Jump to content
Sign in to follow this  
mars

my mail system is blocked by scbl

Recommended Posts

this information "The IP 61.129.44.75 is Blacklisted by bl.spamcop.net.:Blocked - see http://www.spamcop.net/bl.shtml?61.129.44.75" always appears in my mail log these days!!!!! yestoday,I check my IPs in sapmcop,it is ok,no one list in blocklist,but today a lot of my ips list in blocklist!

Is there any one who can help me?I am running a mail system for my company,and now "61.129.44.67 61.129.44.68 61.129.44.69 61.129.44.70 61.129.44.72 61.129.44.75 61.129.44.78 61.129.45.53 " are all list in scbl,how can i make them released??

Share this post


Link to post
Share on other sites

First your servers are not setup properly.

DNS error: 61.129.44.75 has no reverse dns

Also:

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Listing History

In the past 109.9 days, it has been listed 12 times for a total of 12.2 days

Other hosts in this "neighborhood" with spam reports

61.129.44.67 61.129.44.68 61.129.44.69 61.129.44.70 61.129.44.72 61.129.44.76 61.129.44.78 61.129.45.53

Did your read http://www.spamcop.net/fom-serve/cache/329.html ?

You are also listed in:

SPAMBAG Spambags: blacklist.spambag.org -> chinanetsh.blacklist.spambag.org. -> 127.0.0.2

chinanetsh.blacklist.spambag.org.

Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=chinanetsh

--------------------------------------------------------------------------------

NOMOREFUNN local bl at moensted.dk: no-more-funn.moensted.dk -> 127.0.0.2

added 2001-04-19; china does not seem to care about spam

--------------------------------------------------------------------------------

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.20

--------------------------------------------------------------------------------

STBL spam Trap dnsbl: bl.spam-trap.net -> 127.0.0.5

1084312113 (Tue May 11 23:48:33 2004) Blocked by STBL, see http://www.stop-spam.info/lookup.php?ip=61.129.44.75

--------------------------------------------------------------------------------

KROPKAALL Quite aggressive database, maintained by a few private persons: all.rbl.kropka.net -> 127.0.0.1

--------------------------------------------------------------------------------

KROPKAIP kropka ip: ip.rbl.kropka.net -> 127.0.0.1

--------------------------------------------------------------------------------

SORBSSPEWS-L1 spam Prevention Early Warning System - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2

! [1] CHINANET-SH, see http://spews.org/ask.cgi?S2632

--------------------------------------------------------------------------------

SORBSSPEWS-L2 spam Prevention Early Warning System - Level 2 Mirror: l2.spews.dnsbl.sorbs.net -> 127.0.0.2

! [1] CHINANET-SH, see http://spews.org/ask.cgi?S2632

--------------------------------------------------------------------------------

DNSBLAUSPEWS spam Prevention Early Warning System: spews.dnsbl.net.au -> 127.0.0.2

61.129.44.75 See http://spews.org/ and http://www.dnsbl.net.au/spews/

--------------------------------------------------------------------------------

DRBL-WORK-SANDY Distributed RBL node: sandy.ru: work.drbl.sandy.ru -> 127.0.0.2

zaraza-pvt:CN

I hope this helps.

Share this post


Link to post
Share on other sites

3ks for your help sir!

most ip from china has no reverse dns.it is ok in china.we have a little internet ip,maybe ips belong to china is less than a big univetsity's in us.what a pity!!

and now ,some block list always do Country-Level Block,such as

http://www.stop-spam.info/lookup.php?ip=61.129.44.75

Any ip from china will be blocked.It is not pair!!!!!!!!!!!

more and more we do to anti-spam in china,more and more blocking !!why???

Share this post


Link to post
Share on other sites
3ks for your help sir!

most ip from china has no reverse dns.it is ok in china.we have a little internet ip,maybe ips belong to china is less than a big univetsity's in us.what a pity!!

and now ,some block list always do Country-Level Block,such as

http://www.stop-spam.info/lookup.php?ip=61.129.44.75

Any ip from china will be blocked.It is not pair!!!!!!!!!!!

more and more we do to anti-spam in china,more and more blocking !!why???

27020[/snapback]

It may be OK within China but it is NOT OK to the rest of the world. Many admins block all traffic from servers with no rDNS.

Please remember, no-one is blocking you from sending anything: some admins choose to tag or refuse to ACCEPT on the basis of the lists - their choice.

Country-level blocklists are based on regretable past experience. Those of us who never have legitimate email form China, Korea, Brazil etc., but get much spam from those countries choose to block the entire country - our choice.

