Spam Traps

[Fibersonic]

I have had one of my mail servers listed.... It says...

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been listed for 34 hours.

In the past week, this system has:

Been detected sending mail to spam traps

What is going on here... I did not even recieve an e-mail from spamcop before I was listed.... :angry: I hate spam just as much as the next guy... But I cannot monitor every e-mail that goes through my server. I would like to know where the problem is so that I can correct it.

[WB8TYW]

With out an I.P. address, there is not much help that anyone can give you.

spam traps can cause a listing with out notice, and generally will not be revealed.

This is how another problem may have been solved:

"John" <a[at]all.addresses.on.cdrom.are.invalid.aaa> wrote in message

news:c03cde$agv$1[at]news.spamcop.net...

>> Abuse wrote:

>

>>> > I am trying to figure out which user caused this:

>>> >

>>> > http://www.spamcop.net/w3m?action=checkblock&ip=x.x.x.x

>

>> <snip report unfortunately missing any evidence>

>> Move to first backup:

>>

>> http://www.moensted.dk/spam/?addr=x.x.x.x&Submit=Submit

>>

>> Level 2 SPEWS listing, but that is not why you are here.

Ouch, this is new.  I have written "x" and demanded they remove the (1)

remaing level 1 domain on their netblock.  I will cheefully apply pressure.

>> Mail-abuse.org lookup shows no record of that I.P.

>>

>> Google does not show anything either for that I.P. in

>> news.admin.net-abuse.sightings.

>>

>> Google does not show anything either for either of your obvious domain

>> names in news.admin.net-abuse.sightings.

>>

>>> > However, when I log into my reports area, I dont see ANY complaints at all.

>>> > Once I find out who caused this, they are toast.

>>> > I need to see the header of the mail that shows the UID/GID or originating

>>> > domain, I am using EXIM which stamps all that in the headers for me.

>>>

>> You are making an assumption that the reported e-mail came through your

>> mail server program.  That is not always the case.

>>

>>> > Any help would be appreciated.

>>

>> Some of this you will likely already know:

>>

>> http://forum.spamcop.net/forums/index.php?showtopic=140&st=5

>>

>> Unless someone does a test on your server that reveals the problem or

>> produces a sample spam, your only hope to get a clue on what caused the

>> listing is to contact the deputies.  That would be deputies(at)spamcop.net.

>>

>> What has shown up in the past is that when a server hitting spam traps,

>> and not showing up anywhere else, it is a strong indication that the

>> server may be generating auto-responses to viruses and spam instead of

>> using SMTP rejects.

>>

>> Human reporters to spamcop.net are not allowed to report viruses and

>> things that auto-respond to them, even though many wish they could.

>>

>> spam-traps may be under different rules.

>>

>> -John

Ugg..  I did not know that.  I recently installed Clam Anti Virus /

MailSacnner.  It appears when it detected a virus it would send the sender a

notice stating they have sent a virus.  I am guessing this is where the spam

complaints came from, given that most of  the email addresses for the reply

were probably fake.

thanks for your help John.  I have disabled the notices. 

<id codes have been removed from this exchange>

Of course we really do not know if this is what caused the listing in that case, as so far no deputy has confirmed what was in the spam trap.

If you would care to post the I.P. address involved, usually if there is spam in a spamtrap, evidence of it can be found elsewhere.

-John

Personal Opinion Only

[Ellen]

Please write to deputies <at> admin.spamcop.net with the IP address and we will look at the database ...