Jump to content

bsdaddict

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bsdaddict

  • Rank
    Member
  1. bsdaddict

    Server blocked...

    Just wanted to drop in and say that I'm glad that something good has come of this thread. Anything that can be done to make the documentation/FAQs more technically precise will be much appreciated by sysadmins who find themselves in a similar situation. Also, if any end-users can glean any new knowledge from the increased accuracy of terminology, even better!
  2. bsdaddict

    Server blocked...

    I felt it important to include "misdirected bounce" due to the fact that that's the wording that was used in the "Causes of listing". Also, "email bounces (that is, bounce emails written after acceptance of the email instead of being 'bounced' by rejection at the server" sounds self-contradictory. How's this: I did mention that sysadmins are an anal bunch, didn't I???
  3. bsdaddict

    Server blocked...

    That would work, but I'd also change the line in the "For people who are operating servers" section from... ...to... See, when I hear "auto-response" I don't think "bounce". To systems administrators the two are different animals, as a bunch we tend to be anal like that... Auto-responders are something users set up when they won't be reading their email for a period of time, and bounces are something generated by a system event such as an unknown user or a user over his quota. Details like that make all the difference...
  4. bsdaddict

    Server blocked...

    66.216.64.0 - 66.216.98.116 is Rackspace's ip space. Glen Group only has a sub-set of that range, 66.216.65.160 - 66.216.65.191. If it is possible to change the routing information just for our range that would be great. I have, however, submitted abuse[at]glengroup.com as the contact for glengroup.com, I'm assuming abuse.net just hasn't updated their database yet. I'm thinking that this should be sufficient, once the database is updated...
  5. bsdaddict

    Server blocked...

    which is precisely what I am, a person operating a mail server. The information above that does not mention non-existant mailboxes. It mentions 'created email' bounces. That phrase makes absolutely no sense, and this is coming from a sysadmin who's been admining unix systems for quite some time... I strongly suggest you reword that section. Replace "created email" with "non-existant mailbox" and that section becomes much more clear. When a user belongs to the Admin or Moderator group I feel that it's generally safe to assume that that user has some sort of professional relation to the parent entity. It's your responsibility to act/speak accordingly, as you're more or less speaking for that parent entity. Basically, whatever your employment status, on these boards you are a representative for Spamcop. I identified myself as a sysadmin so that it was clear that I wasn't some irate, ignorant end-user, and I expected some professional courtesy. As I said previously, we ARE on the same team... With one exception (and he isn't even an Admin or a Moderator, just a regular user), what I got was an elitist attitude, assumptions that I hadn't read any FAQs, and general lack of effort. As I said, not very professional... Regardless, all this is besides the point now. I now know that the Misdirected Bounces (as they were referred to in the "Cause of Listing") were, in fact, bounces due to non-existant mailboxes. As they say, "Knowing is half the battle..." (so far this certainly has felt like a battle), and now that I know what the problem was I can fix it. Have a good day. Daniel Frazier
  6. bsdaddict

    Server blocked...

    Thanks again for trying to help, Derek. I got a reply back from the deputies and it appears the misdirected bounces were standard "Mailbox does not exist" messages. I'll have to look into having this handled during the SMTP phase so that the bounce doesn't come from our server. I apologize to everyone for ranting a bit there... It's just that this whole process could have gone so much smoother... All I needed was specific comfirmation as to what was bouncing so that I knew what I needed to fix, and noone except for Derek seemed willing to spend a few brain cycles to help me get that information. I'd recommend changing the wording on the Why am I Blocked FAQ by editing this paragraph... ...and removing any suggestions to post to the message board. Emailing the deputies got me exactly the information that I needed, and that paragraph in the FAQ makes it sound like the message boards are the better/faster option. just my 2 cents... Thanks again, Derek. The rest of you need to get off your high horses and lose the elitist attitude. It's not professional to say the least... Daniel Frazier
  7. bsdaddict

    Server blocked...

    I spent a good 2 - 3 hours reading various posts and faq's before I started this topic. Nothing I read specifically covered the Misdirected Bounce question, other than the "why auto-responders are bad" page. Still wasn't specific enough though... The only suggestion that was possibly applicable was to apply the spamcontrol or qmail-ldap patch, which I'm not comfortable doing unless I know exactly what it's supposed to fix... That's all I'm trying to understand, what specifically hit the spam trap so that I can address that specific issue. You say that a request to the Deputies does not get me "a copy" of anything. Why then does the Why am I Blocked FAQ state "If you need to know what triggered the report from a spamtrap, email deputies <at> spamcop.net."??? Get your story striaght... At this point I don't really care anymore... I can't afford to spend any more time trying to appease you... Please close this topic.
  8. bsdaddict

    Server blocked...

    you posted while I was writing my last reply. If you even bothered to read my first post, in it I asked a simple question. a simple yes or no would have sufficed, and taken less effort...
  9. bsdaddict

    Server blocked...