More and more anti-spam in China??? we await evidence with anticipation!

Share this post


Link to post
Share on other sites
/snip

more and more we do to anti-spam in china,more and more blocking !!why???

27020[/snapback]

...with the amount of spam, viruses and unresponsive ISPs we get from China, sometimes I wish that traffic was completly cut off and blocked.

Share this post


Link to post
Share on other sites
more and more we do to anti-spam in china,more and more blocking !!why???

About 90% of the spam that I report using SC contain links to websites hosted by China. Until your country decides to do something about those companies, I vote for blocking ALL Internet traffic to and from China, including all web requests.

DT

Share this post


Link to post
Share on other sites
About 90% of the spam that I report using SC contain links to websites hosted by China. Until your country decides to do something about those companies, I vote for blocking ALL Internet traffic to and from China, including all web requests.

DT

27023[/snapback]

i think you anti-china ,but not anti-spam~

you should not be here,

chinese want to contact with the whole world!but you wont,then you just live in your own small world,any one like you will lost:)

Share this post


Link to post
Share on other sites

There are many here who feel China has not done a good job with stopping spam myself included but that is not helping you with your problem.

Have you checked http://www.spamcop.net/fom-serve/cache/329.html ?

Also if you were able to configure your IP addy's for your website you should be able to configure a reverse DNS for your mail servers.

Edited by Merlyn

Share this post


Link to post
Share on other sites
It may be OK within China but it is NOT OK to the rest of the world. Many admins block all traffic from servers with no rDNS.

Please remember, no-one is blocking you from sending anything: some admins choose to tag or refuse  to ACCEPT on the basis of the lists - their choice.

Country-level blocklists are based on regretable past experience. Those of us who never have legitimate email form China, Korea, Brazil etc., but get much spam from those countries choose to block the entire country - our choice.

More and more anti-spam in China??? we await evidence with anticipation!

27021[/snapback]

3ks sir! i will do better to maintain my mail system!

i know many spam is from our country,but now if you came to china,you will see our effort to ant-spam!Now,everyone who sends spam in china will be punished by law.Many west country is developed,and china is developing,so is our mail system.We are improving ,pls give us some times,we will be better and better!

Share this post


Link to post
Share on other sites
i think you anti-china ,but not anti-spam~

you should not be here,

chinese want to contact with the whole world!but you wont,then you just live in your own small world,any one like you will lost:)

27024[/snapback]

David stated that 90% of the spam had links to China. If you don't believe his stats, that is one thing (I don't report web sites so don't have those statistics). However, I have no valid email contacts outside of the US, so for me, blocking China and all other foreign countries makes perfect sense. Anyone trying to contact me from China, is spamming me because I have not asked for any messages from there.

Share this post


Link to post
Share on other sites
There are many here who feel China has not done a good job with stopping spam myself included but that is not helping you with your problem.

Have you checked http://www.spamcop.net/fom-serve/cache/329.html ?

Also if you were able to configure your IP addy's for your website you should be able to configure a reverse DNS for your mail servers.

27026[/snapback]

3ks

I will fix my dns promble as soon as i can.

Share this post


Link to post
Share on other sites
i think you anti-china ,but not anti-spam~

While there are plenty of other problems with China (in addition to hosting most of the spamvertised websites), I'm not completely "anti-china." If I were "anti-china," then there would be some mention of China on my personal website, where I have published some of my opinions.

There are also many problems with my country, but I'm not "anti-USA." I'm against the bad things of each place.

chinese want to contact with the whole world!

Of course, but your Internet companies offer web hosting to many, many spammers, and don't seem to be willing to stop doing that. The people in China who want outside contact need to put a stop to the hosting of spammers.

DT

Share this post


Link to post
Share on other sites
i know many spam is from our country,but now if you came to china,you will see our effort to ant-spam!Now,everyone who sends spam in china will be punished by law.

In my experience, I see spam from all over the place, especially from zombie computers hijacked by spammers. But my point is that *most* of the websites that are being advertised in the spam are hosted by Chinese companies. You have only mentioned efforts to control the sending of spam, but right now, the bigger problem with Chinese Internet activities is the hosting of all those domains and websites.

DT

Share this post


Link to post
Share on other sites
David stated that 90% of the spam had links to China.  If you don't believe his stats, that is one thing (I don't report web sites so don't have those statistics).  However, I have no valid email contacts outside of the US, so for me, blocking China and all other foreign countries makes perfect sense.  Anyone trying to contact me from China, is spamming me because I have not asked for any messages from there.

