Jump to content

Derek T

  • Content Count

  • Joined

  • Last visited

Everything posted by Derek T

  1. OK that 's resolving as a static IP assigned by Tiscali.co.uk. The client is running his own mailserver there and you are cool with that? Can he explain why there has been a four-fold increase in traffic from that server in the last day or two? He almost certainly has a a trojanned machine spewing spam and spamcop is doing its job and working properly. You may want to disconnect him until he's found and fixed the problem. Not sure what you mean by 'getting through' are YOU using the SCBL to e reject connections from your own clients? If not then its not YOUR server that's doing the rejecting: it's one of your client's intended recipients. If you have it, post the rejection message here.
  2. Please supply the IP address that is allegedly listed. We (TINW) can do nothing to help without it. Spamcop knows nothing whatsoever about domains so I can only surmise that the sales[at] is being sent from a different IP from the others. A spamtrap is an address that has NEVER been used to send email. They are hidden on web-sites for the bots to scrape them. ANY mail to a spamtrap is by definition unsolicited and therefore given more weight in scoring for the blacklist.
  3. A fellow-user recently introduced me to the greylist and I am trying it out. My held mail has gone down from 200-300 per day to about 10 and I have many fewer 'false negatives' in my inbox. This is great for me but what about the community? Are the ones the greylist stopped helping to feed the blaclists (as I am no longer reporting them)? - keen to 'do my bit'.
  4. Derek T

    My IP is listed

    Then it would appear that the solution is in your own hands! It's your server - set it up how you need it to work.
  5. Derek T

    My IP is listed

    Thanks for that. It would seem that the SMTP server is using the blocklist to filter OUTGOING messages (not recommended) and then giving you a mis-formed error message. What happens if you use a proper email client instead of the PoS that is Outlook? What is the name of the SMTP server to which you are trying to connect? Who owns/controls it? Do they have a clue?
  6. Derek T

    My IP is listed

    Provide the IP you allege is listed: we can do nothing without it. Unless you are running your own SMTP server it is very unlikely that your problem is as you've described. Your machine may get a different IP each time but your mail will go out through the phone company's SMTP. Please post the /exact/ text of your error message here.
  7. Please accept my apologies for 'rushing to judgment' we do get quite a few 'post-and-runs' in here but obviously you are not one of them. Also please accept my thanks for sorting the matter thus making the internet a better and safer place for us all and for updating us.
  8. Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours.
  9. OK, so you added blocklists to the equation. Now tell us EXACTLY what happens to mail that 'fails' the blocklist test. What is the machine configured to do with it? EXACTLY how does it reply?
  10. Another possibility is that you re sending misdirected 'bounces' due to 'out-of-office', 'over-quota' etc.
  11. Derek T

    always blocked

    And the firewall? which firewall are you using and what do its logs say? The spew continues so there's something infected in there.
  12. Derek T

    always blocked

    It's a linux server, (s)he said so up-thread. I think it's a case of 'if you have to ask, you need to get a professional in'. OP: there /are/ admins in this forum. Please post /exactly/ what server and version you are using, ditto firewall. Did you check the firewall logs yet?
  13. Derek T

    always blocked

    You can probably trace the infected machine by examining your firewall logs for suspicious activity. Trojans often don't use port 25 so set your SMTP to relay ONLY what comes in on port 25. If SMTP AUTH is not needed, switch it off. These I have gleaned from being around here for a few years, I am not an Admin but someone who knows more will be along shortly! I have checked your server for weak passwords and not found any, but absence of evidence is not evidence of absence. Pay special attention to laptops when looking for trojanned machines.
  14. Derek T

    always blocked

    'These domains' did NOT use your IP, 'These domains' are forgeries. A spammer has installed a trojan on a machine on your network OR hacked your SMTP server.
  15. Derek T

    always blocked

    The 'from' field in spam is always forged: 'they' didn't send it, spammers did. The spammers obviously have more control over your server than do you. Unplug that machine from the internet until someone with a clue has rebuilt it from the ground up. The only way to improve reputation is to stop the spam.
  16. Derek T

    We're listed

    Au contraire, very likely and very common. Spamtrap addresses are 'out there' to attract the scrapers: that's the whole point. No human needs to know them. Human report now received Submitted: Thu, 07 Feb 2008 08:29:45 GMT: Crazy Britney does it again! * 2820599222 ( ) To: abuse[at]prodigy.net
  17. Derek T listed

    Sorry folks, false alarm. Tried the above and, indeed, the history link is present and correct.
  18. Derek T listed

    <thread hi-jack - moderators move/remove if appropriate> We paying users used to be able to see the subject lines of reported spam and sometimes help enquirers that way. I've just looked and can't seem to find that feature now. Has it been withdrawn?
  19. Senderbase shows a recent 800% increase in traffic from that server which might suggest that someone is using that server to send spam. From what you say, that's probably a shared server so you may be an innocent bystander. Two questions: 1. Who do you actually pay to provide you with a mail-server? This is who you should take this matter up with. 2. Could you please post (in full) the rejection message you receive as it will help us to help you. It is unlikely that anything is stopping you sending mail (see FAQs) - some people are choosing not to receive it.
  20. Experience here would suggest that 99.9% or more of people who are spamming (or rather their machines are) are totally unaware of it. Look at some of the old threads here. That is "what they all say" and are then horrified to find that they have been spewing spam for days, totally unawares.
  21. OOOOPS! so you did, so sorry, I didn't think to look there.
  22. Sorry, all our psychics are out of the office at the moment. Read the FAQs on how to avoid a rude/silly answer, supply an IP and we might be able to help you.
  23. As title. And why would I want to go to her funeral?
  24. Someone with far more knowledge than I will be along soon...
  25. Below is a rejection sent from your IP and posted in the 'abuse' newsgroup: This is what you need to stop. SpamCop doesn't do 'whitelisting': IPs are removed automatically some time after the spam stops