Jump to content

Recommended Posts

Hello,

Our company was listed on blacklist for 1 day I guess. After successful delist we still cannot send e-mails to some domains. Have you guys any experience with something like this? 

This error is showing:<<< 550 5.7.1 Remotehost is listed in the following RBL lists: SpamCop, NixSpam RBL

Thanks for help.

Share this post


Link to post
Share on other sites
14 hours ago, fnsp_stastny said:

Hello,

Our company was listed on blacklist for 1 day I guess. After successful delist we still cannot send e-mails to some domains. Have you guys any experience with something like this? 

This error is showing:<<< 550 5.7.1 Remotehost is listed in the following RBL lists: SpamCop, NixSpam RBL

Thanks for help.

Need a IP to look?

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, fnsp_stastny said:

Oh, I'm sorry I forgot to write IP.

193.87.56.3

Not listed now, only one member report (child porn) so must of been hitting spamtrap addresses?
SpamCop was sending abuse reports to old abuse address so refreshed it to "abuse-po[AT]sanet[DOT]sk"
Important for your customers to use a virus/malware program Windows Defender is a good choice, but any would do.
If malware detected they need to change password.
only report was

Submitted: 4/22/2020, 5:36:59 PM +1000:
My dream is to try with you something that I have never done before.


 


 

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
16 hours ago, fnsp_stastny said:

We are using on every Pc Windows Deffender. At the moment, e-mail communication should be smooth?

Someone had disabled windows defender or you have a spammer using your computers!
To get listed by spamtraps means 1000's of emails were being sent through your email server

Widows defender is very good at picking up malware.
Right now your email server has dropped by 100%
https://talosintelligence.com/reputation_center/lookup?search=193.87.56.3

                          LAST DAY    LAST MONTH
spam LEVEL    Very High    Very High
EMAIL VOLUME    0.0    3.5
VOLUME CHANGE    -100%

see check
https://blog.mikrotik.com/security/winbox-vulnerability.html

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, fnsp_stastny said:

Can you give me information which e-mail address is sending spam mails to spamtraps?

Nobody has access to spamtrap spam. spamtraps are kept secret sorry
But I did look at your email server which shows is slow.
indicates it is accessed by a or many a spammer
https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a193.87.56.3&amp;run=toolpage

220 mail.fnsppresov.sk ESMTP Server (Kerber Mail Server 3.0) ready at Fri, 26 Jun 2020 13:12:11 +0200
Test	Result	
	SMTP Connection Time	6.079 seconds - Warning on Connection time	 More Info
	SMTP Transaction Time	8.734 seconds - Not good! on Transaction Time	 More Info
	SMTP Reverse DNS Mismatch	OK - 193.87.56.3 resolves to mail.fnsppresov.sk	
	SMTP Valid Hostname	OK - Reverse DNS is a valid Hostname	
	SMTP Banner Check	OK - Reverse DNS matches SMTP Banner	
	SMTP TLS	OK - Supports TLS.	
	SMTP Open Relay	OK - Not an open relay.

https://talosintelligence.com/reputation_center/lookup?search=193.87.56.3

spam LEVEL
The spam Level indicates how much spam that originated from this host, has been lately caught and archived. This statistics is not displayed for every spam sending host, because Talos Reputation Center is not storing every spam we encounter.


 

Edited by petzl

Share this post


Link to post
Share on other sites

So what exactly should we do? We have like 3000 PCs in our network, it's time consuming to look for a PC in which could be some virus/spammer access.

Share this post


Link to post
Share on other sites
Posted (edited)
11 hours ago, fnsp_stastny said:

So what exactly should we do? We have like 3000 PCs in our network, it's time consuming to look for a PC in which could be some virus/spammer access.

I right now cannot see you on any blacklist? Maybe your problems over?However some blacklists never remove one from their blacklist, until a lot of grovelling is done.  Hotmail GMail don't list their black lists! But your System is set up correctly, just high usage.
SpamCops blocklist only lists a maximum of 24 hours if spam stops, sooner if one delists it.

on your contact webpage change email addresses to images as "spamBots" scrape email addresses yes some spamBots can read images most cannot.

Many companies do not allow personal email or downloads which stops malware, and have all email electronically read, if enough "strikes" it then is actually read, with security arriving unannounced to remove offender off site!
The only course to if you are satisfied that all 3000 PC's are clean and kept that way but blocking is still happening is to change to a different IP for your email server.

I would suggest you ask via email and or Blog. for all your 3000 PC network to change passwords to a secure one
First letter of their (Capitalized) name, first 2 numbers of their street address, followed by a = sign, followed by a lower case, upper case Alphanumeric unforgettable password. 
example; P77=BratiSlava 
(this has 14 characters there may be a limit of characters one can use on a password?)
Ask all to run on their Microsoft defender offline scan. THEN change password is best, but gets problematical with naive users, get them to ask for assistance from other colleagues if needed. Up to you but I don't recommend all 3000 users do this at same time, babysteps first say 5 first?
https://support.microsoft.com/en-us/help/4027710/windows-using-windows-defender-offline
 

Screen Capture of running Windows Defender offline scan

https://ibb.co/2dLcPXP

Edited by petzl

Share this post


Link to post
Share on other sites
On 6/24/2020 at 11:11 PM, fnsp_stastny said:

Oh, I'm sorry I forgot to write IP.

One note is that you can try is to do a local lookup and see if it is cashed in the blocklist by your local DNS.  Another thing to note is that a few decades back, there were some email providers that mistakenly blamed the spamcop blacklist for blocking email when in fact, it was their own blocklist they were using.

nslookup -type=any 3.56.87.193.bl.spamcop.net

If the IP is not on the blocklist, but is still blocked, it is likely the email provider has setup a badly configure rbl entry in the receiving email server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×