Jump to content
Sign in to follow this  
rdassow

Blocked by SpamCop but given no reason!

Recommended Posts

My e-mail server IP Address is being listed by spamcop, 65.88.34.229 but I am given no reasons! My IP has been listed by 4 other spam block lists, and they all say they're listing me because Spamcop is listing me! Ugh!

Can someone give me any ideas why spamcop listed me but won't tell me the reason? I have nothing to go on here.

Help!

Share this post


Link to post
Share on other sites
My e-mail server IP Address is being listed by spamcop, 65.88.34.229  but I am given no reasons! My IP has been listed by 4 other spam block lists, and they all say they're listing me because Spamcop is listing me!

18970[/snapback]

Your server appears to have been sending to spam traps either directly or by bouncing, autoresponding, etc.

See: CBL

based on Senderbase report of mailing increasing by 5600% in the last 24 hours I'd guess that your server has been compromised. Maybe an SMTP AUTH hack. Check your logs.

SpamCop's stats are not real-time because spammers abused the listing details. You may want to send an email to deputies <at> spamcop <dot> net.

Edited by Chris Parker

Share this post


Link to post
Share on other sites

I'd like to hear about the "other 4 blacklists" that base their listings on a SpamCopDNSBL listing. Out of the zillions of BLs out there, I've never heard this scenario before.

Share this post


Link to post
Share on other sites

Out of the ones that might mean anything none of them are because of your Spamcop listing. They are from the spew coming from your server.

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=65.88.34.229

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?65.88.34.229

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.30

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=65.88.34.229

Share this post


Link to post
Share on other sites

But of course our percentage is going to go up.

Our company has two diverse ISP's with two diverse T1's to the internet. We have redundant MX records to support this (stsconsultants.com) .

However, if our primary ISP goes down, our e-mail is re-directed out our backup connection which is the IP that has been BL'd (65.88.34.229). Of course we are going to have a huge percentage increase in e-mail! That IP doesn't see ANY email unless we are in a failover state which happened recently.

Why should we be punished for having a redundant connection?

Ryan

Share this post


Link to post
Share on other sites
Out of the ones that might mean anything none of them are because of your Spamcop listing.  They are from the spew coming from your server.

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=65.88.34.229

Merlyn, I'm not listed here

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?65.88.34.229

I am listed here with no cause

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.30

I am listed here still trying to find out why.

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=65.88.34.229

I am not listed here either.

18976[/snapback]

Share this post


Link to post
Share on other sites
Why should we be punished for having a redundant connection?

Well, this is new information, not made public before. It is not caused because of your redundant connection directly, but spamcop has used (not sure if it is currently used) different stats to list "new" servers it finds sending spam. Basically, a new IP will be listed much quicker because spammers were turning on IP's, spamming until they got listed and then going onto the next one.

You will need to contact the deputies for 2 reasons then:

  • Find out why you are listed.
  • Ask that your redundant IP address be unmarked as "new"

The fact that spam (or spamtrap hit) came from your IP so quick after turning on the server is NOT a good sign, however.

Share this post


Link to post
Share on other sites

It was previously listed, but was removed at 2004-10-19 15:13 GMT

You had yourself removed? It will be added back if it happens again. I give it a few hours. After you remove yourself more than a couple times and it keeps showing up it will be flagged permanent. If your server has problems you should fix it before you have many more problems.

Share this post


Link to post
Share on other sites

Your description of "no cause" for a SpamCopDNSbl listing has now changed. The current "Evidence" page shows;

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There is no "punishment for redundancy" .... the SpamCopDNSbl is based on a complicated mathematical formula, with spamtrap hits carrying a large scaling factor. Have you been through the "Why am I blocked" FAQ or Pinned item yet?

Share this post


Link to post
Share on other sites

All email coming and going from this IP address is scanned by Symantec for SMTP and symantec for exchange and both are the most recent versions with most recent DAT files.

Is is possible if I block at the firewall all outbound requests for port 25 except for mail servers to determine if we have an inside host with a trojan?

Your description of "no cause" for a SpamCopDNSbl listing has now changed.  The current "Evidence" page shows;

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There is no "punishment for redundancy" .... the SpamCopDNSbl is based on a complicated mathematical formula, with spamtrap hits carrying a large scaling factor.  Have you been through the "Why am I blocked" FAQ or Pinned item yet?

18991[/snapback]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×