27028[/snapback]

yes,you can block all mail from china.but how about many businessman ?

what can they do ?if they can not receive their business parter,they will lose many chance!our customers from west always complain that!sometimes they will have 2 mail box ,one is in china website ,one is in their own country!then they use their own mailbox ti get mail from chinese mailbox though pop.what a pity,doesn't it?

Share this post


Link to post
Share on other sites
yes,you can block all mail from china.but how about many businessman ?

what can they do ?

27032[/snapback]

They can complain to their ISP that they are not getting their email or move to an alternative mail provider. Filtering of any kind should only be done with the approval of the receiving party. It does happen, but that is what a free economy is about, voting with your money.

Share this post


Link to post
Share on other sites
yes,you can block all mail from china.but how about many businessman ?

what can they do ?if they can not receive their business parter,they will lose many chance!our customers from west always complain that!sometimes they will have 2 mail box ,one is in china website ,one is in their own country!then they use their own mailbox ti get mail from chinese mailbox though pop.what a pity,doesn't it?

27032[/snapback]

...Wise, sophisticated and flexible business people who need to communicate with partners in China will either block just the IP addresses from which spam is reported to have come or will otherwise filter e-mail from China. Unwise, unsophisticated and inflexible business people, such as my employer :( <frown> will let all e-mail from China (and Taiwan and Brasil and other sources of spam) flow into their e-mail systems. DT is not operating a business e-mail system requiring communication with China, therefore, he can block all e-mail from China without loss.

Share this post


Link to post
Share on other sites
DT is not operating a business e-mail system requiring communication with China, therefore, he can block all e-mail from China without loss.

But this isn't really my point. My issue is with all the web hosting of spammers being done by Chinese companies, and it's so bad, that my proposal would be to build a "Great Wall of the Internet," blocking ALL traffic, not just email, to and from China until they make a major change in their behavior.

DT

Share this post


Link to post
Share on other sites
But this isn't really my point. My issue is with all the web hosting of spammers being done by Chinese companies, and it's so bad, that my proposal would be to build a "Great Wall of the Internet," blocking ALL traffic, not just email, to and from China until they make a major change in their behavior.

DT

27038[/snapback]

...Then you would be punishing not only the guilty ISPs but also the customers of legitimate Chinese ISPs and their non-Chinese business partners.

Share this post


Link to post
Share on other sites
...Then you would be punishing not only the guilty ISPs but also the customers of legitimate Chinese ISPs and their non-Chinese business partners.

Yes, but the problem has gotten that serious. There are other ways they can communicate...phone, faxes, etc. Besides, if Wal-Mart can't buy from China anymore, that's actually a very good thing, but that's because I *am* actually anti-Wal-Mart.

DT

Share this post


Link to post
Share on other sites

I cannot read it, but ... http://www.spamhaus.cn/ is a 'recent' development, some background at http://www.spamhaus.org/news.lasso?article=153 .... Steve Linford did a bit of traveling over there, trying to get the word out that the spam issue was real. Progress noted in his NANAE newsgtoup postings based on the China ISPs that were the top spam sources two years ago aren't in the top spam lists these days ... which of course sets off the frenzy of folks pointing out all the new/current sources Anyway, data tossed into the discussion ... I had posted an intersting URL somewhere recently, a global pic of cureent spam spew ... found it ... see the graphic at http://postini.com/stats/map_window_dha.html

Share this post


Link to post
Share on other sites

Take a look at the "Geography of spam" section of this news release:

http://www.commtouch.com/Site/News_Events/...id=346&cat_id=1

The top spam sources are:

South Korea 35.41%

United States 19.81%

China 13.57%

But look at the stats on "Countries Hosting Spammers’ Websites:"

China 63.70%

Brazil 11.34%

Russian Federation 9.67%

Hong Kong 9.40%

So, although China only appears to *broadcast* about 14% of spam, much less than Korea and the US, they are responsible for *hosting* over 70% of the spamvertised websites (China + Hong Kong, which is part of China). That's a big enough problem to warrant extreme solutions, such as cutting China off of the Web.

DT

Share this post


Link to post
Share on other sites

I see exactly the same trends in the spam I report. In fact spam-advertized domains hosted in China account for more than 80% of the spam I report.

Share this post


Link to post
Share on other sites
this information "The IP 61.129.44.75 is Blacklisted by bl.spamcop.net.:Blocked - see http://www.spamcop.net/bl.shtml?61.129.44.75" always appears in my mail log these days!!!!! yestoday,I check my IPs in sapmcop,it is ok,no one list in blocklist,but today a lot of my ips list in blocklist!

