keithaham Posted June 15, 2004 Share Posted June 15, 2004 Our organization sends out a daily message to people who have requested to receive it. I am receiving delivery failure messages that seem to indicate my mail server is being blocked. Can someone help me to understand what is occurring, and suggest a solution? Keith aham.com normal text: ERROR: Your message could not be delivered. The mail server generated the following error message: Your message has encountered delivery problems to the following recipient(s): paulmiller[at]purplemonster.co.uk Delivery failed 451 Blocked - see http://www.spamcop.net/bl.shtml?216.162.1.102 Failed to deliver to domain purplemonster.co.uk after 111 tries. Last error was: No recipients were successfully delivered to. message source: Return-Path: <postmaster[at]mailsite2.communityweb.net> Delivered-To: spamcop-net-ahamspam[at]spamcop.net Received: (qmail 30365 invoked from network); 15 Jun 2004 15:31:20 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade1.cesmail.net with SMTP; 15 Jun 2004 15:31:20 -0000 Received: from mailgate.cesmail.net (216.154.195.36) by c60.cesmail.net with SMTP; 15 Jun 2004 11:31:17 -0400 X-Ironport-AV: i="3.81R,117,1083556800"; d="scan'208?txt'208"; a="75436512:sNHT36041560" Received: (qmail 21799 invoked from network); 15 Jun 2004 15:31:16 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 15 Jun 2004 15:31:16 -0000 Received: from mail.asheboro.com [216.162.1.13] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for ahamspam[at]spamcop.net (single-drop); Tue, 15 Jun 2004 11:31:16 -0400 (EDT) To: ahamcntr[at]asheboro.com Subject: Delivery failure (paulmiller[at]purplemonster.co.uk) From: postmaster[at]mailsite2.communityweb.net Message-Id: <B0071573331[at]mailsite2.communityweb.net> Date: Tue, 15 Jun 2004 11:02:24 -0400 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="16378/1532/1087311744/MailSite/mailsite2.communityweb.net" X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: * X-spam-Status: hits=1.4 tests=MAILTO_TO_SPAM_ADDR,MIME_SUSPECT_NAME, NO_REAL_NAME version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 216.162.1.13 --16378/1532/1087311744/MailSite/mailsite2.communityweb.net Content-Type: text/plain Your message has encountered delivery problems to the following recipient(s): paulmiller[at]purplemonster.co.uk Delivery failed 451 Blocked - see http://www.spamcop.net/bl.shtml?216.162.1.102 Failed to deliver to domain purplemonster.co.uk after 111 tries. Last error was: No recipients were successfully delivered to. --16378/1532/1087311744/MailSite/mailsite2.communityweb.net Content-Type: message/delivery-status Content-Disposition: attachment; filename="DSN40CE0A24.txt" Reporting-MTA: dns; mailsite2.communityweb.net Received-From-MTA: dns; [192.168.123.135] (unverified [137.118.197.163]) Arrival-Date: Mon, 14 Jun 2004 16:27:16 -0400 Final-Recipient: rfc822; paulmiller[at]purplemonster.co.uk Action: failed Status: 5.4.7 (Permanent failure - routing/network: delivery time expired) Remote-MTA: dns; mailhost1.pipemedia.net Diagnostic-Code: smtp; 451 Blocked - see http://www.spamcop.net/bl.shtml?216.162.1.102 --16378/1532/1087311744/MailSite/mailsite2.communityweb.net Content-Type: message/rfc822-headers Received: from [192.168.123.135] (unverified [137.118.197.163]) by asheboro.com (Rockliffe SMTPRA 5.3.7) with ESMTP id <B0071520830[at]mailsite2.communityweb.net> for <paulmiller[at]purplemonster.co.uk>; Mon, 14 Jun 2004 16:27:16 -0400 User-Agent: IntelliMerge Classic 2.5 Date: Mon, 14 Jun 2004 16:32:33 -0400 Subject: Daily Message for Transforming the Mind #1204 From: "AHAM - Association of Happiness for All Mankind " <ahamcntr[at]asheboro.com> To: Paul Miller <paulmiller[at]purplemonster.co.uk> Message-ID: <3170075553.33585287117%ahamcntr[at]asheboro.com> Mime-version: 1.0 Content-type: multipart/alternative; boundary="alternative_boundary" --16378/1532/1087311744/MailSite/mailsite2.communityweb.net-- Link to comment Share on other sites More sharing options...
