Jump to content

Chris Parker

Membera
  • Content Count

    196
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Chris Parker

  • Rank
    Advanced Member

Contact Methods

  • AIM
    spamcoper
  • Website URL
    http://www.dsis.net
  • ICQ
    0
  • Yahoo
    spamcoper

Profile Information

  • Location
    Some Place
  • Interests
    Current interesting project: http://www.dnsbl.info
  1. Chris Parker

    Forwarding spam using OS X Mail

    Visit www.versiontracker.com and search for spamcop. There are several options available. I've been using the spamcop 1.3.2 plugin from Subsume for some time and it's worked great.
  2. Chris Parker

    White Lists ?

    What's the IP address or addresses of the servers in question? Are they properly processing messages without butchering the headers?
  3. Chris Parker

    Blocked by SpamCop but given no reason!

    Your server appears to have been sending to spam traps either directly or by bouncing, autoresponding, etc. See: CBL based on Senderbase report of mailing increasing by 5600% in the last 24 hours I'd guess that your server has been compromised. Maybe an SMTP AUTH hack. Check your logs. SpamCop's stats are not real-time because spammers abused the listing details. You may want to send an email to deputies <at> spamcop <dot> net.
  4. Chris Parker

    unblock my IP

    You need to fix the problem, not just put a band-aid on it. They could just inject from a different IP....
  5. Chris Parker

    unblock my IP

    Since it appears that the machine itself has been compromised it may not actually be an account within your mail server software package. You'll want to look at your firewall logs. You do have a firewall, right?
  6. Chris Parker

    unblock my IP

    I suggest that you unplug the network cable from the back of the machine until you figure out how to secure your machine. The block will be removed no more than 48 hours after your machine stops sending spam. Research indicated that the machine as been compromised with "Backdoor.Xibo" See also: SORBS and PSBL Sample Header from messages: (Evidence) -- Looks like your machine is sending eBay Phishing scams... From anonymous[at]alicia.netpivotal.com Mon Oct 11 17:35:28 2004 Delivery-date: Mon, 11 Oct 2004 17:35:28 -0400 Received: from [66.216.122.76] (helo=alicia.netpivotal.com) by mail.victim.example with esmtp (Exim 4.41) id 1CH7pI-0006fa-0x for psbltrap[at]kernelnewbies.nl; Mon, 11 Oct 2004 17:35:28 -0400 Received: (qmail 15002 invoked by uid 48); 11 Oct 2004 21:29:22 -0000 Date: 11 Oct 2004 21:29:22 -0000 To: psbltrap[at]kernelnewbies.nl Subject: Important Notice From eBay inc. From: eBay Billing <aw-confirm[at]eBay.com> Reply-To: aw-confirm[at]eBay.com MIME-Version: 1.0
  7. Chris Parker

    How on earth

    It looks like it's been compromised... Sample: Google is your friend
  8. Chris Parker

    Need Help getting off blacklist

    Doesn't look like your routing configuration worked. You'll want to look at your firewall logs (you have a firewall, right?) You'll want to look at your mail server logs... If properly configured it will show all the mail that it's been sending. In the mean time you'll want to make sure that there is a non-trivial password for EVERY account on the server. I suggest that you disable the admin, test, guest, etc accounts. Here's some evidence that I was able to dig up... Subject: PENI||S EN1lIARGEMENT Received: from screens (200.82.178.140 [200.82.178.140]) by exchange1.asmnc.com ... Tue, 5 Oct 2004 12:56:49 -0700 Subject: |NCREASE YOUR PEN1lS SIZE! Received: from screens (200.82.178.140 [200.82.178.140]) by exchange1.asmnc.com ... Tue, 5 Oct 2004 13:33:36 -0700 Subject: MAX|MUM EXP0OSURE Received: from micro (200.5.234.3 [200.5.234.3]) by exchange1.asmnc.com ... Tue, 5 Oct 2004 23:44:42 -0700
  9. Please secure your server. Looks like an SMTP AUTH Hack issue on your Exchange server. You'll need to kill all the unused account (guest, test, etc) and then make sure that all existing accounts have non-trivial passwords.
  10. Chris Parker

    My IP is listed but I the Spamcop doesnt say why

    Sometime the details run behind reality. Check out: http://www.senderbase.org/?searchBy=ipaddr...g=209.58.200.92 10000% increse in mail from that IP address in the last day. Looks like you are running Exchange. Chaces are you're victim of an SMTP AUTH HACK. Please read the FAQ: http://www.spamcop.net/fom-serve/cache/372.html
  11. Chris Parker

    why we are blocked?

    You'll be removed within 48 hours of the last reported incident of spamming from that IP address. If the problem is solved the block will go away automatically. If the problem is not fixed and that IP address continues to send out spam that people report, it will remain listed here and likely get listed in some not so friendly block lists.
  12. Chris Parker

    Blocked Because of my auto responce?

    Interesting domain name info on the host name your mail server is claiming to be... Based on the 1400% increase in mail from that sever I'd guess that it's been compromised. Check your logs!
  13. What's the IP address of the server is question?
  14. Chris Parker

    NDRs

    It appears that your machine has been compromised either by a virus/trojan or that the mail server itself has been compromised (SMTP AUTH HACK?) Disabling the guest account is a good start, however you really should disable any accounts that are not currently being used. For all accounts that are being used you should change *ALL* the passwords to something that is non-trivial. Unless someone who uses that mail server needs to access it from outside of your LAN I'd suggest than you disable all remote sending capabilities. A full virus/trojan scan of the machine should also be in order. If the machine has been compromised by a virus/trojan it would be in your best interest to format the drive and rebuild the machine taking all the proper security measues. Thanks for your desire to resolve the core problem leading to the listing of your server. You may also want to send an email to deputies <at> spamcop <dot> net who may provide you some additional information as to what is happening.
×