    uh, ok... so I didn't realized I'd need to put my perl hat on before reading the FAQ... whille (<FAQ>) { s/created\semail/misdirected/; print; } How silly of me... nevermind... looks like people on this board (with the exceptin of Derek, at least he made an effort) are more concerned with semantics than actually helping people resolve problems... I'll email the deputies and see if they'll send me a sample of a Misdirected Bounce that hit the spamtrap. At least that will give me some information to go on... If they don't reply I'll have to resort to telling people to stop using your service if we get blocked again, and recommend to them a different RBL to use... <rant> what the heck is a "created email bounce", anyways? Google it and you'll see... There is NO SUCH THING! You guys must have a pretty high opinion of yourselves to assume that you can coin a phrase and expect people to understand what the heck you're talking about... Not that any of you even care, but consider me one more sysadmin (who spends a considerable amount of his time trying to stop the flow of spam) who's royally torqued at the attitudes on this board. We're on the same team, for crying out loud!!! You guys are simply amazing, thanks for wasting my time. </rant>
  10. bsdaddict

    Server blocked...

    I admit, I didn't read *every* FAQ in the "Read before posting" section. There's a heckuva lot to read there and I simply don't have the time to read every topic. I did scan them, however, and even read a few of 'em, but I didn't find anything pertinant to the Misdirected Bounces question. I have fully read the "why am I blocked" FAQ. Didn't mention anything about misdirected bounces. What it did say, however, was to "Post the IP address that is blocked in the Spamcop web forum or newsgroup. There are many knowledgeable people in the SpamCop groups who will help you figure out why and offer solutions." . Thanks for your help... Hrmmm, understandable about the evidence pages not being realtime... Damn spammers... Even so, should I still be able to email the deputies for the evidence? As to the 88% increase in traffic, the only recent change has been incorporating rblsmtpd into our qmail setup. But that doesn't really explain the increase, since rblsmtpd does it's thing during the SMTP handshake and if it blocks anything sends a 553 error to the originating server. Unless somehow the resulting bounces (which should be from the originating server, not ours) are counted towards Glen Groups traffic? As to the possibility of a trojan being responsible, I suppose that's remotely possible. Not very likely, however, and I'm assuming that the results of a trojan would be more severe than misdirected bounces. I have no idea why the abuse reports would be going to rackspace, unless it's because Rackspace shows up before Glen Group in a whois lookup. Why wouldn't they go to abuse[at]glengroup.com, or does that make too much sense? Thanks for taking the time to try to shed some light on this situation, Derek. I appreciate the effort... Daniel Frazier Systems Administrator Glen Group [edit] I've registered with abuse.net so that I should recieve any future reports...
  11. bsdaddict

    Server blocked...

    I am the sysadmin for Glen Group. Today one of my users informed me that his emails weren't getting thru to a particular destination. He forwarded me the error he recieved and upon reading it I discovered that our mail server was listed on spamcop. Here's the email... ------ Forwarded Message From: MAILER-DAEMON[at]smtp.glengroup.com Date: 15 Feb 2005 16:13:05 -0000 To: [edited][at]glengroup.com Subject: failure notice Hi. This is the qmail-send program at smtp.glengroup.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[edited][at]nhpr.org>: 64.80.51.140 failed on DATA command. Remote host said: 554 Blocked - see http://www.spamcop.net/bl.shtml?66.216.65.177 --- Below this line is a copy of the message. Return-Path: <[edited][at]glengroup.com> Received: (qmail 5489 invoked from network); 15 Feb 2005 16:13:04 -0000 Received: from unknown (HELO ?10.0.1.2?) (216.107.208.145) by 10.0.2.77 with SMTP; 15 Feb 2005 16:13:04 -0000 User-Agent: Microsoft-Entourage/10.1.4.030702.0 Date: Tue, 15 Feb 2005 11:17:29 -0600 Subject: Follow up From: [edited] <[edited][at]glengroup.com> To: [edited] <[edited][at]nhpr.org> Message-ID: <BE378AC9.9299%kevind[at]glengroup.com> In-Reply-To: <000001c5109b$d3ac31e0$9dbcad45[at]yourw92p4bhlzg> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit <snip> I followed the link provided, hoping that I'd get some helpful information as to why our server was listed on spamcop's rbl. What I found was less than helpful, to say the least... Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) * It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it. Reading the FAQ entry provided didn't really help. There are a few users on our server that are using autoresponders, however the "Causes of listing" references misdirected bounces, so my understanding is that that's not the issue. Just last week I implemented rblsmtpd into our qmail installation, so my suspicion is that that's somehow related. However, that does not send bounce emails, it sends a 553 error during the initial SMTP handshake. Basically, I don't know why we've been listed, so I don't know what I need to address in order to get delisted. I take it the deputies know the specifics, do I need to send them an email or do they read this board? Is there any additional information I need to provide that would help figuring this out? Thanks in advance for the help resolving this issue... Daniel Frazier [edit] While typing this post http://www.spamcop.net/w3m?action=blcheck&ip=66.216.65.177 went from stating "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hour" to "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 0 hours" to "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately zero time." It appears as if we'll be automagically delisted soon, however I still need to know what happened so that I can prevent it from happening again.
×