Jump to content

[Resolved] IP Not listed in Spamcop BL but bounceback messages say it is


rabeatz

Recommended Posts

I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office.

Two examples of the bounceback messages:


Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com)
 for <*******[at]rmxmail.com>; Fri, 27 Jul 2012 11:07:55 -0400
Return-Path: <>
Received: from [127.0.0.1] ([local])
 by cdptpa-omtalb.mail.rr.com (envelope-from <>)
 (ecelerity 2.2.3.46 r()) with INTERNAL
 id 9D/60-13948-A2FA2105; Fri, 27 Jul 2012 15:09:30 +0000
From: Mail Delivery System <>
To: ********[at]rmxmail.com
Subject: Mail Delivery Failure
Message-ID: <9D.60.13948.A2FA2105[at]cdptpa-omtalb.mail.rr.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 boundary="Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ=="
Date: Fri, 27 Jul 2012 15:09:30 +0000
X-FromIP: 75.180.132.120


--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: text/plain

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> *********[at]ackerteam.com (reading BANNER): 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120

--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: message/delivery-status

Arrival-Date: Fri, 27 Jul 2012 15:09:30 +0000
Reporting-MTA: dns; cdptpa-oedge02.mail.rr.com

Action: failed
Last-Attempt-Date: Fri, 27 Jul 2012 15:09:30 +0000
Final-Recipient: rfc822; **********[at]ackerteam.com
Status: 5.7.1
Remote-MTA: dns; mx.ackerteam.com.cust.hostedemail.com
Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120

--Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==
Content-Type: text/plain
Content-Disposition: inline

------ This is a copy of the original message, including all headers. ------

Return-Path: <******[at]rmxmail.com>
X-Authority-Analysis: v=2.0 cv=Dp/UCRD+ c=1 sm=0 a=cYGYzK+LAVxdjIOtyVjxAg==:17 a=KQuzrrapFAIA:10 a=prFSLUeVHZoA:10 a=0WDCIKVhAAAA:8 a=Q_hLOjj4PwCIcsF2ycAA:9 a=CjuIK1q_8ugA:10 a=_iCh-uIyOFYA:10 a=3_vKLM2jDl5xk6q7u80A:9 a=n3BslyFRqc0A:10 a=bhkaYMs-ANYA:10 a=Sf_gFPzhefAA:10 a=fjv4MY9m2sLIHau1:21 a=uZOPtBc_rCyJ7-c7:21 a=cYGYzK+LAVxdjIOtyVjxAg==:117
X-Cloudmark-Score: 0
X-Originating-IP: 71.41.210.130
Received: from [71.41.210.130] ([71.41.210.130:65251] helo=RNPE2A354)
 by cdptpa-oedge02.mail.rr.com (envelope-from <********[at]rmxmail.com>)
 (ecelerity 2.2.3.46 r()) with ESMTP
 id 94/60-13948-92FA2105; Fri, 27 Jul 2012 15:09:30 +0000

EXAMPLE 2

Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com)
 for <**********[at]rmxmail.com>; Wed, 25 Jul 2012 14:56:20 -0400
Return-Path: <>
Received: from [127.0.0.1] ([local])
 by cdptpa-omtalb.mail.rr.com (envelope-from <>)
 (ecelerity 2.2.3.46 r()) with INTERNAL
 id AD/28-28917-0B140105; Wed, 25 Jul 2012 18:57:52 +0000
From: Mail Delivery System <>
To: *********[at]rmxmail.com
Subject: Mail Delivery Failure
Message-ID: <AD.28.28917.0B140105[at]cdptpa-omtalb.mail.rr.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
 boundary="CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA=="
Date: Wed, 25 Jul 2012 18:57:52 +0000
X-FromIP: 75.180.132.120


--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: text/plain

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> *********[at]remax.net (after RCPT TO): 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net

--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: message/delivery-status

Arrival-Date: Wed, 25 Jul 2012 18:57:52 +0000
Reporting-MTA: dns; cdptpa-oedge04.mail.rr.com

Action: failed
Final-Recipient: rfc822;*********[at]remax.net
Status: 5.0.0
Last-Attempt-Date: Wed, 25 Jul 2012 18:57:52 +0000
Remote-MTA: dns; smtp1.mke.securence.com
Diagnostic-Code: smtp; 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net

--CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==
Content-Type: text/plain
Content-Disposition: inline

Also, ironically, GMAIL considered my signup email from this spamcop forum to be spam.

Link to comment
Share on other sites

I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office.

There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal.

Link to comment
Share on other sites

There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal.

Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet?

Link to comment
Share on other sites

Hi, rabeatz,

...If you follow the link that is included in the reject (bounceback) message, http://www.spamcop.net/w3m?action=checkblo...=75.180.132.120, and click on the link labeled "Trace IP," it will tell you to whom reports are sent ("Reporting addresses") and that will give you a clue as to whom to ask for further information.

...Note that 24 hours after the last spam report, IP addresses are delisted in the SpamCop BL.

...Good luck!

Link to comment
Share on other sites

Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet?

It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. There's nothing anyone here can do about that. Recipient's server, recipient's rules. Maybe your contact could ask their admin to whitelist you? Regrettably, many servers are configured to cite SpamCop's BL even when it is quite another BL that has the listing. Again their server, their rules and SpamCop can do nothing about it.

You might like to put your IP into one of the many 'Composite Blocklist' sites to see if it is still listed elsewhere. You might also ask RR to route your mail through a different (non-listed) server. After all, it's them you have the contract and commercial relationship with. Money talks.

Link to comment
Share on other sites

It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings.

One possibility that comes to mind is that the recipient's server has at some point queried the Spamcop list, and cached the result.

Link to comment
Share on other sites

<snip>

and cached the result.

Hi, lisati,

...Thanks, I was thinking the same. But Derek beat us to it:

It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings.

<snip>

:) <g>
Link to comment
Share on other sites

Hi, lisati,

...Thanks, I was thinking the same. But Derek beat us to it::) <g>

Thanks for the assistance guys. What boggled me is why the scanner was using the roadrunner SMTP when I built an email server for this company. I was afraid my email server was getting blacklisted due to low security settings, etc, but my server is fine. I switched the copier over to using the server I built for them and all is well.

I appreciate the support!

As far as I'm concerned, moderator can mark this thread closed.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...