these faqs. I've had my email around on the net for a looong time, so I have about four spam protectors/filters on my email and I don't look back to see what it's deleted. My idea, the only thing that's important, it's important enough to send again. I did though ask google what my ip is and look that up in spam cop... 70.159.7.113 and it brings up this report...

70.159.7.113 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours.
Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems
(these factors do not directly result in spamcop listing)

* DNS error: 70.159.7.113 has no reverse dns

Because of the above problems, express-delisting is not available
Listing History
In the past 48.6 days, it has been listed 8 times for a total of 16.5 days

(the no reverse dns makes sense because I'm in paranoid school where I can't even call out, the phone numbers are scrambled... yeah)

So... I really have no idea if it's daintyrose.net or Berry College or... well, you know, actually, I don't know what's going on at all. But here's what I do know.

A) I haven't exceeded quota. I'm still receiving emails in my college address, thus, I'm not over quota. Also, I tell thunderbird to delete it after 7 days. For my daintyrose email addresses, there is no quota. The personal ones, I also have it deleted after 7 days. The administrator one there was a problem, but there wasn't a quota associated with it so... even though there was way too many emails and I should get rid of those anyway... no quota to exceed.

I just... don't have any autoresponders. I just don't. I don't even know how to set those up on this new server I moved onto.

C) I don't have time to spam. Man... if I could make money off of spaming... I mean! Hey, I'm a college student, don't get mad at me for thinking of alternative ways of money. Every college student has thought of whoring themselves out once in their lives... But anyway, all of the daintyrose emails are... me and duplicates of me. And I'm on linux. And my roommate's a mac (btw, she's working fine, so I don't think we're shared). And I talked to my college's tech desk and they're not getting an overwhelming report of spamcop.

D) I don't have a bad firewall because... I don't have a firewall at all. Again, linux.

E) My php mailer has been taken over my criminals? Has it? I don't know. I emailed my host and menchioned spamcop. I'm sure they're having a panic attack, that's what they do at mochahost when there's a security issue. They're probably taking down my domain right now to see if there's any problems. How do I check for this?

F) "the SMTP/Auth exploit of an Exchange server is in progress" I use my school's Exchange server with pop3 in thunderbird, is that okay? The tech guy at my school said it was okay to do except that sometimes it might not remember my password, and he also said other people do it. (come on everyone's doin' it!) Is using the exchange server "exploiting" it?

So uh... now the game of "Figure out what I did wrong without the magical email"

Here are the steps I've taken to try to do stuff about it.
1) Cleaning out my admin email address (60,000 email addresses... it's taking a few hours)
2) Contacted domain host and let them know and asked for advice
3) Contacted school tech support. They said I'm on my own, but also said that they hadn't heard anything
4) Emailed Spamcop saying dude wtf.
5) And now asking you peoples

UBUNTU! Thanks

It is quite possible this listing has nothing to do with you. It sounds like you are sharing IP space with other people. That IP is BellSouth owned (or at least that is where reports are being sent: Reporting addresses:
abuse[at]bellsouth.net, thisisspam[at]bellsouth.net )

There is nothing for the paying customers to tell you about this problem as there are no publically available reports at all. If this is YOUR (and your alone) IP address, please contact the deputies[at]spamcop.net address from an administrator address and request more information about what has hit the spamtraps. Otherwise, you need to contact your ISP (likely BellSouth, or whoever uses BellSouth connectivity) to deal with the problem.

You may want to take a look at the various FAQs which explain how the blocklist works.

When you send an Email it arrives at its destination.

The ISP involved at the destination takes a look at it and based on a number of blocklists may decide that it has arrived via a mail server which is currently sending out spam.

On that basis the message may be rejected.

So, what the error you have received says is that you Email is going out via a mail server which is or has recently been sending out unsolicited Email.

Now, the IP address you give has no reverse DNS entry so that makes it harder to identify but it looks like a machine linked to Bell South. Certainly their abuse department has been told of the problem.

The IP you give (70.159.7.113) is NOT mail.daintyrose.net

What is the name or ip of the SMTP mail server you are using to send your Email. THat information may provide a clue.

Andrew

There are a few interesting reports for that IP that go back a while, no reports for what got you listed at present:



The first one is a Romanian ISP notorious for hosting spamgangs. However the lack of serious reporting suggest that spamtraps are more likely what got you in trouble.

Well, I talked to my tech guys at my school and did you know that if you google "what's my ip" the ip that google gives you isn't always right? so that 70. something number isn't my ip at all. So not only do I not have an email to go on, I don't even have an ip to look up on spam cop and ask it why.

My ip is 10.5.255.255 Note how that isn't in the system. The tech guy said that's because my school does some weird warp on the ips. In all of his four years at the school, he hasn't gotten one of the kids here added onto spamcop.

What's a spamtrap? Does this have something to do with the fact that I don't have a "real" ip?

EDIT: And my friend just pinged my domain for me, 67.15.104.25 which isn't in the system. But if it's not my personal domain, why would my college be causing -just me- problems, when my whole college shares one ip?

Send an email to the address in my sig with the subject Forum request. From the headers of that message, I will be able to determine how your mail is travelling, and probably where it is being held up.

The Spamcop email system does not block any mail. It uses it's list the way it was designed, in a re-direction fashion.



When I hit the report history for that IP address, I get an empty list.
Parsing input: 70.159.7.113
[report history]

Steven, you have to go to older reports to get those.

For as much data as you're supplied and the attempts at doing your own reseach (which is to be applauded) .. the problem is that there's nothing but confusion at this point.

Initial statement: I am blocked
Problem: three e-mail addresses from two sources mentioned. Hwever, no data on exactly "what" got blocked by "whom" ... the rejection notice for instance (if configured properly) should have had the data needed.

