Jump to content


Photo

[Resolved] IP Not listed in Spamcop BL but bounceback messages say it is


  • Please log in to reply
9 replies to this topic

#1 rabeatz

rabeatz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 27 July 2012 - 12:28 PM

I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office.

Two examples of the bounceback messages:


Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com)
 for <*******[at]rmxmail.com>; Fri, 27 Jul 2012 11:07:55 -0400
Return-Path: <>
Received: from [127.0.0.1] ([local])
 by cdptpa-omtalb.mail.rr.com (envelope-from <>)
 (ecelerity 2.2.3.46 r()) with INTERNAL
 id 9D/60-13948-A2FA2105; Fri, 27 Jul 2012 15:09:30 +0000
From: Mail Delivery System <>
To: ********[at]rmxmail.com
Subject: Mail Delivery Failure
Message-ID: <9D.60.13948.A2FA2105[at]cdptpa-omtalb.mail.rr.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 boundary="Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ=="
Date: Fri, 27 Jul 2012 15:09:30 +0000
X-FromIP: 75.180.132.120


--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: text/plain

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> *********[at]ackerteam.com (reading BANNER): 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120

--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: message/delivery-status

Arrival-Date: Fri, 27 Jul 2012 15:09:30 +0000
Reporting-MTA: dns; cdptpa-oedge02.mail.rr.com

Action: failed
Last-Attempt-Date: Fri, 27 Jul 2012 15:09:30 +0000
Final-Recipient: rfc822; **********[at]ackerteam.com
Status: 5.7.1
Remote-MTA: dns; mx.ackerteam.com.cust.hostedemail.com
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120

--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: text/plain
Content-Disposition: inline

------ This is a copy of the original message, including all headers. ------

Return-Path: <******[at]rmxmail.com>
X-Authority-Analysis: v=2.0 cv=Dp/UCRD+ c=1 sm=0 a=cYGYzK+LAVxdjIOtyVjxAg==:17 a=KQuzrrapFAIA:10 a=prFSLUeVHZoA:10 a=0WDCIKVhAAAA:8 a=Q_hLOjj4PwCIcsF2ycAA:9 a=CjuIK1q_8ugA:10 a=_iCh-uIyOFYA:10 a=3_vKLM2jDl5xk6q7u80A:9 a=n3BslyFRqc0A:10 a=bhkaYMs-ANYA:10 a=Sf_gFPzhefAA:10 a=fjv4MY9m2sLIHau1:21 a=uZOPtBc_rCyJ7-c7:21 a=cYGYzK+LAVxdjIOtyVjxAg==:117
X-Cloudmark-Score: 0
X-Originating-IP: 71.41.210.130
Received: from [71.41.210.130] ([71.41.210.130:65251] helo=RNPE2A354)
 by cdptpa-oedge02.mail.rr.com (envelope-from <********[at]rmxmail.com>)
 (ecelerity 2.2.3.46 r()) with ESMTP
 id 94/60-13948-92FA2105; Fri, 27 Jul 2012 15:09:30 +0000


EXAMPLE 2

Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com)
 for <**********[at]rmxmail.com>; Wed, 25 Jul 2012 14:56:20 -0400
Return-Path: <>
Received: from [127.0.0.1] ([local])
 by cdptpa-omtalb.mail.rr.com (envelope-from <>)
 (ecelerity 2.2.3.46 r()) with INTERNAL
 id AD/28-28917-0B140105; Wed, 25 Jul 2012 18:57:52 +0000
From: Mail Delivery System <>
To: *********[at]rmxmail.com
Subject: Mail Delivery Failure
Message-ID: <AD.28.28917.0B140105[at]cdptpa-omtalb.mail.rr.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 boundary="CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA=="
Date: Wed, 25 Jul 2012 18:57:52 +0000
X-FromIP: 75.180.132.120


--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: text/plain

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> *********[at]remax.net (after RCPT TO): 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net

--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: message/delivery-status

Arrival-Date: Wed, 25 Jul 2012 18:57:52 +0000
Reporting-MTA: dns; cdptpa-oedge04.mail.rr.com

Action: failed
Final-Recipient: rfc822;*********[at]remax.net
Status: 5.0.0
Last-Attempt-Date: Wed, 25 Jul 2012 18:57:52 +0000
Remote-MTA: dns; smtp1.mke.securence.com
Diagnostic-Code: smtp; 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net

--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: text/plain
Content-Disposition: inline


Also, ironically, GMAIL considered my signup email from this spamcop forum to be spam.

#2 Derek T

Derek T

    Advanced Member

  • Memberp
  • PipPipPip
  • 587 posts

Posted 27 July 2012 - 12:46 PM

I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office.


There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal.

Edited by Derek T, 27 July 2012 - 12:48 PM.

hth
Derek T

Not a SpamCop employee, just a happy customer!

#3 rabeatz

rabeatz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 27 July 2012 - 01:02 PM

There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal.


Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet?

#4 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,290 posts

Posted 27 July 2012 - 01:40 PM

Hi, rabeatz,
...If you follow the link that is included in the reject (bounceback) message, http://www.spamcop.n...=75.180.132.120, and click on the link labeled "Trace IP," it will tell you to whom reports are sent ("Reporting addresses") and that will give you a clue as to whom to ask for further information.
...Note that 24 hours after the last spam report, IP addresses are delisted in the SpamCop BL.
...Good luck!

..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure


#5 Derek T

Derek T

    Advanced Member

  • Memberp
  • PipPipPip
  • 587 posts

Posted 27 July 2012 - 02:50 PM

Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet?


It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. There's nothing anyone here can do about that. Recipient's server, recipient's rules. Maybe your contact could ask their admin to whitelist you? Regrettably, many servers are configured to cite SpamCop's BL even when it is quite another BL that has the listing. Again their server, their rules and SpamCop can do nothing about it.

You might like to put your IP into one of the many 'Composite Blocklist' sites to see if it is still listed elsewhere. You might also ask RR to route your mail through a different (non-listed) server. After all, it's them you have the contract and commercial relationship with. Money talks.
hth
Derek T

Not a SpamCop employee, just a happy customer!

#6 lisati

lisati

    Advanced Member

  • Membera
  • PipPipPip
  • 216 posts

Posted 27 July 2012 - 03:38 PM

It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings.

One possibility that comes to mind is that the recipient's server has at some point queried the Spamcop list, and cached the result.

#7 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,290 posts

Posted 27 July 2012 - 03:42 PM

<snip>
and cached the result.

Hi, lisati,
...Thanks, I was thinking the same. But Derek beat us to it:

It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings.
<snip>

:) <g>

..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure


#8 rabeatz

rabeatz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 27 July 2012 - 09:51 PM

Hi, lisati,
...Thanks, I was thinking the same. But Derek beat us to it::) <g>


Thanks for the assistance guys. What boggled me is why the scanner was using the roadrunner SMTP when I built an email server for this company. I was afraid my email server was getting blacklisted due to low security settings, etc, but my server is fine. I switched the copier over to using the server I built for them and all is well.

I appreciate the support!

As far as I'm concerned, moderator can mark this thread closed.

#9 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,290 posts

Posted 27 July 2012 - 09:55 PM

<snip>
As far as I'm concerned, moderator can mark this thread closed.

...Closing keeps others from adding what may be valuable additional posts so I instead went with the "Resolved" tag.

..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure


#10 rabeatz

rabeatz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 27 July 2012 - 09:56 PM

...Closing keeps others from adding what may be valuable additional posts so I instead went with the "Resolved" tag.


Good policy. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users