Is there any one who can help me?I am running a mail system for my company,and now "61.129.44.67 61.129.44.68 61.129.44.69 61.129.44.70 61.129.44.72 61.129.44.75 61.129.44.78 61.129.45.53 " are all list in scbl,how can i make them released??

27018[/snapback]

The first thing that you need to do is find out why those I.P. addresses are being listed.

A listing is usually a strong indication that there is a severe misconfiguration of that network.

When that many I.P. addresses are listed it usually indicates that there has been a security problem and criminals have control of your systems.

Criminals scan for improperly secured machines and when they find them they will either use them or sell the information on how to exploit them to other criminals.

Let's start with 61.129.44.75 :

As has been pointed out, it does not have rDNS, which you said you are getting fixed.

Now what is recommended is that the rDNS name indicate what the I.P. address is being used for and who is using it. If this is an outgoing mail server, it is a very good ideal to put the text "smtp" or "mail" in the name, which it will make it easier to convince remote administrators to whitelist it from one of their local blocks.

For I.P. addresses that are DHCP assigned, put the text "dhcp" or "dynamic" in them, and forget about ever putting a mail server on them. Most of the mail adminstrators I know will not accept any e-mail from a known or suspected DHCP pool.

Sending to spam traps means either two things:

1. Criminals have control of that system and are sending spam.

2. The mail server is generating new mail messages in response to spam.

The second case is when a mail server is either mis-configured to bounce detected spam or viruses which should never be done, or it is accepting all e-mail and bouncing what can not be delivered.

Such a mail server is participating in a denial of service attack against other mail servers, as almost all non-deliverable messages are either spam or viruses with forged addresses.

The only non-abusive method that a mail server can use to notifiy of non-delivery is to signal this with an SMTP reject code before the SMTP transaction is complete.

So let's see if more information can be found:

drbcheck - www.moensted.dk/spam lookup

Much can be found in that page. A SPEWS listing generally indicates that the owner of a network is either actively assisting spammers and network abuse or is generally ignoring such abuse.

I can not find anything for that specific I.P. address, but because this is in China, it means that many networks will not accept e-mail from that range, especially a range with no rDNS at all. This is because of years and years of Chinese ISPs allowing spammers to host web pages or not acting on abuse complaints.

Usually this means that you will have to contact the Deputies to find out more details of why the I.P. address is listed.

In the past where followups have been posted, and only spamtraps hits exist the two most common causes are:

A: There is one or more accounts on the server with either no password or one that is easy to guess. In this case, it means that the spammers may have full control of that server and a full clean up is needed.

B: The server is auto-responding to spam and viruses instead of using SMTP reject codes. As pointed out earlier, it means that system is participating in a denial of service attack against networks that spammers have forged in their attempts to evade poorly written spam filters.

Sending to a spam trap means that your server sent an e-mail to an e-mail address that has never ever sent an e-mail. A properly configured and secure mail server will not do that.

Now for an example of why there are country wide blocks, it is a matter of economics. A large e-mail server operator pays a metered rate for each message that comes into their server. Currently 75 percent of all e-mail delivery attempts are spam. To attempt to sort out the good mail from an I.P. block from the spam is too expensive, because it means paying for 75% more bandwidth than the server operator would normally need. The only way for a mail server operator to contain their costs is to not accept I.P. addresses that the owner has allowed spam ot be sent from. These avoided costs can be in the thousands of U.S. dollars per month.

And when an network owner allows spam to be sent from a lot of I.P. addreseses, then the mail server operators will start blocking all e-mail from that network, and only open up an I.P. address if they have a user that needs it.

If a number of network owners in a country allow spam to be sent, then to save costs, mail server operators will start blocking all e-mail from that country. China is one of a small list of countries that many mail server operators have given up on taking a chance that a real e-mail will come from it.

Now look at the listings from the Moensted list. It is not normal for any ISP to have a SPEWS listing.

The SPEWS listing is showing spammers that are buying access from your ISP and that have been reported to your ISP.

If you look at the SPEWS listing, it has several comments of "may have to add". This usually indicates that who ever runs SPEWS thinks that nothing is being done to remove the spammers that SPEWS is showing as being customers of that ISP.

Generally to get a SPEWS listing, it appears that a network has to ignore spam and abuse complaints for a very long time. It also means that by that time, many other networks have given up accepting any packets from that network.