Location: Sitting behind a router somewhere .. not stated whether this router is in the room or part of the college network. Confusing is the statement "sharing the IP address with my roommate" ...???? More confusing is that this IP address matches your posting IP address here.

So if we 'pretend' to guess at things .. you are sitting in your room, banging on the keyboard that is currently assigned a non-routable IP address of 10.5.255.255 (which actually look suspiciously wrong also) ... this 'internal' network is connected to an apparently proxified server/gateway sotting at the IP address of 70.159.7.113 ...

http://www.senderbase.org/?searchBy=ipaddr...ng=70.159.7.113
Date of first message seen from this address 2006-08-14 (note the 'recent' date)
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ........ 4.6 .. 2133%
Last 30 days .. 3.7 ... 186%
Average ........ 3.3

Traffic numbers do not look good for a "non-email" server ....
Note also that SpamCop.net is not the only BL listing this IP address

Telnet to that system does not bring up a responding e-mail server ...

http://www.senderbase.org/search?searchString=berry.edu
Addresses in berry.edu used to send email

address hostname
66.20.28.21 berfw.berry.edu
66.20.28.52 fsmail1.ad.berry.edu
66.20.28.53 lokimail1.ad.berry.edu

Note that the IP address in question is not showing as an 'authorized' server.

Lack of rDNS doesn't help in tracking down the actual owner of that system beyond BellSouth ...

so moving over to your web-site;
ns10.mochahost.com reports the following MX records:

Preference Host Name IP Address TTL
10 mail.daintyrose.net 67.15.104.25

so the incoming MX is in yet another IP range, managed by the famous Everyones Internet folks ...
Addresses in mochahost.com used to send email

View others in mochahost.com or address block: /28 /27 /26 /25 /24 /23 /22 /21 /20 /19 /18 /17 /16
address hostname
67.15.104.25 web3.mochahost.com
67.15.226.37 ns10.mochahost.com
67.15.4.25 mochahost.com
67.15.56.48 ns6.mochahost.com

(not going to dif any firther on this path)

http://www.senderbase.org/search?searchString=daintyrose.net

shows nothing of value as far as outgoing e-mail ...

Your zeal in being "virus free" becasue you are using a distribution of Linux is admirable. However, you apparently have not run across the word "exploit" yet ...???? The comment "I don't need a firewall because I run Linux" is extremely odd, especially when not followed by "I set up my firewall under Linux" ...???

Pretty much the same issue with your roommate's Mac ... sure, there aren't that many virus issue, but .. exploits galore ....

What is needed at this point ... the identification of the actual e-mail being "blocked" by someone else, specifically the IP address of that outgoing e-mail server. If it's the 'college' address, the next question would be why your out-going e-mail isn't leaving via those servers identifed above.

If 'we' go with the flow of your provided information thus far, then the 'owner' of the system actually sitting at 70.159.7.113 needs to be identified and contacted .. information like the above noted traffic provided so they can look at what is actually running on that server (and explaining why your e-mail would be leaving that server in addition to providing your 'net' connection)

Or, back to configuration .. how do you actually have your out-going e-mail application setup?

There is an instance 'here' of a case 'solved' by having the system owner turn off his computer and wireless modem for a day, watching the numbers on the SenderBase listing dwindle down, offering the 'proof' needed that the spew was in fact coming from that user's system/network ....

...Entirely consistent with the arrival of students for the beginning of a college fall semester....

I think it's cause I only half way know what's going on. I feel like that for as many websites on spamcop that I've read, I've become none the wiser. In fact, I feel like I know LESS about how ips and domains and emails work.

Right now, I am now confused as to what my IP address is. My network administrator says "It should start with 10.something" and my computer says 10.5.255.255 but when I ask Google, I get 70.159.7.113. And that's from more than one website, I rechecked it. Which scares the crap outta me with you guys saying the 70.159.7.113 is some bad guy.

Like I said, I didn't get a rejection notice, if that's that email you got. All I get is an error message saying... "An error occured while sending mail. The mail server responged: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again." I haven't changed my email address since it worked so.. it's correct. "Who" got blocked is me. Both my personal email account, love[at]daintyrose.net and my school email account. And blocked while sending to my school. I test sending it to myself (personal to personal) and it gets blocked). I just get blocked.

The router is not in my room, I have never seen this router, I don't know how many routers there are. All that I've heard of this router is, "Berry College all has the same IP." so I guess there's only one router and I'm on it. I had been told earlier in the year that my bandwidth was split with my roommate "so don't hog it" but I suppose that's a myth. Right now, Bellsouth is having problems. Bellsouth is the only provider here.

That's all I really know at this point. A lot of the questions people have been asking me about this (domain host, tech support, here) have been really technical and I'm not totally sure how to answer them.

I believe you asked what my outgoing mail config is and I don't know how else to answer it but this...
I have a smtp (just one) with mail.daintyrose.net love[at]daintyrose.net being the username, 0 being the port and no authentication.

EDIT: >< whatever is doing it, just did it again. my "wait time" or whatever it is just went from 12 hours to 19.

Moderator Edit: placed "quote" brackets in to show the flow of questions, answers ....

...Who or what sent you this message? Your answer here may be instructive. In addition, you may want to try to let them/it know that this message is meaningless without the IP address they found on the SpamCop blacklist which caused them to block you. SpamCop recommends that the message be something like "Spam blocked see: http://spamcop.net/bl.shtml?<IPAddress>...This suggests that your outgoing mail is being blocked either by Berry College or by the ISP (BellSouth?), which probably is the answer to my first question. Methinks it's time to go back to Berry College Tech Support. "You're on your own" don't cut it when it is apparently they or their ISP that is causing your problem.
...Disclaimer: I am not a tech, so I may not have the story exactly right. I'm hoping someone more knowledgeable will pick up what I've said and either support it or contradict it....
...Good luck!

