Jump to content

Chris Parker

Membera
  • Content Count

    196
  • Joined

  • Last visited

Everything posted by Chris Parker

  1. Chris Parker

    Everything seems secure but my server accepts spam

    Sounds like an SMTP AUTH Hack. The best thing to do is disable all unneeded accounts and change passwords for all existing accounts and assuring that they are non-trivial (not simple dictionary words, but should include letters, numbers, and other characters [,.;/_+=etc] if possible).
  2. Chris Parker

    Spam Traps

    Yes, ask the deputies. From reading previous discussions about listings they appear to be same as any other mail destined for a spam trap. I've seen a number of people listed because of misdirected virus infection notifications. In my opinion backscatter (av and ndn) should be treated the same as intentional spam and the listings are justified. If someone forges my email address as the from address in a spam or virus run, the backscatter can be enormous. I've seen cases of 1,000's of backscatter messages an hour coming into people's boxes basically resulting in a DDoS attack.
  3. Chris Parker

    Spamblocked

    The problem is that your mail server is sending mail to addresses that are *not* legimate customers. That mail server is sending mail to various spam traps. You may want to make sure that it is not responsible for backscatter. You'll want to turn off any anti-virus notifications and any non-delivery notifications that occur after the SMTP process which could be sent in response to spam or viruses with forged FROM addresses. See: http://psbl.surriel.com/listing?ip=206.103.2.30 See: http://www.spamcop.net/w3m?action=blcheck&ip=206.103.2.30 You may want to send a polite email to deputies <at> spamcop.net and after for additional information about the mail that was sent to the spamcop spam traps. They should be able to tell you if it's backscatter or spam.
  4. Chris Parker

    http://spamcop.net/bl.shtml?203.146.102.101

    Based on my search in Google I'd guess that the server is bounce spamming. You should make sure the mail server is configured in such a way as to not generate bounce messges after the fact. All mail should be rejected DURING the SMTP process.
  5. Chris Parker

    AntiSpam Hardware

    Is anyone aware of a website that does side-by-side reviews of anti-spam hardware such as the Barracuda boxes?
  6. Chris Parker

    You have blocked my IP, and I cant contact clients

    Once you have solved the problem send an email to deputies (at) spamcop.net and let them know what was happening and what you did to resolve the problem and they may remove you from the blocklist. Otherwise you'll be removed within 48 hours of the most recent incident.
  7. Chris Parker

    You have blocked my IP, and I cant contact clients

    Check out: http://www.spamcop.net/w3m?action=checkblo...xxx.xxx.xxx.xxx Your mail server has been sending mail to spam traps. Check out: http://www.senderbase.org/?searchBy=ipaddr...xxx.xxx.xxx.xxx That would indicate that there has been a 5000% increase in the amount of mail coming from your server. Since you mentioned that you are running Exchange, you've likely fallen prey to an SMTP Auth Hack in which a spammer has found a weak password and is using that account to send mail. Check your logs and you should be able to find out which account has been compromised. IP address removed by request
  8. Chris Parker

    Finding the Spammer

    You may want to look into the preferences for whatever is being used to generate messages and make sure that every process that can generate a message tracks it back to the process (site) which created the message.
  9. Chris Parker

    is bl.spamcop.net working

    There is no host named BL.SPAMCOP.NET... The query to see if IP 1.2.3.4 is on the block list is 4.3.2.1.bl.spamcop.net.
  10. Please leave out the rhetoric, name calling, etc, and lets just talk information. Who handles your inbound email? (Do you have any email forwarding enabled?)
  11. Chris Parker

    Blocked E-mail?

    mail.miscorp.com.->miscorp13.miscorp.com.->209.157.165.159 (you've got some DNS issues that need to be resolved) http://www.senderbase.org/?searchBy=ipaddr...209.157.165.159 ...indicates a huge increase in mail... Telnet to 209.157.165.159:25 indicates that it's running Exchange. All those factors point to Exchange SMTP AUTH hack... (you could also send an email to deputies ( at ) spamcop.net and they may provide some additional information.) Check your Exchange logs to see what accounts have been sending mass quantities of mail. Make sure that all accounts have strong passwords. Disable any unused role accounts.
  12. Chris Parker

    is there a list ?

