Jump to content
Sign in to follow this  
reinerotto

"Relay access denied": Is it blocking reason ?

Recommended Posts

Hi,

my IP has been blocked some time ago for some valid reason. My email-server, running on a Virtual Linux Server, has been used as a relay for spam, and even as a source, using IP "0.0.0.0" as a destination.

Up to my knowledge, this problem is fixed. At least in my logs, I can not veryfy, that spam is still sent or relayed. However, I am still blocked, and spamcop tells me:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

The time for delisting does not decrease, stayes just below 24h, so I suspect, that I am re-listed and re-listed gain, without knowing the real cause.

The only idea, which I have: In the logs I see a lot of unsuccessful (?) tries to relay some spam, like

Feb 28 20:28:36 h123456 postfix/smtpd[18119]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <535_lee_f_benson[at]kcc.com>: Relay access denied; from=<eric.peoples_er[at]sprint.ca> to=<535_lee_f_benson[at]kcc.com> proto=ESMTP helo=<wxs.nl>

Feb 28 19:35:59 h123456 postfix/smtpd[5380]: warning: numeric domain name in resource data of MX record for seed.net: 0.0.0.0

Feb 28 19:35:59 h123456 postfix/smtpd[5380]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <umtaida[at]seed.net>: Recipient address rejected: Access denied; from=<yang-nico[at]hotmail.com> to=<umtaida[at]seed.net> proto=SMTP helo=<ppp-217-77-221-14.wildpark.net>

May be, it is not correct to "reject" the mails, could this be the reason of being blocked ?

Share this post


Link to post
Share on other sites
May be, it is not correct to "reject" the mails, could this be the reason of being blocked ?

Rejecting with a 5xx at the time of the SMTP connection is exactly the right thing to do and will not get you listed. Please make sure that your system is not generating new mail to the (spoofed) 'from field'. See the FAQ on bounces and backscatter. An email to the administrators might result in your being told what sort of 'spam' is hitting their spamtraps.

Share this post


Link to post
Share on other sites

I am not a server admin, so I don't completely understand about relays and error messages. However, if you closed the relay for all relaying, then I would think that your logs would show IP addresses rather than email addresses trying to access it and being rejected. If those rejection messages are going to email addresses, rather than being returned to the sending server, that is backscatter, as Derek says.

Miss Betsy

Share this post


Link to post
Share on other sites

If you would like to send me the IP address of your server, I would be happy to look into the blocking history.

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

Share this post


Link to post
Share on other sites
If you would like to send me the IP address of your server, I would be happy to look into the blocking history.

Yeah, that How to ask a good question thing all over again. On the other hand, the question asked can be answered by the single word "no" .... a 5xx rejection has no bearing on a SpamCopDNSBL listing/de-listing. Derek T said this in a lot more words, also making the suggestion to make more direct contact for possible specific data.

For the all-too-typical-issue, the problem probably isn't with or via the e-mail server ... these days the typical 'source' of bad e-mail traffic is from an infected/compromised machine attached to the network involved.

Share this post


Link to post
Share on other sites

Topic starter data -> Last Active ... 1st March 2009 - 06:49 PM .... Approximately 25 minutes after the last previous post. Appearances would suggest that any further discussion has gone off-line, tilting towards that nasty "handled by e-mail" scenario.

As no specific information has been made within this discussion, who could complain then if this Topic was tagged as "Resolved" ...???? Well, that is, ignoring those folks that might use the magic set of words for a search and end up landing on this Discussion, hoping to "find an answer" .....

Share this post


Link to post
Share on other sites
Topic starter data -> Last Active ... 1st March 2009 - 06:49 PM .... Approximately 25 minutes after the last previous post. Appearances would suggest that any further discussion has gone off-line, tilting towards that nasty "handled by e-mail" scenario.

As no specific information has been made within this discussion, who could complain then if this Topic was tagged as "Resolved" ...???? Well, that is, ignoring those folks that might use the magic set of words for a search and end up landing on this Discussion, hoping to "find an answer" .....

I provided the IP in question by email to a spamcopadmin, to get further info about being detected in the spamtraps.

For some reason, I do not want the IP in question to be public.

My IP is NOT an OpenRelay, at least according to my test, and according to the test of another third party.

However, can anybody suggest a real strict test program, to check an IP for OpenRelay ?

So, problem is still pending. I am willing to share results from ongoing investigation, as soon as there is definite info.

Share this post


Link to post
Share on other sites

Then, if the relay is closed, there are two possibilities - that you are accepting email and then sending a rejection email to an innocent person or that you have not found the source of the infection on your computer or a computer that is linked to your computer.

If you are using a wireless router, that may the source of the problem also. Spammers can easily gain access to a wireless router.

Miss Betsy

Share this post


Link to post
Share on other sites
For some reason, I do not want the IP in question to be public.

Then no-one in this peer-peer forum can possibly help you. No reason not to mark this resolved or move it to the lounge.

Share this post


Link to post
Share on other sites
I provided the IP in question by email to a spamcopadmin, to get further info about being detected in the spamtraps.

For some reason, I do not want the IP in question to be public.

As noted by Derek, this pretty much precludes any investigation or much help from this side of the screen.

My IP is NOT an OpenRelay, at least according to my test, and according to the test of another third party.

However, can anybody suggest a real strict test program, to check an IP for OpenRelay ?

So, problem is still pending. I am willing to share results from ongoing investigation, as soon as there is definite info.

Yet .. there are so many existing previous Discussions on other's who have gone through this and actually found a solution. As I suggested earlier, if you believe that your e-mail server is 'secure' .. then why hasn't anything been said about looking for other traffic? Specifically, Port 25 traffic from a networked computer/system (if yout e-mail server is virtualized, what other processes are running on that same system?) that is making it past your apparently non-existent firewall ....???

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×