Jajcus Posted October 15, 2004 Share Posted October 15, 2004 I have the "bounce flag" for my reporting account set very often (even several times a day). The error is: Bounce error Your email address, mel[at]my_domain has returned a bounce: Subject: Delivery Status Notification (Failure) Reason: 5.1.0 - Unknown address error 554-'Service unavailable; Client host [206.14.107.113] blocked using proxies.relays.monkeys.com; BLOCKED: http://www.monkeys.com/dnsbl/' However, none of MX for my domain is using proxies.relays.monkeys.com (they used to use it long time ago) and none of the MX, according to their logs, is bouncing mails from the spamcop. Not all mails from spamcop are bounced. It seems the bounce is generated by some other SMTP server, but the bounce message doesn't even show its IP address. Any ideas where is the problem (I guess it is something on SpamCop), or how can I fix it? Link to comment Share on other sites More sharing options...
dbiel Posted October 15, 2004 Share Posted October 15, 2004 Could you post some additional information. Is the IP number listed yours? Could you post the full headers received from the bounce? The best way to do this would be to submit the bounce to SpamCop for reporting and post the tracking URL. If Spamcop views the message as a bounce you will not have to cancel the report as no reports will be sent. Link to comment Share on other sites More sharing options...
Wazoo Posted October 15, 2004 Share Posted October 15, 2004 I thought monkies had disappeared ages ago. Another "cause" for the message you are seeing is a mis-configured server, for some reason the blocking is occurring, but the wrong "error message" is being pointed to ...???? But agree with the last, the actual headers of the e-mail / bounce should tell you what servers were involved. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 15, 2004 Share Posted October 15, 2004 That error message seems out of date. The only list I could find you on was: dnsbl.sorbs.net spam source - http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=206.14.107.113 Link to comment Share on other sites More sharing options...
Merlyn Posted October 15, 2004 Share Posted October 15, 2004 Here is the Sorbs record: ------------------------------------------------------------------------------------------ Address: 206.14.107.113 Record Created: Wed Sep 22 12:55:48 2004 GMT Record Updated: Wed Sep 22 12:55:48 2004 GMT Additional Information: Received: from vmx1.spamcop.net (vmx1.spamcop.net [206.14.107.113]) by mailhub2.uq.edu.au (8.12.10/8.12.10) with ESMTP id i0QNN3gA002144 for <>; Tue, 27 Jan 2004 09:23:04 +1000 (EST) Currently active and flagged to be published in DNS If you wish to request a delisting please do so through the Support System. ------------------------------------------------------------------------------------------- Kinda looks like a forged heared to me but the spam did come from 206.14.107.113 206.14.107.113 has no reverse DNS and it is Verio. Link to comment Share on other sites More sharing options...
Wazoo Posted October 15, 2004 Share Posted October 15, 2004 For some reason, a user posted this over in the newsgroups ... so I'll bring it back here (guessing that this is what was hoping to be accomplished ..??) On the web forum, there is a thread: "Your email address, ... has returned a bounce" That is one of the known message headers and bodies of one of the current worms in circulation. It is spoofing serveral NDR formats, and mentioning several DNSbls as the reason for the rejections. If the O.P. has a system vulnerable to that worm and has triggered the payload, then they have some cleanup to do. -John <address deleted> Personal Opinion Only Link to comment Share on other sites More sharing options...
Jajcus Posted October 18, 2004 Author Share Posted October 18, 2004 I don't have the headers of the bounce message, as it is the bounce received by SpamCop when it sends notification about my spam reports being ready to confirm. Because of that bounce a flag is set on my SpamCop account and I cannot report spam any more. I don't know why SpamCop gets this bounces. None of my MX sends it, and it must be some misconfigured server between me and the SpamCop. Link to comment Share on other sites More sharing options...
dbiel Posted October 18, 2004 Share Posted October 18, 2004 Actually this does not prevent you from reporting spam, only from receiving the acknowledgements that files are ready to report. Simply log into the web site after a bit of time as passed and you should find the "report now" button to start reporting the files previously sent. Link to comment Share on other sites More sharing options...
Jajcus Posted October 19, 2004 Author Share Posted October 19, 2004 Actually this does not prevent you from reporting spam, only from receiving the acknowledgements that files are ready to report. Yes, but this behaviour is anoying anyway. Link to comment Share on other sites More sharing options...
Wazoo Posted October 19, 2004 Share Posted October 19, 2004 I don't have the headers of the bounce message, as it is the bounce received by SpamCop when it sends notification about my spam reports being ready to confirm. Because of that bounce a flag is set on my SpamCop account and I cannot report spam any more. I don't know why SpamCop gets this bounces. None of my MX sends it, and it must be some misconfigured server between me and the SpamCop. 18901[/snapback] If you have no data, what exactly do you propose should happen? If you think that there is some server "in between" .. then perhaps start by analyzing the headers of a "successful" SpamCop response and identify this/these server(s) .... At this point, only you can do the digging. I'm still more than baffled by your original comment of "happening several times a day" ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.