    What mail client?
  13. Chris Parker

    DNS Problems

    I know that on July 14th a number of providers had problems for a few hours with DNS lookups on the SpamCop BL. Whatever the problem was, it is now resolved.
  14. Chris Parker

    What Does this mean and how can I stop it

    Please post the IP address in question here and someone can do some research and post the correct routing in the newsgroup.
  15. Chris Parker

    WHAT THE HECK

    Seth, Send an email to deputies <at> spamcop.net and ask them for additional information as to if the spam source was you machine, a potential client of yours, or if your machine is acting as a relay. (make sure to include the IP address of you server in your polite message to them) Since it appears that you don't really know much about your server, I'd suggest that you contact whomever setup the server for you, or contact a professional in your area that can come out and work to resolve your issues.
  16. Chris Parker

    WHAT THE HECK

    I'm not too familiar with the Exim Mail Server. You'd have to go to a support forum for that software package to find out where the log are located. You might consider install some software package that will give you metrics on mail usage by client, etc. That would hopefully allow you to track down the client that is spamming. (As of the time of this post there have been about 50 complaints about that IP address -- generally meaning that 50 *different* spamcop users have reported mail from your server as spam. That means it's probably a fairly large issue as most people don't take the time to file a complaint about spam -- they just delete.)
  17. Chris Parker

    WHAT THE HECK

    See http://www.spamcop.net/w3m?action=checkblo...p=65.75.130.200 Looks like there have been 40 complaints about that IP in the last week. Is this machine dedicated to you or are you sharing it with someone else? If you are sharing it then it's possible that the spam is coming from another client of your provider. If it's just your machine you'll want to examine your Exim logs and see where the unsolicited mail is coming from. Not sure what the term "DC" means, but did they send you an example of the spam? Of the new reports that arrived were they in response to spam sent *before* you deleted the accounts or *after* you deleted accounts?
  18. Chris Parker

    Optaining Email list of complaint - 66.36.175.211

    Just because mail is CAN-spam compliant does not mean that it's not spam. It's all about consent, rather than content.
  19. Chris Parker

    Blocked Email

    Did a little poking around with that IP address and I found Google Results that backup the DSBL listing back in February. I didn't see anything indicating the 5th week of June. I'm guessing that the issue involves using a 3rd party mail server and either DYN/DUL filters being added there or the ISP blocking port 25.
  20. Chris Parker

    Blocked Email

    You might want to look here... http://dsbl.org/listing?62.211.232.102 62.211.232.102 looks like it might have been compromised in late February. It's also in dialup/dynamic IP space. You may want to try to get it retested if the machine that was at the IP addresss in Feb was reassigned a new IP address since then. Are you trying to send mail via your ISP's webserver or some other server? Many ISP's now block outgoing SMTP traffic on dialup/dynamic accounts. Please let us know the actual error message that you are receiving when you try to send mail.
  21. Chris Parker

    Safari Browser erroring out

    Same setup as the original poster. No problems here. Might have been a transient error. Try reporting a different piece of spam and see what happens. Which "style" were you using?
  22. Chris Parker

    Unknown people are using my site to spam...

    The issue is that a scri_pt on your website has been compromised and your machine is the source of spam. While the spam coming from your system may not be promoting your company it's still coming from your system and it's your responsibility to resolve the issue. I'd suggest that you take the scri_pt offline untill you are able to find a way to secure it. Yes. You are here and your are "talking". That may be true, but a machine you are responsible for appears to be spamming.
  23. Chris Parker

    Abuse mail report

    If they forwarded the report to you, you should be able to send an email to the REPLY-TO address in the report. (1082117679 <at> reports.spamcop.net) I do not mean a subscription to spamcop, but rather your subscription process for people to be added to your mailing list to receive the meeting notices.
  24. Chris Parker

    Abuse mail report

    You may want to make sure that your subscription process is secure from being abused (read unique token confirmed opt-in). You can also reply to the report and it will go to the person who filed report.
  25. Chris Parker

    Mailserver is blocked, ok that i accept

    Is this a shared server or your own? What is the IP address of the server in question? One of the deputies may be provide you some additional details if you send an email to deputies <at> spamcop.net.
×