Chris Parker Posted June 15, 2004 Share Posted June 15, 2004 The website lookup indicates that the mail server is not currently listed. I would guess that unless you are getting a number of non-deliverables that someone else's mail server is misconfigured. However, doing a search in Google Groups shows a few spam reports (they are a few weeks old) You can always send an email to deputies <at> spamcop.net and request additional information, which they may (or may not) provide. Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 15, 2004 Share Posted June 15, 2004 Sending only to people who request it is not enough. There are typos and malicious people in the world and that ends up with someone who didn't request it getting emails he doesn't want. You must have a confirmed subscription list. You don't say how many of your emails are bouncing. If you followed the link in the bounce message, do you have any questions about what you found? There could be a number of reasons - including that whoever is doing the bouncing is using the spamcop blocking message, but blocking with another list. Have you not received a spamcop report? Have you asked your provider if he did? Unless they were all spam trap hits (which probably means your computer was infected), then someone got a report. If there were spam reports about this IP address a few weeks ago, did you have a problem and now it is fixed? If you didn't, then perhaps you will be listed again. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted June 15, 2004 Share Posted June 15, 2004 it is not listed with SCBL: Query bl.spamcop.net - 216.162.1.102 Link to comment Share on other sites More sharing options...
WB8TYW Posted June 16, 2004 Share Posted June 16, 2004 The 4xx code indicates that the receiver was rejecting the e-mail message in a way that causes the sending mail server to retry to send it for approximately one week. This was probably done because a spamcop.net listing only lasts for a maximum of 48 hours after the last spam report, and when a real mail server is listed, it usually gets fixed fast, so a real e-mail will eventually get delivered. Also most spam will not retry on a 4xx error. As to why the listing, the spamcop link currently does not show a listing, or any evidence. So to look else where: mail abuse OPS look up Nothing current. The last entry shows that I.P was sending spam in December 2003. looks like a multi-hop exploit of another system in a nearby I.P. range. In MAY of 2003, that I.P. address relayed a virus from a nearby I.P. range. There is spam listed from that I.P. in news.admin.net-abuse.sightings for the end of MAY 2004. Examining the available public evidence implies that your server is relaying for other machines that are being controlled by spammers in nearby I.P. ranges. So either you have an open relay for a larger network than you intend, or you have a several compromised computers on your network. The current crop of viruses out there install remote control programs for spammers and other criminals, so an untreated infection leaves criminals in charge of your network and your machines. In some areas, after this occurs, you are legally liable to notify anyone who's personal data is on your systems of the security breach. With many common LAN protocols, the compromise of one machine means that any machine that connects to it can also be compromised. It appears that your network was compromised since MAY 2003, and is likely still compromised. Your postmaster account should have been getting regular abuse reports since them up until today. If you can not find them, then that is an indication of a configuration problem. The general recomendation from the security sites is that when a system is compromised by an intruder, you need to quarantine the data on the hard drives in a backup , erase the hard drives, and reload the operating systems and programs from known good sources, and then carefully restore data files from the backup with out running any scripts or executables on the backup. Something that a commercial computer operation should have a documented procedure to do. The lookups that I was able to do now should be something that the person who provides the technical support for your network should know how to do. Also typically the spammers that exploit such systems as yours will spam until you get on a major blocking list, and then pause for a while to let the listing age off, and they will start the spam up again. -John Personal Opinion Only Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.