Jump to content
Sign in to follow this  
jonathanz

Spamcop FAQ help

Recommended Posts

Sorry if this is simplistic question, but I'm a little confused...

The IP that is listed when I get a 'blocked by Spamcop' message (see below): Is that the IP of the ISP blocking my emails or the IP of the ISP that is being blocked due to a Spamcop listing?

When I used the Spamcop web based investigative methods, the owner of the IP that was listed was my internet provider. When I called them, they denied any knowledge of why I would be calling. They said only that they subscribed to Spamcop.

If I understand the FAQ correctly, that IP is the one that is being blocked. So is my ISP being disingenuous or have I misunderstood the FAQ?

Thanks very much

Jonathan

"5.3.0 spam blocked see: http://spamcop.net/bl.shtml?67.154.202.50"

Share this post


Link to post
Share on other sites
The IP that is listed when I get a 'blocked by Spamcop' message (see below):  Is that the IP of the ISP blocking my emails or the IP of the ISP that is being blocked due to a Spamcop listing?

When I used the Spamcop web based investigative methods, the owner of the IP that was listed was my internet provider.  When I called them, they denied any knowledge of why I would be calling.  They said only that they subscribed to Spamcop. 

If I understand the FAQ correctly, that IP is the one that is being blocked.  So is my ISP being disingenuous or have I misunderstood the FAQ?

"5.3.0 spam blocked see: http://spamcop.net/bl.shtml?67.154.202.50"

If bounce message is properly configured the IP address listed will be the IP address of the machine that was blocked. In the case of someone sending mail through their ISP's mail server and getting a bounce, it would indicated that the ISP's mail server is blocked.

67.154.202.50 is ip67-154-202-50.z202-154-67.customer.algx.net

I think this is an example of some poor configuration... There is a mail server that responds at that IP address as "thinkfilm-sbs.thinkfilm.local"

Sounds like the person you talked to was clueless or did not understand you.

Share this post


Link to post
Share on other sites

In addition to the other reply, SpamCop Reports for 67.154.202.50 go to abuse[at]algx.net. It looks like the listing is due to mole reports.

Edited by JeffG

Share this post


Link to post
Share on other sites

Thanks for the replies and additional info.

I just got off the phone with my ISP again and the guy said that he saw that I was blocked and that the IP listed was for my router/firewall on my office network, but he couldn't find any specific complaints about that IP.

Jeff, is it possible for you (or someone at SpamCop) to send me a copy (or post a link) of a complaint, so that I can further investigate why I am listed?

Also, what is a 'mole report"?

Finally, I have confirmed that there is not an open relay. I'm not 100% clear on what that means, but I was told that it is often a problem. Either way, I don't have one.

Thanks very much,

Jonathan

Share this post


Link to post
Share on other sites

When there is no evidence listed and also no indication of sending mail to spamtraps, the only conclusion is that all of the reports are mole reports. The best thing for you to do in this case is to contact a Blocklist Administrator at "bl at admin.spamcop.net".

Please see What is "mole" reporting? and Register as a "mole"? What's this? for details.

Share this post


Link to post
Share on other sites
Thanks for the replies and additional info.

I just got off the phone with my ISP again and the guy said that he saw that I was blocked and that the IP listed was for my router/firewall on my office network, but he couldn't find any specific complaints about that IP. 

Jeff, is it possible for you (or someone at SpamCop) to send me a copy (or post a link) of a complaint, so that I can further investigate why I am listed? 

Also, what is a 'mole report"?

Finally, I have confirmed that there is not an open relay.  I'm not 100% clear on what that means, but I was told that it is often a problem.  Either way, I don't have one.

Thanks very much,

Jonathan

Jonathan,

You're listed because spammers are connecting to your computer and sending spam. It appears it's going through your Exchange server. There's definitely spam being relayed through your machine there.

Take a look at this FAQ: http://www.spamcop.net/fom-serve/cache/372.html

It might be exactly what you need. If you have the tools, you might want to do some packet tracing of your IP and see the spam coming in and back out.

JT

Share this post


Link to post
Share on other sites

I can not post to the new web forum during the day easily, but there is

a person looking for assistance on their I.P. address 67.154.202.50

Title is deceptive: "Spamcop FAQ help".

Looks like it may be the SMTP Auth or other Exchange hack.

The poster want's some spam samples, and here they are:

http://www3.mail-abuse.org/cgi-bin/nph-ops...w?67.154.202.50

-John

posted by Miss Betsy for John

Share this post


Link to post
Share on other sites

To all: thanks very much for the responses and info.

This has been very informative.

And very frustrating to see that my server has been compromised.

I think that we have shut the open doors.

Thanks again

jonathan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×