Jump to content

Chris Parker

Membera
  • Content Count

    196
  • Joined

  • Last visited

Posts posted by Chris Parker


  1. Since there are basicly two ways of getting stuck in a spam trap and the solution to fix each is very different, is it possible to find out how one fell into the trap

    Yes, ask the deputies.

    The question is what does SpamCop do with bounces that hit their spam traps?

    From reading previous discussions about listings they appear to be same as any other mail destined for a spam trap.

    Are they discarded and ignored, if so there would be no listing and no problem, if not does SpamCop release any information regarding the type of mail that was caught in the spam trap (spam vs bounces)

    I've seen a number of people listed because of misdirected virus infection notifications. In my opinion backscatter (av and ndn) should be treated the same as intentional spam and the listings are justified. If someone forges my email address as the from address in a spam or virus run, the backscatter can be enormous. I've seen cases of 1,000's of backscatter messages an hour coming into people's boxes basically resulting in a DDoS attack.


  2. Please release IP 206.103.2.30 from spam Trap. We are not sending any spam to anyone. We need to communicate with our legitimate customers as part of our bussiness process.

    14805[/snapback]

    The problem is that your mail server is sending mail to addresses that are *not* legimate customers. That mail server is sending mail to various spam traps. You may want to make sure that it is not responsible for backscatter. You'll want to turn off any anti-virus notifications and any non-delivery notifications that occur after the SMTP process which could be sent in response to spam or viruses with forged FROM addresses.

    See: http://psbl.surriel.com/listing?ip=206.103.2.30

    See: http://www.spamcop.net/w3m?action=blcheck&ip=206.103.2.30

    You may want to send a polite email to deputies <at> spamcop.net and after for additional information about the mail that was sent to the spamcop spam traps. They should be able to tell you if it's backscatter or spam.


  3. Check out: http://www.spamcop.net/w3m?action=checkblo...xxx.xxx.xxx.xxx

    Your mail server has been sending mail to spam traps.

    Check out: http://www.senderbase.org/?searchBy=ipaddr...xxx.xxx.xxx.xxx

    That would indicate that there has been a 5000% increase in the amount of mail coming from your server.

    Since you mentioned that you are running Exchange, you've likely fallen prey to an SMTP Auth Hack in which a spammer has found a weak password and is using that account to send mail. Check your logs and you should be able to find out which account has been compromised.

    IP address removed by request


  4. Update from the "blithering idiot"/"troll"/"ranter":

    Neither my internet service provider (southwestern bell) nor my web host (ipowerweb) subscribe to spamcop or any spam-policing system. I have zero spam filters turned on, and oddly, my problem is not unwanted email but that spamcop stopping wanted email.

    Back to square one - innocent folks' emails are being subverted by someone subscribing to spamcop, not the two (or more) parties involved.

    You tell me to stop subscribing to spamcop, or switch to a competent ISP. The problem doesn't lie there. I don't care ~how~ the names get on the blacklists, it's obvious to me the blacklisting system doesn't work & I want no part of it or with anyone who subscribes to the list. But how to opt out...

    14242[/snapback]

    Please leave out the rhetoric, name calling, etc, and lets just talk information.

    Who handles your inbound email? (Do you have any email forwarding enabled?)


  5. mail.miscorp.com.->miscorp13.miscorp.com.->209.157.165.159

    (you've got some DNS issues that need to be resolved)

    http://www.senderbase.org/?searchBy=ipaddr...209.157.165.159

    ...indicates a huge increase in mail...

    Telnet to 209.157.165.159:25 indicates that it's running Exchange.

    All those factors point to Exchange SMTP AUTH hack...

    (you could also send an email to deputies ( at ) spamcop.net and they may provide some additional information.)

    Check your Exchange logs to see what accounts have been sending mass quantities of mail. Make sure that all accounts have strong passwords. Disable any unused role accounts.


