Jump to content

Why is my email blocked?


Recommended Posts

My IP has been blocked by SpamCop. I don't send unsolicited email and my service provider said to run a virus scan to make sure my computer is not being used by someone else to send spam. This came up clean.

How can I find out why I am blocked and by who, as the link from SpamCop does not provide me with any information?

Thanks,

Robert

PS the message I receive is:

Your message did not reach some or all of the intended recipients.

Subject: Test

Sent: 03/03/2004 15:54

The following recipient(s) could not be reached:

'robert[at]ticketboy-portugal.pt' on 03/03/2004 15:54

550 5.2.1 Mailbox unavailable. Your IP address 213.22.56.30 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?213.22.56.30.

Link to comment
Share on other sites

There is a user reported spam and a spamtrap hit for IP 213.22.56.30 from yesterday. If that IP is specifically yours (static IP) then you may have a worm/trojan infection. The spams appear to be advertising HGH.

Link to comment
Share on other sites

If you followed the link you would find spam has been reported coming from this IP.

This is also Dynamic/Residential IP range and many ISP's/email administrators will not accept email coming from these servers.

This machine is also an open proxy found Wed Mar 3 00:40:02 2004

Spammers are abusing this machine to send spam.

213.22.56.30 is listed as an open proxy in dnsbl.njabl.org.

213.22.56.30 is listed in dynablock.njabl.org.

For more info see: http://www.moensted.dk/spam/?addr=213.22.56.30&Submit=Submit

Please secure this machine. :angry:

Link to comment
Share on other sites

Thanks for your replies. Unfortunately I am not a computer wiz so exuse my ignorance.

I have got a cable account from my local cable provider. Does my IP belong solely to my computer or is it general belonging the the cable provider?

As I understand it someone is using this IP to send spam email, is that right?

How can I secure my machine? I use Norton Antivirus and XP Firewall?

Thanks for any help.

Robert

Link to comment
Share on other sites

Just because you use Norton does not mean you cannot get infected.

Port 65506 is open on the machine currently connected to IP 213.22.56.30. Run Live update and scan your entire machine.

Enable scri_pt Blocking in Norton Also.

Link to comment
Share on other sites

Hi, Robert,

<snip>

I have got a cable account from my local cable provider. Does my IP belong solely to my computer or is it general belonging the the cable provider?

As I understand it someone is using this IP to send spam email, is that right?

...It appears that the IP address in question belongs to Portugal Cable Modem Network, which I presume is your Cable provider, not you. That means it is their problem, not yours (except that you are suffering from their inability or unwillingness to stop spam from going through their server). E-mails should be going to their abuse address so they should be fully aware of the problem. You may wish to complain to them that you are not getting the e-mail service you contracted for because of their inaction in shutting down the spam. If they will not respond, you should try to find a more responsive provider.

...Good luck!

Link to comment
Share on other sites

My IP has been blocked by SpamCop. I don't send unsolicited email and my service provider said to run a virus scan to make sure my computer is not being used by someone else to send spam. This came up clean.

How can I find out why I am blocked and by who, as the link from SpamCop does not provide me with any information?

Thanks,

Robert

PS  the message I receive is:

Your message did not reach some or all of the intended recipients.

      Subject: Test

      Sent: 03/03/2004 15:54

The following recipient(s) could not be reached:

      'robert[at]ticketboy-portugal.pt' on 03/03/2004 15:54

            550 5.2.1 Mailbox unavailable. Your IP address 213.22.56.30 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?213.22.56.30.

213.22.56.30 seems to have an open proxy that spammers are using to hijack the machine in order to hide their true identity. This open proxy was last confirmed on 02 Mar 2004:

See: Proxy Test Results for 213.22.56.30

213.22.56.30:hc:65506: &gt;&gt; CONNECT 209.208.0.16:25 HTTP/1.0\r\n
213.22.56.30:hc:65506: &gt;&gt; \r\n
213.22.56.30:hc:65506: &gt;&gt; help njablproxytest\r\n
213.22.56.30:hc:65506: &lt;&lt; HTTP/1.0 200 Connection established\r\n
213.22.56.30:hc:65506: &lt;&lt; \r\n
213.22.56.30:hc:65506: HTTP request successeful (200)
213.22.56.30:hc:65506: &lt;&lt; 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Tue, 2 Mar 2004 18:39:09 -0500\r\n
213.22.56.30:hc:65506: &lt;&lt; 214-2.0.0 njabl.org proxytest response to 213.22.56.30\r\n
213.22.56.30:hc:65506: &lt;&lt; 214 2.0.0 End of HELP info\r\n
213.22.56.30 hc:65506 open

The IP is also listed in the following blocklists according to OpenRBL

You seriously need to have your computer checked for security issues, it is being used to abuse other people and networks.