Not sure what you might be including in the "websites on spamcop" .... There is the single-page-access point provided 'here' via the SpamCop FAQ links at the top of the page ... One entry has been posted as a Pinned item in this section so as to stand-alone .. the "Why am I Blocked?"

http://www.grc.com/nat/nat.htm .... your 10.x.x.x address is on the "Intranet (LAN)" side of the pictures .. he 70.x.x.x is on the "Internet (WAN)" side of those pictures. I still feel that the 10.5.255.255 address you're listing is actually the "mask" field, but that's just me ...

The numbers showing on SenderBase are indicative of an infected/compromised system that a spammer or two is abusing. There are other possible reasons, but .....

That would have been the 'rejection notice' ... however, it hasn't been configured per SpamCop.net recommendations. I'll also note that the additional commentary of "check your e-mail address" doesn't tie in with a SpamCopDNSBL listing, suggesting that there may be more issues involved. (Note that "we" wouldn't receive anything .... all volunteers on this bus.)

OK, allegedly the SpamCopDNSBL is used by the berry.edu incoming e-mail servers. However. now you're suggesting that you are using multiple (output) e-mail servers that are both/all blocked. (Back to needing to see the IP addresses actually involved in your out-going e-mail(s)

There are probably 'many' routers .. but you are agreeing with my "proxified server" description ....

Now you're stating that you only use "one" output e-mail server ...???? The "port = 0" is not a 'normal' set-up configuration. Port 25 is the 'normal' connection, other ports becoming involved due to access modes of that e-mail server and/or the 'local' ISP blocking of Port 25 .....

StevenUnderwood asked for an e-mail .. have you sent him one yet?

Thanks for being so patient! I just went around and started googling ips on random people's computers and all of us get the 70.something blah blah ip!

Berry's tech support is students, so you often get a "You're on your own." Especially when you run linux... I had to go through two people to get someone who would recognize that it wasn't a linux problem. I'll stop by there in person. I don't know yet, though, if my laptop works on other ports around campus. Eh, I guess we'll see! (both my laptop and desktop don't email out)

Thanks for the luck! I'm going to try to push this out of my mind, get Moes comfort food, and finish my lab report.

(sorry, don't know how to do quotes, and I posted the original post around the same time you did) Yeah, I use one smtp. In thunderbird, it says that setting up two SMTP is only recommended for advanced users, which I'm definately not. I only had one, also, when I used to use a combination of daintyrose+gmailpop (I don't use gmail anymore). So though I use two different emails to send out, I use one smtp server for it. Don't ask me how it works, I just did what thunderbird said to do if I'm dumb, made sure that if I was sending from a certain address, the receiver actually only SAW it from that address (they do) and went on my merry little way.

Moes. Work. Pretend that it actually will go away in 19 hours and that whatever is happening will not happen agian. Pretend the world actually is just.

And no, I haven't sent him one yet, "f this is YOUR (and your alone) IP address, please contact the deputies[at]spamcop.net address from an administrator address and request more information about what has hit the spamtraps. Otherwise, you need to contact your ISP (likely BellSouth, or whoever uses BellSouth connectivity) to deal with the problem." I'm not the sole owner of the IP address... it's Berry's. Or Mochahost's. Should I still contact them?

Start by using the "Reply" button .....

So, basically, I'll admit to not having any idea at this point how you are actually "sending" e-mail ... I can assume, but ...

As you are not the owner, you probably won't get much of a response. Sending an e-mail to Steven would have allowed him to analyze the headers of that e-mail, he woud have posted some data, and then "we all" could be dealing with some specifics ......

so you just said I wont get a reply cause I'm not the owner but it would be incredibly helpful if I emailed him. Should I email or not?

Girl, we are all end users here, not support staff...and volunteers. But there are enough knowledgeable people among us to help you if you provide the data we need. An e-mail to Steven would show the IP of injection in the header and that IP can be further analyzed for potential issues that got it listed in the first place.

...Wazoo meant that if you e-mail the SpamCop Deputies, you probably won't get a reply because you aren't the owner. StevenUnderwood is not a Deputy; his request to send him an e-mail was not related to his suggestion to send the Deputies an e-mail. So, yes, you should send an e-mail to StevenUnderwood, as he requested, above.

Yes, I know you guys are just peeps. I'm familar with the system... I give people help at the ubuntu IRC channel. I emailed Steven both with my broken email (still doesn't work of course) and with my working web mail. Thanks so much guys!

Now you've invoked a third e-mail source .... perhaps not meaning to, but "web mail" has a specific definition.

OK, I got one message, munged version here (please don't start underage drinking, it will not help us through this, and if you need to leave for classwork, by all means, please do): http://www.spamcop.net/sc?id=z1089191753ze...029ceef992ba1cz

Now if as you seem to be saying here this is from your webmail system, it may be that this information will not help us at all. If your problem was due to a listing on spamcop. then you would have been able to send from the "broken" email because spamcop does no blocking on their systems.

Ignore the webmail system for the moment.

How is the "broken email" setup? Software, OS, when it last worked (if at all), whatever error message you see when trying to send messages. Once we have that info, we will likely have more specific questions based on the software in use as to where to look for the settings we are trying to reach.

As far as IP addresses, we were trying to determine the IP address of the mail server. If you are trying to send directly from your PC, all bets are off, and if that was working, the administration may have finally clamped down on it to eliminate lots of junk leaving their network. We thank them for that. Somewhere on your campus should be the proper way to configure your machine to do email on campus.