  6. hotmail.com,Jul 14 2004, 01:17 AM] Parsing input: xxx.xxx.xxx.xxx

    host xxx.xxx.xx.xxx = hostxxx-xxx-xxx-xxx.in-addr.btopenworld.com (cached)

    No valid email addresses found, sorry!

    There are several possible reasons for this:

    The site involved may not want reports from SpamCop.

    SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing.

    SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address.

    There may be no working email address to receive reports.

    Please post the IP address in question here and someone can do some research and post the correct routing in the newsgroup.


  7. Seth,

    Send an email to deputies <at> spamcop.net and ask them for additional information as to if the spam source was you machine, a potential client of yours, or if your machine is acting as a relay. (make sure to include the IP address of you server in your polite message to them)

    Since it appears that you don't really know much about your server, I'd suggest that you contact whomever setup the server for you, or contact a professional in your area that can come out and work to resolve your issues.


  8. Where are the Exim logs?

    I'm not too familiar with the Exim Mail Server. You'd have to go to a support forum for that software package to find out where the log are located.

    You might consider install some software package that will give you metrics on mail usage by client, etc. That would hopefully allow you to track down the client that is spamming.

    (As of the time of this post there have been about 50 complaints about that IP address -- generally meaning that 50 *different* spamcop users have reported mail from your server as spam. That means it's probably a fairly large issue as most people don't take the time to file a complaint about spam -- they just delete.)


  9. my IP is 65.75.130.200 I need it to stop. I deleted all the mail accounts that said they had spammed.

    See http://www.spamcop.net/w3m?action=checkblo...p=65.75.130.200

    Looks like there have been 40 complaints about that IP in the last week.

    Is this machine dedicated to you or are you sharing it with someone else? If you are sharing it then it's possible that the spam is coming from another client of your provider.

    If it's just your machine you'll want to examine your Exim logs and see where the unsolicited mail is coming from.

    Not sure what the term "DC" means, but did they send you an example of the spam?

    Of the new reports that arrived were they in response to spam sent *before* you deleted the accounts or *after* you deleted accounts?


  10. Did a little poking around with that IP address and I found Google Results that backup the DSBL listing back in February. I didn't see anything indicating the 5th week of June. I'm guessing that the issue involves using a 3rd party mail server and either DYN/DUL filters being added there or the ISP blocking port 25.


  11. You might want to look here... http://dsbl.org/listing?62.211.232.102

    62.211.232.102 looks like it might have been compromised in late February. It's also in dialup/dynamic IP space. You may want to try to get it retested if the machine that was at the IP addresss in Feb was reassigned a new IP address since then. Are you trying to send mail via your ISP's webserver or some other server? Many ISP's now block outgoing SMTP traffic on dialup/dynamic accounts. Please let us know the actual error message that you are receiving when you try to send mail.


  12. Now my host is telling me that some people are complaining about swissone as they receive spam. Swissone did NOTHING, somebody used our system to spam...
    The issue is that a scri_pt on your website has been compromised and your machine is the source of spam. While the spam coming from your system may not be promoting your company it's still coming from your system and it's your responsibility to resolve the issue.

    Apparently they where using a feature of my Classifieds scri_pt that allow the regular users of my site to hide their email and get contacted via a form instead of showing the email.
    I'd suggest that you take the scri_pt offline untill you are able to find a way to secure it.

    My question is simple. Do I have a word to say?
    Yes. You are here and your are "talking".

    I never spammed anyone and now get problems?
    That may be true, but a machine you are responsible for appears to be spamming.

  13. ddtp.org,Jun 28 2004, 11:27 AM] But I don't have a subscription!? The message was forwarded to me by MCI as my ISP and they claim they can't figure out who the sender is.....

    Zak

    If they forwarded the report to you, you should be able to send an email to the REPLY-TO address in the report. (1082117679 <at> reports.spamcop.net)

    I do not mean a subscription to spamcop, but rather your subscription process for people to be added to your mailing list to receive the meeting notices.

×