Link to comment
Share on other sites

<snip>

b]You seriously need to have your computer checked for security issues, it is being used to abuse other people and networks.[/b]

...Why do you say that? The IP in question appears to be the OP's service provider, not the OP her/himself.

Link to comment
Share on other sites

<snip>

You seriously need to have your computer checked for security issues, it is being used to abuse other people and networks.

...Why do you say that? The IP in question appears to be the OP's service provider, not the OP her/himself.

Sorry. Perhaps you can explain why I shouldn't believe Robert? So far I have no reason to think he's been untruthful and the IP is listed on more than one DUL list..

]I have got a cable account from my local cable provider. Does my IP belong solely to my computer or is it general belonging the the cable provider?
Link to comment
Share on other sites

Hi, Spambo!

<snip>

You seriously need to have your computer checked for security issues, it is being used to abuse other people and networks.

...Why do you say that? The IP in question appears to be the OP's service provider, not the OP her/himself.

Sorry. Perhaps you can explain why I shouldn't believe Robert? So far I have no reason to think he's been untruthful and the IP is listed on more than one DUL list..

<snip>

...Sorry, I do not see what I wrote that makes you believe that I said that you should not believe Robert.

...You wrote to him that his PC "is being used to abuse other people and networks." The IP in question (213.22.56.30 ) appears to belong to an ISP, not to Robert.

Link to comment
Share on other sites

...Sorry, I do not see what I wrote that makes you believe that I said that you should not believe Robert.

...You wrote to him that his PC "is being used to abuse other people and networks."  The IP in question (213.22.56.30 ) appears to belong to an ISP, not to Robert.

213.22.56.30 [a213-22-56-30.netcabo.pt] appears to be an IP used by netcabo.pt for DHCP assignment to cable modem users. The fact that at least two lists report it as being a "DUL" IP (which by current definitions includes consumer cable modems as well as standard modem connections).reinforces my conclusion. Two other lists reporting it as an open proxy isn't encouraging either.

While I can't state with any certainty that his machine owned the "lease" on 213.22.56.30 when the open proxy test was run yesterday (?) or when the spams were actually sent, cable modems tend to keep the same IP for rather long periods periods of time which is one reason that spammers target them for trojan infections

Maybe I'm being an "alarmist" but I think there's ample reason he should give serious consideration about ensuring that his machine is secure and trojan free. And it's a win-win situation, if my suspicion is correct then there's one less vulnerable machine for spammers to abuse and if I'm wrong - well, everyone with an always on connection should ensure their machine is secure and occasional "in depth" checks aren't a bad thing.

Link to comment
Share on other sites

...Sorry, I do not see what I wrote that makes you believe that I said that you should not believe Robert.

...You wrote to him that his PC "is being used to abuse other people and networks."  The IP in question (213.22.56.30 ) appears to belong to an ISP, not to Robert.

213.22.56.30 [a213-22-56-30.netcabo.pt] appears to be an IP used by netcabo.pt for DHCP assignment to cable modem users.

<snip>

Hi, Spambo!

...OIC! Thanks for the patient explanation. Man, I learn a lot from my fellow SpamCop users! :D

Link to comment
Share on other sites

Since his ISP was aware of the infection, he should be asking them why they did not take action to limit the damage that the open proxy was doing to him, them and the rest of the internet.

He should be very unhappy that they knew his machine was infected and did not tell him.

When a spammer exploits an open proxy on a cable modem, it can use so much of the network capacity that the other cable modem users are either reduced to speeds worse than dial-ups if they do not get knocked off completely.

For an ISP to ignore an open proxy and leave it able to send e-mail on the internet costs them hard operating cash. These costs are passed on to their customers one way or another.

It is with in the techology of an ISP to lock a cable modem to a DHCP issued address until it is fixed so that they know where the problem is.

They can then block that I.P. address from sending out the infection through e-mail while still allowing their customer to download patches and de-worming software from trusted vendors.

If they were organized, this could all be automated from the receipt of a spam or open proxy report, which would cause the I.P. address to be scanned for vulnerabilites, and automatically isolated.

Some claiming to be from an ISP said that they had implemented a program to read spamcop reports from their mail box to prioritize them to get the open proxies off of their network. They apparently realize that an open proxy is a cash drain on a network.

Also be aware that some of the internet connection sharing programs have two passwords, one for local adminstration and one for remote administration. If you do not change the remote password, then every hacker on the internet can use it.

-John

Personal Opinion Only

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...