brogers Posted August 11, 2004 Share Posted August 11, 2004 It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR: <crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13> When I checked your site this is what I was given as a reason why we were listed: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Please advise as to how I can get us off your list. Thanks Link to comment Share on other sites More sharing options...
Ariel Posted August 11, 2004 Share Posted August 11, 2004 Please advise as to how I can get us off your list. Stop spamming? Seriously, if you're sending to spam traps (which are unused, unpublished email addresses), either you or someone who shares your mail server's IP has been sending spam. You automatically delist from Spamcop 48 hours after the last spam report. By the way, according to senderbase: Last day 782% Last 30 days 182% Sounds like your IP jumped up in its mail sending dramatically. If you send through your ISP, you might want to contact them.. if it's your server, please fix the problem. Link to comment Share on other sites More sharing options...
Robert Slade Posted August 11, 2004 Share Posted August 11, 2004 Hiya, To add to the previous post. It is not clear if you are refereing to your own mailserver or yoo are refereing to your ISPs. The server is owned by dsl.net. If you are from dls.net you should investigate why there is such a dramitic increase in traffic and why it has been sending mail to spamtraps. I has been compromised in some way. You can contact spamcop deputies at deputies at spamcop.net who maybe able to help. If it is ISPs you should contact then to get them to fix their server. Link to comment Share on other sites More sharing options...
Chris Parker Posted August 11, 2004 Share Posted August 11, 2004 <crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13> It appears that you are running MS Exchange. You have probably fallen victim to an attack vector know as an SMTP AUTH Hack. It would be in your best interest to go through all accounts on your Exchange server and close any unused accounts (guest, etc) and then change the password for each and every account to something that is non-trivial. If you do not have employees that need to check/send mail from outside your network then you should disable SMTP AUTH access to your mail server. You may also want to read the pinned FAQ: Why am I blocked? which has additional links concerning the SMTP AUTH hack. Link to comment Share on other sites More sharing options...
Wazoo Posted August 11, 2004 Share Posted August 11, 2004 Actually, what I'd like to hear is why and how the "Why am I Blocked - Please read before Posting" Pinned item was missed in the first place .... is it simply that "Blocked" isn't spelled "Listed" ..???? Link to comment Share on other sites More sharing options...
Ellen Posted August 11, 2004 Share Posted August 11, 2004 It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR: <crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13> When I checked your site this is what I was given as a reason why we were listed: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Please advise as to how I can get us off your list. Thanks 14985[/snapback] Regarding IP 216.184.200.13: see these faqs: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations. Link to comment Share on other sites More sharing options...
brogers Posted August 12, 2004 Author Share Posted August 12, 2004 Regarding IP 216.184.200.13: see these faqs: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations. 14998[/snapback] Thanks for the advise. I was able to confirm that the guest account was being used to relay mail. I have since taken corrective action to prevent this and so far thing appear to have subsided. I will also take steps to beef up our password policies. Link to comment Share on other sites More sharing options...
Ralsky's Fatal Tumor Posted August 13, 2004 Share Posted August 13, 2004 I will also take steps to beef up our password policies. 15016[/snapback] Glad to be of assistance. It's always nice to see a problem get wrapped up this quickly. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.