Jump to content

[Resolved] All inbound messages blocked by Spamcop


orlandoc

Recommended Posts

It appears as if all inbound messages to our domain (rrjfs.org) are being bounced back with the following message:

173.9.185.13 does not like recipient.

Remote host said: 550 5.7.1 208.109.78.208 has been blocked by Spamcop

Giving up on 173.9.185.13.

When I test our email server locally using telnet on port 25, I get the same message stating that my INTERNAL ip address being blocked. I am now getting messages stating that my local gateway ip is being blocked by Spamcop as well.

This sounds like a virus to me, but I cannot seem to find any information that matches that my sepecific problem.

Help!

Link to comment
Share on other sites

It appears as if all inbound messages to our domain (rrjfs.org) are being bounced back with the following message:

When I test our email server locally using telnet on port 25, I get the same message stating that my INTERNAL ip address being blocked. I am now getting messages stating that my local gateway ip is being blocked by Spamcop as well.

From the dscription, title used, and even results from a 'local' test, the problem would seem to be the configuration of whatever application is invoked to attempt to 'use' the SpamCopDNSBL. Read this as the suugested scenario in that "all" IP Addresses are failing some test and the 'bad' exit code then pulls up the text entered for a positive SpamCopDNSBL result. Basically, multiple errors in the configuration settings ..... all IP Addresses locked out and the wrong error messge selected, at a minimum. (Again, based on your description.)

mx:rrjfs.org mx

Pref Hostname IP Address TTL

10 rrjfs.org.1.0001.arsmtp.com 204.232.236.134 60 min SMTP Test Blacklist Check

20 rrjfs.org.2.0001.arsmtp.com 204.232.236.135 60 min SMTP Test Blacklist Check

Reported by ns27.domaincontrol.com

smtp:204.232.236.134 smtp

220 server56.appriver.com ESMTP srv-d

Not an open relay.

0 seconds - Good on Connection time

2.262 seconds - Good on Transaction time

OK - 204.232.236.134 resolves to server56.appriver.com

OK - Reverse DNS matches SMTP Banner

Session Transcript:

HELO please-read-policy.mxtoolbox.com

250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [62 ms]

MAIL FROM: <supertool[at]mxtoolbox.com>

250 supertool[at]mxtoolbox.com sender accepted [47 ms]

RCPT TO: <test[at]example.com>

571 test[at]example.com prohibited. We do not relay [2106 ms]

QUIT

221 inbound.appriver.com SMTP closing connection [47 ms]

smtp:204.232.236.135 smtp

220 server56.appriver.com ESMTP srv-e

Not an open relay.

0 seconds - Good on Connection time

2.324 seconds - Good on Transaction time

OK - 204.232.236.135 resolves to server57.appriver.com

OK - Reverse DNS matches SMTP Banner

Session Transcript:

HELO please-read-policy.mxtoolbox.com

250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [172 ms]

MAIL FROM: <supertool[at]mxtoolbox.com>

250 supertool[at]mxtoolbox.com sender accepted [62 ms]

RCPT TO: <test[at]example.com>

571 test[at]example.com prohibited. We do not relay [2028 ms]

QUIT

221 inbound.appriver.com SMTP closing connection [62 ms]

MX test seems to show the server is working, but can't help but note the (different) Domain names in use which would mak it look like this isn't "your" e-mail server. Your Host needs a holler about your issue.

and after yet more searching around, now wondering just how BlueGate enters into this picture ...????

Link to comment
Share on other sites

<snip>

173.9.185.13 does not like recipient.

Remote host said: 550 5.7.1 208.109.78.208 has been blocked by Spamcop

<snip>

...If you can find whomever is responsible for the content of the error messages, please ask them to change the content: SpamCop never blocks e-mail except e-mails directed to one of its servers, so saying "blocked by SpamCop" is, at best, misleading. If the receiving server is blocking because the source IP address appears on the SpamCop Blacklist, then the message could say that.

...Thanks! And good luck.

Link to comment
Share on other sites

From the dscription, title used, and even results from a 'local' test, the problem would seem to be the configuration of whatever application is invoked to attempt to 'use' the SpamCopDNSBL. Read this as the suugested scenario in that "all" IP Addresses are failing some test and the 'bad' exit code then pulls up the text entered for a positive SpamCopDNSBL result. Basically, multiple errors in the configuration settings ..... all IP Addresses locked out and the wrong error messge selected, at a minimum. (Again, based on your description.)

mx:rrjfs.org mx

Pref Hostname IP Address TTL

10 rrjfs.org.1.0001.arsmtp.com 204.232.236.134 60 min SMTP Test Blacklist Check

20 rrjfs.org.2.0001.arsmtp.com 204.232.236.135 60 min SMTP Test Blacklist Check

Reported by ns27.domaincontrol.com

smtp:204.232.236.134 smtp

220 server56.appriver.com ESMTP srv-d

Not an open relay.

0 seconds - Good on Connection time

2.262 seconds - Good on Transaction time

OK - 204.232.236.134 resolves to server56.appriver.com

OK - Reverse DNS matches SMTP Banner

Session Transcript:

HELO please-read-policy.mxtoolbox.com

250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [62 ms]

MAIL FROM: <supertool[at]mxtoolbox.com>

250 supertool[at]mxtoolbox.com sender accepted [47 ms]

RCPT TO: <test[at]example.com>

571 test[at]example.com prohibited. We do not relay [2106 ms]

QUIT

221 inbound.appriver.com SMTP closing connection [47 ms]

smtp:204.232.236.135 smtp

220 server56.appriver.com ESMTP srv-e

Not an open relay.

0 seconds - Good on Connection time

2.324 seconds - Good on Transaction time

OK - 204.232.236.135 resolves to server57.appriver.com

OK - Reverse DNS matches SMTP Banner

Session Transcript:

HELO please-read-policy.mxtoolbox.com

250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [172 ms]

MAIL FROM: <supertool[at]mxtoolbox.com>

250 supertool[at]mxtoolbox.com sender accepted [62 ms]

RCPT TO: <test[at]example.com>

571 test[at]example.com prohibited. We do not relay [2028 ms]

QUIT

221 inbound.appriver.com SMTP closing connection [62 ms]

MX test seems to show the server is working, but can't help but note the (different) Domain names in use which would mak it look like this isn't "your" e-mail server. Your Host needs a holler about your issue.

and after yet more searching around, now wondering just how BlueGate enters into this picture ...????

Thanks for the input!

It looks like the problem has been resolved for now, but the cause is still unknown. I stopped the Virtual SMTP Server on my Exchange 2003 Server, and created a new one with the same configuration as the old one, however with a different name. After I started the service, I tested using telnet (locally). Now the RCPT message "xxx.xxx.xxx.xxx is blocked by Spamcop" was gone, and I was able to send and receive email from internal and external domains. So far so good, but like I said, I still don't know what caused the problem to begin with.

The BlueGateSoftware domain is my personal email email host, which I used to test the inbound messages. Each time I sent an email to my work domain it was rejected, with the NDR showing a different IP address, all of which were stated as being blocked by Spamcop, and which appeared on several RBL servers.

I have run anti-virus and malware scanners on the Exchange server repeatedly, and it appears to be clean - all the more puzzling. This weekend all machines on the network will get similar workouts, the thought being that maybe there is a machine on the network that passed a virus to the Exchange server and hijacked the SMTP service.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...