zweers

OK, great, thanks. I'm a bit confused about the MX issue. I know that I can add MX's too all our dialup IP addresses. We haven't done it in the past since we don't really want these hosts to receive mail. (I realize servers will simply attempted direct delivery then). We have several thousand IP's used for dialup, DSL, cable etc etc. I'm not sure what I need to do to prevent any activites done on these from generating a hit against the server they communicate through. Not having an MX doesn't seem too me to be a reason for it to be considered a forgery, but I can add them. The biggest problem would be setting up our mail servers to accept mail for them. I'm wondering if/when having an MX pointing to a server that rejects all mail would be effective? We run a system that requires a match in LDAP before it will accept mail. I just want to make sure that I know what is expected here before I do it.

Yes, sorry, I didn't give the listing for the second server (though I did forward that message to deputies) http://www.spamcop.net/w3m?action=checkblock&ip=199.166.6.57 I've shut down this server completely, but I'm very concerned that the problem may get repeated and we have both servers listed. http://www.spamcop.net/sc?id=z279994384zfd...c9021a7e78ebefz

Whats the timeframe I should or could expect some type of response and is anyone else noticing this problem. I've heard from a couple of other local companies that they have found themselves black listed as well. Since I don't see the spam reports on their systems I can't see if this is in fact the same thing though.

I've sent a message to deputies. Oh the joys of email.

I'm not sure how the chain is being broken. Our customer on 209.239.31.120 is sending to 199.166.6.56 (our server, gouda), and it is sending it on to a mcmaster.ca mail server. I'm confused with the nas.net name in the next hop, but since its not my server (left at gouda) I'm not sure what I could do with that.

Now our second mail server has been listed. Same issue. This is very bad for us as I hope you can imagine.

In the past we have gotten very useful reports from spamcop when a user spams. We have tried to react to the customers very quickly. However, recently something appears to have changed (if I'm wrong about this, I'm sure I'll be corrected). http://www.spamcop.net/sc?id=z280296275z84...7f5a52b72f0de9z This is the "logic" behind this report being generated. Specifically... Received: from mshweihat (ppp120.f1.56k.execulink.com [209.239.31.120]) by gouda.execulink.net (8.11.6/8.11.6) with SMTP id i11MKbw15574; Sun, 1 Feb 2004 17:20:37 -0500 host 209.239.31.120 = ppp120.f1.56k.execulink.com (cached) host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120 199.166.6.56 not listed in dnsbl.njabl.org 199.166.6.56 not listed in cbl.abuseat.org 199.166.6.56 not listed in dnsbl.sorbs.net 199.166.6.56 is not an MX for nas.net 199.166.6.56 is not an MX for gouda.execulink.net 199.166.6.56 is not an MX for gouda.execulink.net 199.166.6.56 is not an MX for nas.net 199.166.6.56 not listed in dnsbl.njabl.org Possible spammer: 209.239.31.120 209.239.31.120 is not an MX for ppp120.f1.56k.execulink.com host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120 host gouda.execulink.net (checking ip) = 199.166.6.56 199.166.6.56 not listed in dnsbl.njabl.org 199.166.6.56 not listed in cbl.abuseat.org 199.166.6.56 not listed in dnsbl.sorbs.net 199.166.6.56 is not an MX for nas.net 199.166.6.56 is not an MX for gouda.execulink.net 199.166.6.56 is not an MX for gouda.execulink.net 199.166.6.56 is not an MX for nas.net 199.166.6.56 not listed in dnsbl.njabl.org Possible spammer: 209.239.31.120 209.239.31.120 is not an MX for ppp120.f1.56k.execulink.com host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120 host gouda.execulink.net (checking ip) = 199.166.6.56 199.166.6.56 not listed in dnsbl.njabl.org 199.166.6.56 not listed in cbl.abuseat.org 199.166.6.56 not listed in dnsbl.sorbs.net Chain test:gouda.execulink.net =? gouda.execulink.net gouda.execulink.net and gouda.execulink.net have same hostname - chain verified Possible relay: 199.166.6.56 199.166.6.56 not listed in relays.ordb.org. 199.166.6.56 has already been sent to relay testers Received line accepted 209.239.31.120 discarded as a forgery, using 199.166.6.56 In fact, this message did originate from this IP, relayed through our mail server as is the norm (I assume it is still prefered that users relay mail through their local ISP rather then direct.) I'm not sure how this decision was made, but it has resulted in our server being listed (quite annoying). Is there something that I'm missing here or has something changed that caused this IP address to be discarded as a forgery?