Jump to content
Sign in to follow this  
chrzan

Help with getting delisted

Recommended Posts

We are getting these NDRS I checked my mail server we are not relaying . It has been over 48 hrs and we are still listed . Any help greatly appreciated

You do not have permission to send to this recipient. For assistance, contact your system administrator.

<somcty26.co.somerset.nj.us #5.7.1 smtp;530 5.7.1 Blocked - see http://www.spamcop.net/bl.shtml?209.92.89.26: ward[at]blank for security >

209.92.89.26 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Listing History

In the past 42.6 days, it has been listed 2 times for a total of 3.9 days

Share this post


Link to post
Share on other sites

Had you taken a few minutes and read through the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=972 you'd have found that "relaying" is not the only reason for problems. Exchange servers have known exploits, others have found that the problem wasn't at the e-mail server, it was a compromised machine somewhere else on the network that was bypassing the e-mail server by using it's own SMTP engine .... on and on .... and guidance for obtaining additional data about the spamtrap data is found within the Pinned item also ... not going to provide that data here, as it's obvious that you could use some of the knowledge gained from wading through that Pinned item .. good luck ..

Share this post


Link to post
Share on other sites

It's the spamtrap hits that are causing the listing. As it says, they are addresses that have never sent and should never receive mail.

Possible causes:

Trojanned mchine on your system spewing spam (Senderbase shows a 160% increase in traffic from that server.) Check your server logs.

An SMTP/Auth hack: someone has logged into your system using one of the 'default' accounts that some servers so helpfully (NOT) install as standard. Again check the logs, remove default accounts, enforce strong passwords among your users.

An automatic virus 'bounce' to forged From: fields (switch it OFF, they do no good and just increase the spam problem)

De-listing will be automatic within 48hrs of the LAST report.

No reports are sent to the abuse address from spamtrap hits but a polite email to deputies<at>spamcop<dot>net may help to discern which of these is most likely the problem.

Share this post


Link to post
Share on other sites

I see no smtp service on this machine (209.92.89.26) so I would go along with the virus/trojan/hijack on your machine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×