It is only recently that there has been any indication that your government seems to have realized how much damage that this has done to the Chinese reputation and that it is affecting Chineses participation in e-commerce.

Here outside of China, all that is seen about this anti-spam push is press releases. The amount of spam being reported to Chinese ISP's that are hosting web sites for products that are illegal to sell in most parts of the world has still been increasing. And most of the reporting addresses that the ISP should be paying attention to are showing up as non-functional.

Think of spam as a toxic desease that is being quarantined. Expect that the longer that spam is allowed to come from an I.P. address, the more I.P. addresses around it will be considered contaminated and the longer it will take before people will take a chance that the I.P. address is clean.

If a network has ever provided any services to what spamhaus.org lists as a ROSKO spammer, those I.P. ranges are probably useless for e-mail for at least the next decade.

Ask your ISP about the SPEWS listings and why SPEWS is saying that they need to be expanded. As near as anyone can tell, SPEWS would only be expanding the listings if your ISP is still hosting spammers which you say is against the law in your country.

The people that are blocking your IP because it is in China or because of your ISP will not change, and there is nothing that either you or I can type here that is going to change what they are doing. All the people here can do is let you know how bad the problem that you have is.

It does not do any good to complain to the rest of the world how unfair it is. Your network provider and other network providers in your country caused the problem, and only when it is hard to find a spam site hosted in China or a spam delivery attempt from China, do I expect your problems with e-mail to start to diminish.

Until that happens, most network owners will not believe that your country or ISPs are doing more than issuing press releases.

Now I do not control any mail servers or blocking lists, so there is nothing that I can do other then type this.

You can find and stop the spam e-mail that is coming from your netblock. If your mail servers are properly configured to use SMTP rejects, and your security is intact, then unless you sign up a spammer as a customer, your network should never be affected by spamcop.net.

For the other blocking, that is in the hands of your network provider. As long as they are doing any business with a spammer, any at all, you can expect to find other networks refusing all e-mail from any IP address assigned to that ISP. And most of the world seems to think that China has one single ISP run by your government. So if any ISP in your country is willing to sell any service to a spammer, you can be affected.

And right now, it is no problem at all to find spam samples of web pages being hosted in China posted in news.admin.net-abuse.sightings. If your country was serious about enforcing the anti-spam laws it would have no trouble locating the Chinese I.P. addresses that are being used by spammers.

-John

Personal Opinion Only

Share this post


Link to post
Share on other sites
  Currently 75 percent of all e-mail delivery attempts are spam.  To attempt to sort out the good mail from an I.P. block from the spam is too expensive, because it means paying for 75% more bandwidth than the server operator would normally need.

[...]

27062[/snapback]

Actually it means paying for 300% more bandwidth than the server operator would normally need, think about it.

Share this post


Link to post
Share on other sites

This is what I hear from some of you:

[paraphrase]Yes, let's build a wall around China. I mean, 75% of the people who mail from there are spammers. So lets just lock them all away and ban them until the 75% of the bad ones stop spamming. Who cares about the innocent ones who have no choice to live in China. Who cares about the innocent. Its better to lock away 25% of the innocent people to get to the 75% of the spammers.[/paraphrase]

Sounds reasonable to you, huh? Let's substitute a few words and see if what you say still sounds fair:

[sarcasm]Yes, let's build a wall around the ghetto. I mean, 75% of the black and hispanic people who live there are criminals or have criminal records. So lets just lock them all away and ban them until the 75% of the bad ones stop being bad. Who cares about the innocent ones who have no choice to live in the ghetto. Who cares about the innocent. Its better to lock away 25% of the innocent people to get to the 75% of the bad ones.[/sarcasm]

Thank God our justice system in the United States isn't like some people's attitudes about stopping spam!

It's interesting that some people's arguments about how its justified to harm innocent parties sounds exactly like the arguments racists used for treating blacks & hispanics the way they do.

It is natural that some innocent people are going to get hurt. But it makes me sick that some people have total disregard for the innocent and actually promote hurting innocent people in order to get to the guilty. That's just like saying that its okay to treat a black man who committed no crime as a criminal just because he lives in a high-crime area (ghetto) and perhaps doesn't have enough money to leave or because his sick mother lives there.

Give me a break. I can understand banning known spammers, but advocating banning the innocent is not cool and will just make you enemies of people that should be your allies in fighting spam.

Let's ban the spammers, not advocate harming innocent people. It's one thing to do so accidentally, but its another thing to do so intentionally.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×