Jump to content

All Inbound mail blocked


SpeedyLizard

Recommended Posts

I have utilized spamcop using "connection filtering" in exchange for several years now. However, just recently it has been blocking all mail

senders are recieving the following return message from my server:

<69.132.108.222> does not like recipient.

Remote host said: 550 5.7.1 204.16.252.100 has been blocked by bl.spamcop.net Giving up on <69.132.108.222>

No matter where they send me mail from, hotmail, company mail, msn, etc, they all get blocked.

If i remove spamcop from the connection filtering it works fine. However, I really would like to use spamcop as you guys do an outstanding job.

Any ideas?

Here's another:

This is the Postfix program at host mail1.no-ip.com.

I'm sorry to have to inform you that your message could not be

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

The Postfix program

<xxxxxx at bartontech.com>: host

[69.132.108.222] said: 550

5.7.1 204.16.252.100 has been blocked by bl.spamcop.net (in reply to RCPT

TO command)

Link to comment
Share on other sites

You say "all e-mail from everywhere" but then only list two data bits that both relate to the same IP address ...????

http://www.spamcop.net/w3m?action=checkblo...=204.16.252.100

204.16.252.100 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 13 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

System administrator has already delisted this system once

Listing History

In the past 7.6 days, it has been listed 3 times for a total of 2.3 days

http://www.senderbase.org/?searchBy=ipaddr...=204.16.252.100

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.7 .. 3277%

Last 30 days ... 4.1 ... 708%

Average ......... 3.2

Unless you know of another reason why so much traffic has been shifted to this server, the 'general' situation of numbers like this is spammer abuse.

Why this HE server issue might impact "all of yur e-mail" may be in the way "you" have things networked, but ... nothing offered in your query to talk to this level of detail. for example, is this IP address/server "your" smarthost?

Link to comment
Share on other sites

You say "all e-mail from everywhere" but then only list two data bits that both relate to the same IP address ...????

http://www.spamcop.net/w3m?action=checkblo...=204.16.252.100

204.16.252.100 listed in bl.spamcop.net (127.0.0.2)

Why this HE server issue might impact "all of yur e-mail" may be in the way "you" have things networked, but ... nothing offered in your query to talk to this level of detail.  for example, is this IP address/server "your" smarthost?

38033[/snapback]

The reason i mention "all my mail" is because it is routed thru no-ip.com for services. They act as my dns service as well as backup mail hosting.

They do not host mail that I know of (in the traditional sense), they only provide backup services. Is it possible that whatever you are using for reverse lookup is pointing to them instead of the real offender?

Just curious.

Since they are my dns server and mail router, all mail destined for my domains are blocked. Therefore I have to stop using spamcop.net until it gets resolved. I also have to recommend this action for any of my customers that also use no-ip for dns resolution and backup domain services.

Link to comment
Share on other sites

I host my own mail server

38038[/snapback]

hmmm, that's the result I just came up with ... your samples seem to say that;

some e-mail server tried to connect to 69.132.108.222 .. which basically only offers up the WHOIS data of

12/17/05 20:48:03 IP block 69.132.108.222

Trying 69.132.108.222 at ARIN

Trying 69.132.108 at ARIN

OrgName: Road Runner

OrgID: RRMA

Address: 13241 Woodland Park Road

City: Herndon

StateProv: VA

PostalCode: 20171

Country: US

But does "translate" to: cpe-069-132-108-222.carolina.res.rr.com

And the e-mail server at "this" IP address performed a "Blocking action" on the e-mail seen coming from 204.16.252.100 due to the SpamCopDNSBL listing.

From this side of the screen, if you want to use the SpamCpDNSBL on your e-mail server, then you'd want to follow the guidance offered on that use and opt for a "Tagging & Handling" method, rather than the Blocking Action. Maybe work up a whitelist feature???

But, technically, it rather appears that everything is in fact working as designed.

Link to comment
Share on other sites

But, technically, it rather appears that everything is in fact working as designed.

38039[/snapback]

I respectfully disagree. This has worked flawlessly for several years and only recently has started working incorrectly (without any change on our part).

