One of our outgoing mail servers was listed. IP : 220.127.116.11 .
It is a Windows 2003 SBS server with service pack 2 installed and Microsoft Exchange also is running Service Pack 2.
The server is running Microsoft ISA Firewall 2004 and has CA eTrust Antivirus software running on it. I have also run an additional scan using trend micro's sysclean utility and no viruses have been reported and the machine is not showing any visible signs of an infection.
I have also run Microsoft Exchange Best Practices Analyser & Microsoftâ€™s Baseline Security Analyser which both list the server as having no error's.
All clients on the network are have CA eTrust Antivirus installed on them and are also running windows defender. Both report no virus or spyware activity and again there are no visible signs on any of the machines of this being the case. But we are currently running additional scanning software on these.
Also the mail server is currently delivering mail for two distinct domain names , the reverse lookup can only be allocated to one of these. Could this be a possible issue ?
This is the info provided by spam cops.
18.104.22.168 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours.
Causes of listing
â€¢ System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
â€¢ SpamCop users have reported system as a source of spam less than 10 times in the past week
Additional potential problems
(these factors do not directly result in spamcop listing)
â€¢ System administrator has already delisted this system once
We originally had the IP delisted as we were thinking this was in error but we were re listed. This is the info that we were provided with at that time.
Received: from unknown (192.168.1.108)
by [trap servername] with QMQP; 26 Sep 2007 10:xx:xx -0000
Received: from mail.qexecutive.com.au (22.214.171.124)
by [trap servername] with SMTP; 26 Sep 2007 10:xx:xx -0000
Date: Wed, 26 Sep 2007 20:xx:xx +1000
Any help to get this issue resolved would be greatly appreciated.