Dialogica 0 Posted October 19, 2004 Could you please unblock our server with ip 81.10.224.220 from your blacklist! We do not know why we are blacklisted - a virus-check on our system showed no infection! We are a academical institution and are really dependent on our mailserver! Thank you! Share this post Link to post Share on other sites
Ellen 0 Posted October 19, 2004 Could you please unblock our server with ip 81.10.224.220 from your blacklist! We do not know why we are blacklisted - a virus-check on our system showed no infection! We are a academical institution and are really dependent on our mailserver! Thank you! 18956[/snapback] Your exchange server is being abused by spammers using the SMTP/AUTH exploit: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html http://support.microsoft.com/default.aspx?...;EN-US;324958#4 http://www.slipstick.com/exs/relay.htm http://www.msexchange.org/tutorials/Preven..._Server_55.html Share this post Link to post Share on other sites
dra007 0 Posted October 19, 2004 (edited) It also seems to be a recurring problem that might have never been fixed properly: 81.10.224.220 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) Listing History In the past 60.6 days, it has been listed 6 times for a total of 17.2 days Also note that there is a history of SPAMTRAP HITS that goes back to August listed elsewhere! Here is a recent example: From messiermerits[at]cablespeed.com Sun Oct 17 09:06:33 2004 Delivery-date: Sun, 17 Oct 2004 09:06:33 -0400 Received: from [81.10.224.220] (helo=diaserver.dialogica.dom) by mail.victim.example with esmtp (Exim 4.41) id 1CJAk4-0001Jm-9r for psbltrap[at]kernelnewbies.nl; Sun, 17 Oct 2004 09:06:33 -0400 Received: from teaspoonfuls ([219.140.229.252]) by diaserver.dialogica.dom with Microsoft SMTPSVC(5.0.2195.6713); Sun, 17 Oct 2004 15:08:53 +0200 From: "Sepideh Lam"<messiermerits[at]cablespeed.com> To: psbltrap[at]kernelnewbies.nl Subject: ENlI|ARGE Y0UR PEN |S AND 1MPR0VE YOUR SEX lI|FE! Mime-Version: 1.0 Date: 17 Oct 2004 15:08:56 +0200 http://[MUNGED] http://[MUNGED] http://[MUNGED] P1EASE CllCK HERE http://[MUNGED]/as#$RANDOMIZ Edited October 19, 2004 by dra007 Share this post Link to post Share on other sites
Dialogica 0 Posted October 20, 2004 So, the problem should be fixed! The abused server hat a weak security level because it was intentionally used only for internal mailing. The security problems should be fixed now, nobody will receive spam via the server! Will the server be removed from the black list automatically after 48 spam-free-hours? If not, where should we write an email to? Thanks for your help! Share this post Link to post Share on other sites
Wazoo 0 Posted October 20, 2004 You could start by looking at the FAQ or the duplicate Pinned entry "Why am I Blocked" .... you could take the time to read the other (seemingly endless) Topics started in the last couple of days alone with the similar Topic Title of "Unblock Me ...." Share this post Link to post Share on other sites
Merlyn 0 Posted October 20, 2004 If you are an academic institute then why are your IP's tagged ad dynamic? Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html According to Senderbase it looks like you still have a problem. you volume is up 302% on that server. Share this post Link to post Share on other sites
Derek T 0 Posted October 20, 2004 So, the problem should be fixed! 19020[/snapback] Amen. When's it going to happen? Share this post Link to post Share on other sites