That is my berry email account send from online. At Berry, we're "supposed" to use it online. This is because Berry does not like having to deal with tech support questions. I do not like using the online interface, so I took the Berry thing, figured out how to pop it. That SAME EMAIL account does NOT work when I pop it (spamcop message) but DOES work when I use it online (as you can see).

I send that same email message from love[at]daintyrose.net from pop and apparently you didn't get it. That's my bigger issue, the "completely broken" email address, if you will.


To use pop3 I use Thunderbird on Ubuntu Linux... I'm using the newest Kernel it's 6.something or another. I'd have to go into terminal for the rest of the numbers, but just trust me that it's the latest (update manager it's bugging me). Last time it worked? It didn't work last night. Monday I don't think I tried to email anyone... and I was out of town for about a week before then... so that gives a broad range of when it possibly broke.

Send directly from a pc? Is that what I've been doing using smtp? (if so I've been doing it for years and haven't gotten "caught") If I have to set something up differently for my love[at]daintyrose.net, Berry will not give me any support for it. Do you have any suggestions?

Moderator Edit: tried to reformat this, again separating quetion, answer stuff ....
Note: there is a Forum FAQ, a 'Test' Forum, etc ....

It is possible that Berry noticed the spamcop listing of 70.159.7.113 and did not like all the garbage hitting the internet from their IP address and finally clamped down. In other words, what you are trying to do MAY NOT work now.

POP and POP3 are used for receiving email from a server, not sending it. SMTP is used for sending it. Since you are running Linux, you may be attempting to use "direct to MX" sending over port 25 which would be the simple way for Berry to fix their problem. I am not a Unix/Linux person so can not tell you how to tell if you are doing that or trying to use a smarthost of some sort. Others here can probably help you there if you need it.

Since it sounds like you have a domain outside of the college, it is possible they provide you SMTP server, even better it they offer that over an alternate port. You would then tell your local machine to use that connection information to send out your messages.

Per Steven's Tracking URL, the e-mail in question did leave via one of the three previously identified 'authorized' e-mail servers ... IP address of 66.20.28.53

http://www.senderbase.org/?searchBy=ipaddr...ing=66.20.28.53
http://spamcop.net/w3m?action=checkblock&ip=66.20.28.53
66.20.28.53 not listed in bl.spamcop.net

Going back to your identified "Port 0" ... it is possible that you have been using the SMTP server on your system to send stuff out. This in turn would have used your 'net' conection as the 'source' of that e-mail. If that's the case, extraploate some more data, other 'dorm residets' are also using the same network, have infected/compromised systems and are also spewing garbage out through the same server (also using their own or virus loaded SMTP engines)

Now we're looking at a valid reason behind the listing of that IP address .. again noting that it isn't an '(officially) identified' e-mail server to begin with

Flowing down that same river, now we look at the possibility that the 'admin crew' has tried to lock things down on that server .... thus offering the possiblity that your 'Domain'-named e-mail isn't flowing becasue it's been blocked by that server (not being a berry.edu address) .. only wild guesses at the possuibilities at this point ...

However, any sign that the problem has been fixed has pretty much been shattered ... SenderBase data shows traffic is still on the increase (more computers getting infected?)

http://www.senderbase.org/search?searchString=70.159.7.113
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ........ 4.7 .. 2649%
Last 30 days .. 3.7 .... 189%
Average ........ 3.3

Another data point: http://www.senderbase.org/search?searchString=berry.edu
Volume Statistics for this Domain
Magnitude Vol Change vs. 30 Day
Last day ........ 4.1 .. 514%
Last 30 days .. 3.3

You know, I could say stuff that might be interesting to reply to you, but I'm sure you're tired of me. Especially because... I fixed it. I got on gmail and told gmail to pop again, and set up gmails pop on my thunderbird and then set up a second smtp so that gmail was on gmail's smtp and daintyrose was on daintyrose's. Yeah, you don't have to be advanced to do that, I don't know what Thunderbird was talking about. Anyway, gmail worked fine. So then I set up daintyrose to to use gmail's smtp.

Last question, do you think I should keep daintyrose using gmail's smtp, or switch it back after a while?

Note the monster existing Topc/Discussion on GMail's servers getting listed ....

In my original research, I just looked up stuff that pertained to me at the time. Which wasn't gmail.

Do you think that if I use gmail for a bit (it's working now...) that it will let the numbers die down and then switch back? Or are the numbers that are being counted not the daintyrose smtp, but the full berry ones that keep going up and I can't do a thing about it but... keep getting blocked and never ever ever use my domain email that I've used for years again?

(you know, "people like me" who use gmail for the smtp server are probably why spam gets sent from there... maybe gmail should make that not allowed. you know, after I'm done using it to email people until I get my domain fixed that is)

One, it doesn't appear that we are on track.
Two, switch back ...????

You can check the number yourself, I've posted the links ....

Hmmm, and now we have some possible oddities .. you say you've done some configuration changes on your computer ... coincidence that the numbers on the IP address in question are now going down?

Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ........ 4.7 .. 2632%
Last 30 days .. 3.7 .... 189%
Average ........ 3.3

The output server for your Domain has yet to be identified.

I'm confused, I think you're confused. I believe your "Domain e-mail" never went out because you had things configured 'wrong' on your system. You say you configured the SMTP account for it, then you say you changed that to use GMail instead ...???/

It's my belief that if you configure that (Domain) e-mail account (on your system) to use the appropriate SMTP server, it will actually work ....

All this "bad" data has been based on the IP address of a computer that (in my opinion) is not supposed to be sending out e-mail at all ....

I'm still unclear what mail server was listed in the first place.

If you were having messages rejected with an error then that should have given you the IP address that was being blocked.

