Jump to content

Firevision

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Firevision

  • Rank
    Newbie
  1. Firevision

    Server(s) Blocked

    Thank you.
  2. Firevision

    Server(s) Blocked

    My upstream provider has sent through the reports! As I suspected, the spam e-mails never originated from our server, and these are clear in the Received: headers in the e-mails. 3 examples: Received: from aannecy-204-1-31-122.w81-251.abo.wanadoo.fr ([81.251.135.122]) by silver.firevision.net with smtp (Exim 4.12) id 1ArGiO-000CfW-00 for x; Thu, 12 Feb 2004 13:17:14 +0000 Received: from pd9526d52.dip.t-dialin.net ([217.82.109.82]) by silver.firevision.net with smtp (Exim 4.12) id 1AplSW-000F6Z-00 for x; Sun, 08 Feb 2004 09:42:37 +0000 Received: from yahoo.com (mx2.mail.yahoo.com [64.156.215.6]) by pD9526D52.dip.t-dialin.net (Postfix) with ESMTP id 662935E80F for <x>; Sun, 08 Feb 2004 16:28:43 -0500 Received: from wbar14.tampa1-4-4-151-219.tampa1.dsl-verizon.net ([4.4.151.219] helo=mfl-weiden.synlab.de) by silver.firevision.net with esmtp (Exim 4.12) id 1ANj7K-0000XD-00 for x; Sun, 23 Nov 2003 01:32:54 +0000 Received: from 94.5.63.82 by smtp.won.de; Sun, 23 Nov 2003 01:08:29 +0000 I've got the upstream provider to update the RIPE records so that SpamCop reports will come to us now. What is SpamCop's algorithm for detecting the originator of a spam message? It clearly looks like it doesn't take e-mail forwarding services into account!
  3. Firevision

    Server(s) Blocked

    We shouldn't have anything too drastic done to the headers of the e-mail. We use a fairly stock exim setup, so the headers should show the originating server, and that our server was just a forwarding server. I'll have to look up to see who the "deputies" are to get this dealt with. I'll contact our upstream provider at that location too to see if they got the abuse e-mails. We try to respond to all those that we receive from SpamCop, but we can't do that if we don't get them forwarded to us!
  4. Firevision

    Server(s) Blocked

    Hi, We operate some mail forwarding servers. These servers only provide mail forwarding, and unless someone sends mail from the command line (which would be for testing purposes by an admin only, there are no other accounts on these boxes) all they do is forward mail. There isn't even a web server on the boxes, no insecure website form that could be used by a spammer to send spam. They are not used as a source of mail. They are checked regularly for open relays, and pass every time. Therefore they are not open relays either. It seems that they servers are listed in SpamCop's BlackList however. Query bl.spamcop.net - 62.121.2.60 62.121.2.60 is silver.firevision.net It appears that SpamCop is looking at the Received: headers, and simply listing all servers following that header as being a source of that spam, even though with a valid e-mail service such as e-mail forwarding, that will introduce two Received: headers, one of which has nothing to do with being the source of the spam at all! So how do we get a server removed from this blacklist? How do we even get to see the mails, or at least a message id, of the e-mails that caused the server to get listed? I'd appreciate any help or advice. I'd especially like for the server to be removed from the blacklist. Graham
×