Hello,
In this days, i am in spamcop( Zlatograd.com mail server running postfix 2.2.3) blacklist, but i not sending SPAM or i have open relay mail server. If can help me what is the reason for what i am this spamcop blacklist .
And when i understand what is the reason and if problem in my mail server i fix !
Thanks in advance !!
Best Regards
Mihail Peltekov
System Administrator mail server Zlatograd.com !!
Sorry for my bad english !
Full Version: Strange Problem with my IP (87.118.176.200)
Mihail,
I just looked up some things about the IP address [87.118.176.200], and it's not good news. First, take a look at the statistics on this page:
http://www.senderbase.org/search?searchString=87.118.176.200
Under "Volume Statistics for this IP" the "Last day" value is 2693%, and although the SenderBase has only been watching the volume from that IP for a short time, that's a HUGE increase, so I'll guess that there's lots of stuff being transmitted from the IP without your knowledge.
The reason the IP is listed in the SCBL is totally due to spam reports submitted by SpamCop users, such as these:
Port spam, pharmaceutical spam....you've got some real problems with what's been going out from your machine! The reports have been sent to the "itdnet.net" adress shown above, so perhaps you can contact them for further details.
If you're running a MS Exchange server, we have some helpful people who will come along and tell you how to secure it against hijacking, etc.
Further info:
Listing History
In the past 4.1 days, it has been listed 3 times for a total of 2.1 days
Other hosts in this "neighborhood" with spam reports
87.118.176.252 87.118.176.254 87.118.177.1
Looks like your IP has been repeated listed this week, and that you, or someone else has tried to "delist" it, so you can't do that any more. What you need to do is to find out who or what is transmitting all that spam from your IP and stop it.
DT
I just looked up some things about the IP address [87.118.176.200], and it's not good news. First, take a look at the statistics on this page:
http://www.senderbase.org/search?searchString=87.118.176.200
Under "Volume Statistics for this IP" the "Last day" value is 2693%, and although the SenderBase has only been watching the volume from that IP for a short time, that's a HUGE increase, so I'll guess that there's lots of stuff being transmitted from the IP without your knowledge.
The reason the IP is listed in the SCBL is totally due to spam reports submitted by SpamCop users, such as these:
QUOTE
Submitted: Thursday, October 26, 2006 1:24:49 PM -0700:
SEXUALLY EXPLICIT : Horny cum eating blonde babe
* 1986600140 ( 87.118.176.200 ) To: spamcop[at]imaphost.com
* 1986600134 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Tuesday, October 24, 2006 2:20:11 PM -0700:
No problems in sex - no problems in life. Viagra Pro.
* 1983289213 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Monday, October 23, 2006 6:23:04 AM -0700:
Get your ideal weight with this natural method
* 1980983258 ( 87.118.176.200 ) To: mole[at]devnull.spamcop.net
Submitted: Monday, October 23, 2006 6:10:40 AM -0700:
We are trusted, reliable pharmacy
* 1980973849 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Monday, October 23, 2006 4:28:11 AM -0700:
[Spam] SEXUALLY EXPLICIT : Adorable blonde Carol teasing pink
* 1981551962 ( 87.118.176.200 ) To: spamcop[at]imaphost.com
* 1981551949 ( 87.118.176.200 ) To: ripe[at]itdnet.net
SEXUALLY EXPLICIT : Horny cum eating blonde babe
* 1986600140 ( 87.118.176.200 ) To: spamcop[at]imaphost.com
* 1986600134 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Tuesday, October 24, 2006 2:20:11 PM -0700:
No problems in sex - no problems in life. Viagra Pro.
* 1983289213 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Monday, October 23, 2006 6:23:04 AM -0700:
Get your ideal weight with this natural method
* 1980983258 ( 87.118.176.200 ) To: mole[at]devnull.spamcop.net
Submitted: Monday, October 23, 2006 6:10:40 AM -0700:
We are trusted, reliable pharmacy
* 1980973849 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Submitted: Monday, October 23, 2006 4:28:11 AM -0700:
[Spam] SEXUALLY EXPLICIT : Adorable blonde Carol teasing pink
* 1981551962 ( 87.118.176.200 ) To: spamcop[at]imaphost.com
* 1981551949 ( 87.118.176.200 ) To: ripe[at]itdnet.net
Port spam, pharmaceutical spam....you've got some real problems with what's been going out from your machine! The reports have been sent to the "itdnet.net" adress shown above, so perhaps you can contact them for further details.
If you're running a MS Exchange server, we have some helpful people who will come along and tell you how to secure it against hijacking, etc.
Further info:
Listing History
In the past 4.1 days, it has been listed 3 times for a total of 2.1 days
Other hosts in this "neighborhood" with spam reports
87.118.176.252 87.118.176.254 87.118.177.1
Looks like your IP has been repeated listed this week, and that you, or someone else has tried to "delist" it, so you can't do that any more. What you need to do is to find out who or what is transmitting all that spam from your IP and stop it.
DT
Thanks for fast reply !!
Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with SPAM !!! Who can help me to delist ?
Thanks
Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with SPAM !!! Who can help me to delist ?
Thanks
QUOTE(misho @ Oct 27 2006, 03:30 PM) 
Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with SPAM !!! Who can help me to delist ?
Delisting will happen automatically after a set amount of time without receiving a new report. The people at ripe[at]itdnet.net have the reports which include the headers.
The only other way would be to convince the people at deputies[at]spamcop.net you are responsible for that IP address and ask for the headers as well. Not sure it will work (since reports already went to the responsible party on record).
You may want to get this modified so you receive the reports:
Reports routes for 87.118.176.200:
routeid:22815066 87.118.176.0 - 87.118.177.255 to:ripe[at]itdnet.net
Administrator found from whois records
QUOTE(misho @ Oct 27 2006, 12:30 PM)
Because this server and routing and pc in local network and may be any of PC is have viruses
Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure.
DT
QUOTE(DavidT @ Oct 27 2006, 11:10 PM)
Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure.
Hi Again
In my first post i said what is my mail server ( Postfix 2.2.3) .. For auth i using SASL smptd, before users send e-mail they must AUTH, but may be my local area 192.168.8.0/24 is in my trusted network ... But think today to remove from there ..
QUOTE(misho @ Oct 28 2006, 05:58 AM)
Hi Again
In my first post i said what is my mail server ( Postfix 2.2.3)
In my first post i said what is my mail server ( Postfix 2.2.3)
Ah, yes you did....sorry. We've had so many Exchange admins drop by recently I had a "one-track" mind. Sorry for my confusion.
DT
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.