Now, it is good you've managed to by-pass the problem by using the Gmail smtp server. A great temporary solution. But as Wazoo implies, Gmail is well known for becoming listed from time to time. Largely because they are a free, public access service and are easily abused. I believe the Gmail tech people work well at tackling abuse but they face an uphill battle.

So you would be well advised to get your smtp set up in such a way that you avoid this problem. What about mail.daintyrose.net? Can you do SMTP AUTH through your own mail server?

Andrew

(in my opinion) "the gateway" computer that has been provided to handle 'net' connections for the students ..... it isn't an e-mail server, but is sending mail from compromised computers on the 'student' side of the network ....

The smtp server I was using in the first place was my daintyrose server.

And yeah, it is weird that the numbers went down, but you also checked it at night, and late at night too (for once I stayed up late). What could I be doing that it would be me and how can I fix this?

I realize that google's server is not the best solution, I would rather go back to using my domain's smtp server but that just didn't work for whatever reason and google's did. At this point in my week I'm at a "do what works" level, don't think ahead, just finish the work you have due tomorrow, baby steps.

Trust me. If I knew enough about what I was talking about to express it clearer to you, I'd say it like that!

My feeling is that you probably need help from someone who does understand these issues.

For whatever, reason your mail server is passing messages through a compromised machine. That needs serious attention. I'd find a competent person to assist you resolve this issue.

Andrew

Sorry, but there is no evidence of that anywhere in the Topic/Discussion.

You say late in the story that you in fact did reconfigure Thunderbird to actually use it, but then changed that to also use GMail's servers.
I have stated several times in here .. the outgoing e-mail server for your Domain has yet to be identified ...

Yet again, I am stating my belief that the 'computer' that is actually sitting at the IP address of 70.159.7.113 is shared by numerous students .. not just your use alone .... I'm also suggesting/stating that you have a whole bunch of fellow students with infected/compromised computers. But the truth to any of this has to come from someone that is actually in control (?) of that network.

I get the feeling that you are not following any of the links provided. Steve Gibson's NAT router page was of no value to you? I've got countless other reference pages on networking, but none are as 'pretty' and non-geeky as that one ....

I state again, from the data provided before, you were never using your "Domain's e-mail server" (other than the apparent short time that you did configure it, but then reconfigured it again ...?????)

Per the FAQ at http://ev1.net/english/faq/index.asp .. your hosted account there includes;

http://my.ev1.net/english/support/webhosting/email.asp offers some clues ....

Point is that your e-mail from that "Domain account" should be seen using one of the listed 202 e-mail servers showing at http://www.senderbase.org/search?searchString=ev1.net ....(admitting that this is just a starting point, there could be other servers involved)

OK, What was that IP address and what was the resulting error message or were your messages simply disappearing into the ether.

70.159.7.113 is a sonic wall firewall device probably set up as the inbound/outbound gateway for the internal network.

I can follow those links all I want, but why would I ever talk about them if they didn't help me a lick 'cause I didn't see how they helped me because I couldn't comprehend how that information helps me email people?

I was using Daintyrose SMTP the whole time. I know perception may be reality, but just because I didn't think it was important enough to spell that out doesn't mean that's not what I was doing.

Steven, Thanks again for the help! I'm not sure what the ip for daintyrosesmtp off the top of my head is (Is it different from the domain itself? that's 67.15.104.25), or how to find it, but I did -just- email my host and when I get back from class, I should have an email telling me! I got an error message saying something like... "An error occured while sending mail. The mail server responded: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again." I use Thunderbird. I had two email addresses using the daintyrosesmtp and they both had that error message. One of those same email addresses had the possibility of being webmail, and when I used it on webmail it was fine.

Merlyn, "a sonic wall firewall" as in the program "Sonic Wall" because all students are required to install that at Berry. I mean, I haven't because I've got linux and I can't, so the tech people set me up something where I can get on the network without it checking it see if I've got Sonic Wall installed or not (if you don't have it installed, the network wont let you on). We really hate the program... I think it monitors our activity. I have dual boot windows and that half has Sonic Wall, but I never get on it 'cause I'm scared they're gonna see all the stuff I look at. '

If you could send email to send email to Steven through that connection, then he could help you...but that seems to have failed, correct? Send me a PM on this forum and I'll give you some addresses you can try sending to.

"something like" isn't going to help...we need the *whole* error, because those errors usually also give the IP address in question.

Is this appearing as an "interactive" message that pops up on your screen, or is it in an email that you receive immediately upon trying to send?

DT

First: What do you you enter into your email program when you are using the daintyrose SMTP server that used to work? We can determine the IP address from that answer.


Second: You state you will received "something like" and then quote a line. ("An error occured while sending mail. The mail server responded: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again.") Is that the exact message you receive every time you try to send email through daintyrose SMTP? That message is not complete as it should also indicate the IP address causing the block.

If you got that message when trying to email my spamcop address earlier in this thread, then it is likely the Daintyrose SMTP is using spamcop on your incoming connection and rejecting it because of the Berry.edu listing.

Item 1: explanation for the various IP addresses you were voming up with, being advised of, allegedly looking for ...
Item 2: explanation of what a router is and how it's used
Item3: the hope that with more kowledge, more facts would also become more apparent

Please re-read my Linear post #12 in this Topic. The use of "Port 0" suggests oto me that you were not using the SMTP service at daintyrose. The 'instructions' I posted a link to in my Linear Post #32 are far from complete, but .... As I stated, the 'nornal' Port for SMTP is 25, not 0 ....

I also stated that the error message you have repeatedly 'shown' is not 'standard' either. The identification of the SpamCopDNSBL is incomplete, but the additional data of "check your e-mail preferences/address" has nothing to do with the SpamCopDNSBL ..... I'm almost willing to believe that you are seeing multiple error messages, but you're combining them 'for us' ...???

