Jump to content
Sign in to follow this  
avbrand

[Resolved] Help with figuring out why I keep getting listed?

Recommended Posts

My own email server keeps getting blocked:

Diagnostic-Code: smtp;554 Service unavailable; Client host [208.68.90.156] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?208.68.90.156

A few weeks ago, when it first got blocked, I had a bunch of vacation autoresponders and stuff like that. I've since disabled all of that, and turned off pretty much every bounce message I can find (I'm using IMail v8).

But I keep getting listed.

The same server also runs a forum where registration emails are sent to whatever address people put in, so there's really nothing I can do if someone puts in a spamcop "honeypot" address.

Do you have any suggestions?

Thanks

-av

Share this post


Link to post
Share on other sites

No suggestions but here is some further information. Two 'human' reports from yesterday.

Submitted: Thu, 16 Feb 2012 23:16:15 GMT:
Oh my, Christian! College nude run made me wanna show my nudity in public! #...

	5708078627 ( http://www.subota.kz/Edward ) To: tatyana.kalacheva[at]telecom.kz
	5708078626 ( http://www.subota.kz/Edward ) To: akushner[at]online.kz
	5708078625 ( http://www.subota.kz/Edward ) To: onekrasova#online.kz[at]devnull.spamcop.net
	5708078624 ( http://www.subota.kz/Edward ) To: bilyarov[at]online.kz
	5708078623 ( http://www.subota.kz/Edward ) To: nic#online.kz[at]devnull.spamcop.net
	5708078622 ( http://www.subota.kz/Edward ) To: dzhusipbek[at]online.kz
	5708078621 ( http://www.subota.kz/Edward ) To: natalya.petrova[at]telecom.kz
	5708078619 ( http://www.subota.kz/Edward ) To: dsuranchin#online.kz[at]devnull.spamcop.net
	5708078616 ( http://www.subota.kz/Edward ) To: lserebryanik#online.kz[at]devnull.spamcop.net
	5708078615 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708078614 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Submitted: Thu, 16 Feb 2012 12:26:14 GMT:
=?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82=D1=83=D0=BB=D1=8C=D0=BA=D0=B8=...

	5708103194 ( 208.68.90.156 ) To: [concealed user-defined recipient]
	5708103193 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708103192 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Which looks like good old-fashioned spam rather than vacation bounces. Looks like you have an infected machine somewhere on your network.

Share this post


Link to post
Share on other sites

Thanks for getting back to me. I'm running a virus scan on the server now, but is there any more information you can give me? Maybe a header of the spam that was sent so I can see the User Agent of the server or something?

I'm trying to figure out if this is a problem in my Imail or in my IIS SMTP.

Thanks,

-av

Share this post


Link to post
Share on other sites

Hi, av,

...Good sleuthing! I am adding the "resolved" flag to the subject line of this topic.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×