Here's why I disagree. If all of my mail is routed through a single host (in this case, no-ip), and I add them to a "white list" then all mail will pass through the whitelist including the spam. Once the mail reaches my system, if it comes thru no-ip (which it will) and appears on the whitelist, the email system will stop processing any blocking and deliver the mail. However, the way the system is designed, is that it checks against the spamcop system to see if it is offending, if so it blocks it.

This is the equivelant of spamcop blocking all mail originating at hotmail.com instead of the offenders originating ip.

If the mail goes through no-ip, it should arrive at my mailserver and checked against the offenders originating ip, not a dynamic dns provider. correct?

Link to comment
Share on other sites

If the mail goes through no-ip, it should arrive at my mailserver and checked against the offenders originating ip, not a dynamic dns provider.  correct?

38040[/snapback]

It really depends on how your mail server software is implementing the check. Most systems only use the connecting IP address as a check. SpamCop's email service does use all IP's in the headers, but that seems to be a quite rare use of the system.

You say it has been working. What changed that caused all your connections to now come through no-ip?

Link to comment
Share on other sites

Spamcop workds great for us.

I would suggest if you want to run your own mail server you should get a static IP address.

See

http://groups.google.com/group/news.admin....arch+this+group

Just information but we block dynamic IP's on our servers and that means we block all services that provide addresses to dynamic IP's and I know we are not the ony one that does it. There is a reason many providers are blocking port 25 traffic for their dynamic IP space.

Just some info for ya :D

Link to comment
Share on other sites

It really depends on how your mail server software is implementing the check.  Most systems only use the connecting IP address as a check.  SpamCop's email service does use all IP's in the headers, but that seems to be a quite rare use of the system.

You say it has been working.  What changed that caused all your connections to now come through no-ip?

38041[/snapback]

That's exactly my point. Since no-ip is on the black list, I cannot use spamcop to check for spam on my system, because I also happen to use no-ip as my mail router/backup provider.

So it sounds like until no-ip is unlisted, I have to disable the use of spamcop for dnsbl.

Is there some way to verify if no-ip is on the blacklist?

Link to comment
Share on other sites

That's exactly my point.  Since no-ip is on the black list, I cannot use spamcop to check for spam on my system, because I also happen to use no-ip as my mail router/backup provider.

38043[/snapback]

But if your config is only checking the connection server, and all messages come in via no-ip, the only time messages would ever be blocked is when no-ip was listed. Unless all messages are now coming via your backup MX for some reason where they did not before??? That would be something you would need to investigate.

So it sounds like until no-ip is unlisted, I have to disable the use of spamcop for dnsbl.

Is there some way to verify if no-ip is on the blacklist?

38043[/snapback]

Sounds like it. The check was provided previously, and only certain IP's would be listed. http://www.spamcop.net/w3m?action=checkblo...=204.16.252.100
Link to comment
Share on other sites

Trimming of quoted material would be appreciated ... I've done that in editing of your previous posts ...

I respectfully disagree.  This has worked flawlessly for several years and only recently has started working incorrectly (without any change on our part).

This would be where the "fun" would come into things. The possibly "quickest" way to jump on this is for you to provide "real" samples of the headers involved ... e-mail that once did arrive and e-mail that's now getting blocked (preferably via the use of Tracking URLs to prevent a whole bunch of other issues getting mixed in) ....

Here's why I disagree.  If all of my mail is routed through a single host (in this case, no-ip), and I add them to a "white list" then all mail will pass through the whitelist including the spam.  Once the mail reaches my system, if it comes thru no-ip (which it will) and appears on the whitelist, the email system will stop processing any blocking and deliver the mail.  However, the way the system is designed, is that it checks against the spamcop system to see if it is offending, if so it blocks it.

This is the equivelant of spamcop blocking all mail originating at hotmail.com instead of the offenders originating ip.

If the mail goes through no-ip, it should arrive at my mailserver and checked against the offenders originating ip, not a dynamic dns provider.  correct?

38040[/snapback]

The problem "here" is that you seem to be asking folks on this side of the screen to have to "guess" at just what is going on with all these other players. And as it would be assumed that some of those other players/tools have some configuration settings involved, this side of the screen offers no clues as to what these settings may be.