Have you fone through the configuration process once again to actually define the daintyrose SMTP server settings ... and then selected a daintyrose e-mail address as the sender of one of these test e-mails?

Here's what I'm thinking ....

Your post #1: "I use my school's Exchange server with pop3 in thunderbird"

My post #8: I posted the listed/identified output servers seen by SenderBase for berry.edu, included the MX (incoming) for daintyrose, showed some of the ev1/mochahost outgoing servers ...

Your post #10: "Both my personal email account, ... and my school email account. And blocked while sending to my school. I test sending it to myself (personal to personal) and it gets blocked). I just get blocked." ..... suggesting that all e-mail attempts were actually going out/coming in via the same path .. specifically using the same SMTP server service to try to go out ....

Your post #10: "I have a smtp (just one) with mail.daintyrose.net love[at]daintyrose.net being the username, 0 being the port and no authentication." ..... that would work for POP just fine, however the link I provided to the FAQ at http://my.ev1.net/english/support/webhosting/email.asp has a major caveat on the SMTP service .... did you look at that page?

StevenUnderwood's post #20: (and responded to in my post #23) received an e-mail "from" a berry.edu IP address that was not listed in the SpamCopDNSBL. You further indicate that this e-mail was sent via the berry.edu web-mail application.

Your post #21: "I do not like using the online interface, so I took the Berry thing, figured out how to pop it. That SAME EMAIL account does NOT work when I pop it (spamcop message) but DOES work when I use it online (as you can see)." ........ seems to actually state that you did "not" figure out how to POP a web-mail application ... I think???

Your post #21: "I send that same email message from love[at]daintyrose.net from pop and apparently you didn't get it. That's my bigger issue, the "completely broken" email address, if you will." .... still no idea as to just what SMTP service you are/were trying to use ....

Your post #21: "Send directly from a pc? Is that what I've been doing using smtp? (if so I've been doing it for years and haven't gotten "caught") If I have to set something up differently for my love[at]daintyrose.net, Berry will not give me any support for it. Do you have any suggestions?" .... well, as the ev1 FAQ page says you can't use their SMTP service unless you are 'dialed in to them" and you state that berry.edu 'wants' you to use the web-mail application, there is a hint that the only way you have been able to 'send' e-mail thus far has been from your own computer ....????

Your post #24: "I got on gmail and told gmail to pop again, and set up gmails pop on my thunderbird and then set up a second smtp so that gmail was on gmail's smtp and daintyrose was on daintyrose's. Yeah, you don't have to be advanced to do that, I don't know what Thunderbird was talking about. Anyway, gmail worked fine. So then I set up daintyrose to to use gmail's smtp." ...... Having said all that, I'm wondering how & why GMail is letting you get away with that, actually (without using a GMail address/account to login, etc.) One would also assume that neither of these settings use "Port 0" in their (successful) configuration ...???

Your post #30: "The smtp server I was using in the first place was my daintyrose server." ..... I'm still not convinced of that, especially when their FAQ says no, no e-mail has yet been seen "from" that address/server ..... and again, that "Port 0" thing ...

Bottom line: I still believe you have been sending mail via your Ubantu SMTP sevice ....

Wazoo: I don't know how you're helping me. Make another long post that doesn't help me but just quotes me over and over again. And no, I was NOT sending though the UbUntu smtp service. To do advanced linux things (aka, use ubuntu not as a desktop os, because it's meant to be a desktop os) you have to install extra packages. Which I would have consciously done, and I haven't.

David, thanks for the attention. Since I just changed the smtp from daintyrose to google and it works, I wasn't able to check the error message a second time (I wrote it out in a previous post and also typed it on my computer). If there's any errors there... it's in punctionation. I probably should have said that. I said "something like" cause I didn't want anyone putting that in an overly sensitive search engine, I had put an extra space between a dash (oh no!) and it didn't come up or something crazy like that. I'm also so anal about stupid this like that because I correct bibliographies for my professors. '

The reason I had to TYPE it out instead of copy and paste like a normal, sane, person would try to do is because, yes, it came up in a little interactive pop up and not an email. So, it may very well be that Thunderbird edited the message.

And you're correct, when I sent Steven an email using daintyrosesmtp, I got the error message and he didn't get an email. (though he eventually did get an email because I emailed him using webmail)

Steven, "If you got that message when trying to email my spamcop address earlier in this thread, then it is likely the Daintyrose SMTP is using spamcop on your incoming connection and rejecting it because of the Berry.edu listing." Call me a dummy but I don't really understand what that means... or what I can do to fix it.

the Daintyrosesmtp settings are just... smtp.daintyrose.net? On my desktop I was using port 0 (like I had typed earlier) but later I switched to my laptop (my linux ati driver is on the fritz on top of all of this ><) and noticed that I'm using port 25.. but it still doesn't work. There aren't any other numbers in my settings besides the port number... so definately no plain out ip and I don't no how to turn smtp.daintyrose.net to an ip.

And yes, just in case you're only reading the section devoted to you ( I do that sometimes ) I'll type it again, that message was correct, at least in words. Some of the punctuation was right. But that's all it said, I didn't paraphase. And I'm pretty sure I got the punctuation right... But I just switched from daintyrosesmtp to googlesmtp so I'd have to change back to reproduce the error message.

Short post:
daintyrose via mochahost via ev1 says you can't use their SMTP server unless you 'dialed in' directly

use of Port 0 on your system indicates that you are using the SMTP service on "your" computer, which is in fact available in your Ubantu distribution

the "check your e-mail address/settings" message also suggests that you are trying to send mal through a erver (somewhere) with the wrong credentials

the "blocked by spamcop" notification should have only been found in an e-mail .... showing up on-screen as an 'error message' just makes very little sense, never mind not being able to come up with a clue as to just what would be involved in writing n application to have a dialog such as that available ...

Per http://www.dnsstuff.com/tools/lookup.ch?na....net&type=A

You can not simply put SMTP in front of a host name to make a valid SMTP host. There is a valid server at mail.daintyrose.net. A IN 86400 67.15.104.25. You should try that instead. It does support AUTHenticated sending.

I just sent a small test to 12345tester67890[at]daintyrose.net and it was accepted, so the server is working.

Does that also mean that a "catchall" email situation exists at Daintyrose.net? I certainly hope not, or you'll be receiving TONS 'o spam.

BTW, your host is "MochaHost" and here's the SMTP entry from their Knowledgebase:



Here's an even more important MochaHost Knowledgebase article, titled Problems sending emails using MochaHost's mail server (SMTP Restrictions):

http://www.mochasupport.com/sys/faq/index....&artlang=en

DT

Then I'm totally makin' up stuff from my butt just for fun! Really, earlier this week, I said, "I should find a cool website I've never heard of before, tell them some lies, day after day after day, taking up my time, just for fun."



Steven, Yeah ' If I had been left to my own devices to set up my emal again, I would have set it up smtp.daintyrose.net like a blonde, but it's mail.daintyrose.net. I tried auth with ___ but it just wouldn't do anything, just kept saying sending. Then I tried to auth with TLS and it said something like it couldn't talk to the server (I've had this before and it's why I chose no auth) but TLS, if availiable works, and puts me at port 25.

So I tested it ("it" being I switched daintyroseemail to daintyrose smtp and sent an email) out, just in case the problem went away, and it magically gave me.. a new error message! Hey, this one includes an ip (or a SonicWall ip which I TOTALLY think that's what it is) in a convoluted way...

"The size of the message you are trying to send exceeds the global size limit of the server. The message was not sent, try to reduce the message size and try again. The server responded: 5.7.1 Spam Blocked: See http://www.spamcop.net/bl.shtml?70.159.7.113"

That's a much more helpful error message. Wish I got it earlier. It's still in the pop up box thing. And the email wasn't "too long" it was like a sentence of text sent in text format (I hate html emails). I've since changed the smtp of that email back to gmail, just to cut anything off.

Who's been sending infected emails while that address wasn't connected to that smtp?


DavidT, "catchall"? There is an administrator email. I don't ever check it. I had Mochahost delete everything from it recently. It actually wasn't mostly spam when I looked though webmail. Someone had spammed my blog, and I had set up my blog to tell me whenever anyone trackbacked on commented...

...I had always wondered where those indicator emails went. Now I know. *blush* As you see above, I tried to Auth when sending out but it just... didn't work. The TLS, if available did, of course, but I'm guessing only because of the "if available" clause.

The bad news is that you deffinitely have a virus/trojan infected machine on that network, it made it to other famous block lists:



The sender base numbers show a tremendous increase:



The newest reports seem to have a virus subject line:



PS. Check the cbl block, this is a relisting and it may still be a Linux related problem if I read them right. Someone here may come up with better explanations given this new data.

Interestingly, sorbs BL confirms my initial conclusion:

??? Trying to work with the data you've offered, also conditioned by our admission that you know next to nothing on the whole subject of networking, e-mail, protocols, handshaking, etc., etc., etc.

Current status;
http://www.spamcop.net/w3m?action=blcheck&...ip=70.159.7.113
70.159.7.113 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week

http://www.senderbase.org/?searchBy=ipaddr...ng=70.159.7.113
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ........ 4.6 .. 1731%
Last 30 days .. 3.8 .... 152%
Average ........ 3.4

Real-time blacklists [ Click to view all ]
dnsbl.sorbs.net Web - http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=70.159.7.113
bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=70.159.7.113
cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=70.159.7.113

Report History:
-----------------------------------------------
Submitted: Friday, October 06, 2006 6:32:07 AM -0500:
Re: warning
1953856747 ( 70.159.7.113 ) To: thisisspam[at]bellsouth.net
1953856739 ( 70.159.7.113 ) To: abuse[at]bellsouth.net
-----------------------------------------------
Submitted: Wednesday, October 04, 2006 1:44:45 PM -0500:
Fwd: YOUR LETTER
1951203217 ( 70.159.7.113 ) To: spamcop[at]imaphost.com
1951203209 ( 70.159.7.113 ) To: abuse[at]bellsouth.net
1951203198 ( 70.159.7.113 ) To: thisisspam[at]bellsouth.net

How about showing a traceroute from your keyboard/computer to your daintyrose web site? Maybe this will help explain just where this 70.159.7.113 system fits into the actual scheme of things.

Drop down to a shell level access (I believe you used the word 'terminal' before)
traceroute www.daintyrose.net
copy / paste the results ....

dang it .. on a Ubuntu system .. doesn't fly ...

tracepath www.daintyrose.net
<snip the server data I'm playing with>
2: suwC1-gig4-1-4.qualitytech.com (216.154.207.21) 1.026ms
3: suw03-gig1-2.qualitytech.com (216.154.207.18) 0.714ms
4: gig6-2.suwangaeq01w.cr.deltacom.net (66.35.174.165) 0.736ms
5: pos5-0.atlngapk24w.cr.deltacom.net (66.35.174.105) 1.470ms
6: g0-9.na21.b000192-0.atl01.atlas.cogentco.com (205.198.2.161) 2.000ms
7: g1-0.3555.core01.atl01.atlas.cogentco.com (66.250.11.173) 2.061ms
8: p10-0.core01.iah01.atlas.cogentco.com (154.54.5.89) 32.645ms
9: g0-2.na21.b015619-0.iah01.atlas.cogentco.com (66.28.64.66) 34.528ms
10: Everyones_Internet.demarc.cogentco.com (38.112.25.22) asymm 12 33.743ms
11: gphou-66-98-241-28.ev1.net (66.98.241.28) asymm 13 33.887ms
12: 66.98.240.103 (66.98.240.103) 34.026ms
13: no reply
<snip repeats>
31: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500