There may be some confusion in the verbiage used thus far also. There is a normal definition of "routing" but that doesn't necessarily "require" that an e-mail server actually handling e-mail be in the middle of that. If the "routing" done by no-ip is "only" handling the link between a Domain name and in IP address, there should be no "e-mail server" in the loop. On the other hand, if you are actually using another (ISP's) server as a smarthost for your e-mail server, then we're back to needing to see a set of actual headers to try to follow the actual flow of the e-mail involved. You say that "you've" made no changes, yet .... have any of the other players involved made some change recently? (easiest seen by again comparing old e-mail to new e-mail and see what did change and who did it)

Link to comment
Share on other sites

Is there some way to verify if no-ip is on the blacklist?

38043[/snapback]

Links provided for your specific issue in Linear Posts #2, #11, and #12 .... but you seem to already know that the SpamCopDNSBL works on IP addresses, not Domain names ...

Link to comment
Share on other sites

But if your config is only checking the connection server, and all messages come in via no-ip, the only time messages would ever be blocked is when no-ip was listed.  Unless all messages are now coming via your backup MX for some reason where they did not before???  That would be something you would need to investigate.

Sounds like it.  The check was provided previously, and only certain IP's would be listed.  http://www.spamcop.net/w3m?action=checkblo...=204.16.252.100

38046[/snapback]

I'll take up the issue with no-ip. I assume it is their responsibility to take up the de-listing of their server with no-ip. I also assume that once they have proven that the offender has either been booted or the listing is in error it will get removed. Safe assumptions?

Thanks everyone for your help.

Link to comment
Share on other sites

I'll take up the issue with no-ip.  I assume it is their responsibility to take up the de-listing of their server with no-ip.  I also assume that once they have proven that the offender has either been booted or the listing is in error it will get removed.  Safe assumptions?

38050[/snapback]

From the page referred to: If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 12 hours.

Also:System administrator has already delisted this system once

Because of <this>, express-delisting is not available <i.e. you need to wait the time>

Link to comment
Share on other sites

Unless you have control of your backup MX (ie. also configured to reject mail from SCBL-listed hosts), you run the risk of spammers sending mail to you and your customers via your backup MX and your system rejecting mail from your backup MX. If some of those rejected mails contain forged addresses, it will cause your backup MX to bounce to forgery victims or spamtraps which could easily get your backup MX listed in SCBL.

Feel free to reject SCBL-listed hosts on your own servers but, without control of your backup MX, you definitely need to whitelist all incoming mail from your backup MX to avoid problems like this.

Link to comment
Share on other sites

I'll take up the issue with no-ip.  I assume it is their responsibility to take up the de-listing of their server with no-ip.  I also assume that once they have proven that the offender has either been booted or the listing is in error it will get removed.  Safe assumptions?

38050[/snapback]

Not really a good assessment of the situation. Please see one of the FAQ entries like What is the SpamCop Blocking List (SCBL)? There is no "proving" involved, and the math / statistics was already pointed to in my Linear Post #2 .... that massive increase in "seen" traffic and the 'usual' reason for that kind of flow doesn't necessarily lend itself to a "quick" removal ....

Link to comment
Share on other sites

Not really a good assessment of the situation.  Please see one of the FAQ entries like What is the SpamCop Blocking List (SCBL)?  There is no "proving" involved, and the math / statistics was already pointed to in my Linear Post #2 .... that massive increase in "seen" traffic and the 'usual' reason for that kind of flow doesn't necessarily lend itself to a "quick" removal ....

38054[/snapback]

There is no 'proving' because delisting is governed by the math formula and doesn't delist until the spam stops, IIUC. If the listing is in error, it will be delisted immediately.

Because I am technically non-fluent, I am not sure what Wazoo sees that shows him that there is a problem that will probably take no-ip a while to correct.

Miss Betsy

Link to comment
Share on other sites

Report History only shows one spam Reported:

Submitted: Thursday 2005/12/08 01:20:20 -0500:

News for x

1578938717 ( 68.220.177.118 ) To: spamcop[at]imaphost.com

1578938616 ( 68.220.177.118 ) To: abuse[at]bellsouth.net

1578938615 ( 204.16.252.100 ) To: relays[at]admin.spamcop.net

Also:
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 2 hours.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...