Using SamSpade for Windows;
10/07/06 08:59:20 Slow traceroute www.daintyrose.net
Trace www.daintyrose.net (67.15.104.25) ...
129.250.2.26 RTT: 43ms TTL: 0 (p16-0-1-2.r20.dllstx09.us.bb.gin.ntt.net ok)
129.250.2.59 RTT: 43ms TTL: 0 (ae-0.r21.dllstx09.us.bb.gin.ntt.net ok)
129.250.3.63 RTT: 51ms TTL: 0 (xe-0-0-0.r21.hstntx01.us.bb.gin.ntt.net ok)
129.250.2.231 RTT: 47ms TTL: 0 (xe-4-1.r04.hstntx01.us.bb.gin.ntt.net ok)
129.250.10.230 RTT: 49ms TTL: 0 (ge-7.ev1.hstntx01.us.bb.gin.ntt.net ok)
66.98.240.103 RTT: 49ms TTL: 0 (No rDNS)
67.15.104.25 RTT: 46ms TTL: 46 (www.daintyrose.net ok)

It would be useful if you tried sending to different email addresses on different systems while using that setup. That way, you could see if the "too long" or the blocking was happening regardless of which system you're trying to send to. If yes, then that message is coming from either the Mochahost server or from somewhere more local to you (such as BellSouth, who "owns" and administers the IP in the message.


I think you *do* have a catchall..I just sent a message to a bogus address at your domain and it didn't bounce. I'm guessing that it's been routed to that "administator" email box you mentioned. Here's the MochaHost article on turning off the catchall function:

http://www.mochasupport.com/sys/faq/index....hlight=catchall

It's *much* better NOT to use a catchall. It's better to explicitly set up mailboxes and forwarding aliases as needed.

DT

Thanks Dra077!

You know, I've been trying to use the data you've been giving me. It started in August, when we moved into these dorms. But... I didn't move into Berry in August, I was just living on a different section of campus and there was barely anyone on campus. So, anyway, as I was saying, it started in August, when everyone moves into the dorms.

And everyone in my dorm HAS THAT SAME 70.x.x.x IP ADDRESS. So if they're doing weird things, the internet is going to think it's me JUST as much as it is them.

Someone menchioned that the 70.x.x.x address was a SonicWall IP so I went to SonicWall and asked them about it... https://forum.sonicwall.com/showthread.php?p=19466 (I'm daynah... I originally try to as that join here... but my email messed up! ha!) Basically, they say, that the 70.x.x.x is the outer telephone number, and my 10.x.x.x is my inner redirecting one.

But every website sees me as 70.x.x.x and so is everyone else in this dorm. So someone else that is just as much 70.x.x.x as I am is doing a mail borg but I'm not.

SonicWall people think it's plausible, do you think it's plausible? Because in the end, if it is plausible, I'm going to need some sort of letter from SpamCop saying, "Yeah, this dorm does have a problem (spam reports,ect), you need to take care of it (notice that my dorm's ip is on the bl)." because they aren't just going to listen to just me. And I'm probably the only person in this little area that uses something other than webmail of some sort (be it my college's or a web gmail or yahoo), thus who notices.

PS, Berry Tech a day or two ago sent out an email saying they were having a "spam problem." Of course, of course, it was JUST RECEIVING spam. The tech guy was also convinced that 70.x.x.x was an ip from someone other than the college, even though many people have confirmed it is me, and SonicWall has explained how I can "have two" and how I can share one. Just thought it was humorous.

Because there's no computers connected to daintyrosesmtp right now... and there's still spam coming out. So that doesn't make much sense. As you can see DavidT, I'm starting to believe that it's someone on my network as opposed to my server. I mean, mochahost does insane cleanups of the servers all the time, and have been emailing me to see if I've gotten it resolved (they don't want me being a borg and it looking like it's coming from a mochahost address). I will turn off the catchall immediately after I post this, I haven't been taking any advice for granted. It's just that all of the little tid bits about this seem to have fit together, even though people have been focusing and been making big long posts about all the other mysteries. Trust me, if were the borg computer, the problem would be in my control, so I'd be able to fix it faster.

That's great, but please make sure that you still implement all of the aliases required of you by RFC2142.

Well, it's like this .. you are as confused about things as much as your 'local tech support' seems to be.

Once again, the previously referenced .grc site attempts to explain to you what a router is, how it works, why you have a 10.x.x.x address but 70.x.x.x is showing up elsewhere. Sorry you can't be bothered with the details.

Yet again, pointing out that the output server IP address for your (alleged) daintyrose.net e-mail SMTP service is still unidentifed.

As the only 'evidence' yet provided in "e-mail with a problem" has been referencing the 70.x.x.x IP address, I am still suggesting that you are running an SMTP server on your computer, and that's where the problems are coming from. Again, the "error message that pops-up and talks about checking your e-mail address/settings" has no direct connection to a listing in the SpamCopDNSBL ....

Yes, you are causing a number of folks to spin their wheels in trying to help you out ....

Where are you seeing "any" e-mail leaving daintyrose.net?

Your "only now beginning to believe" seems a bit odd .. that's what I was suggesting way back in the beginning and have repeated numerous times. .... multiple infected computers on "your" side of the network, possibly even more folks also running their own SMTP services, known or not ....

BTW, please be aware of the info on http://www.enom.com/domains/whois.asp?Doma...amp;submit.y=13 and http://www.whitepages.com/10866/search/Rev...hone=7704320779 .