Jump to content

Listed and Relisted 137.113.150.115


Recommended Posts

Our site has been listed twice in three days. We use sendmail and do send out NDRs. I am not the primary (or the secondary) email admin for this site, but I am the person who has to fix this. I have pressed the "delist" button out of desperation to get mail flowing again. I would like help with figuring out how not to be listed again. I got the vague explanation about bounce emails. Not sure where to go next.

Okay, begin the abuse.

Thanks, Jim

Link to comment
Share on other sites

Okay, begin the abuse.

Hi Jim!

Sadly I'm not in the mood for abuse today :-)

As you realise your IP address is not currently listed in the SCBL. I can't tell whether this is solely because you hit the 'delist' option or because it would have timed out anyway. However, because the issue has not necessarily been addressed, once you are re-listed then you will not have that option available in the future so you will have to wait out the auto-delisting process from hereon.

Looking at the listings for your IP I can see that most are not available which typically indicates messages sent to so-called spam traps. If, as you say, you do allow non-delivery reports or autoresponses then that would suggest that you may have a compromised machine within your system.

That said, the two messages that are listed are both NDRs. see the reports available to paying users of SpamCop.

Submitted: 31 July 2006 18:14:46 +0100:
Message status - undeliverable

	* 1858945394 ( 137.113.150.115 ) To: postmaster[at]wlu.edu 

Submitted: 31 July 2006 17:52:52 +0100:
Message status - undeliverable

	* 1858927007 ( 137.113.150.115 ) To: postmaster[at]wlu.edu 

In both of these cases postmaster[at]wlu.edu received an Email with details of the message concerned.

Senderbase stats show the following:

Last day 4.1 2222%

Last 30 days 3.3 234%

That 2222% increase in messages in the last 24 hours points to the possibility of a compromised machine behind that IP.

Andrew

Link to comment
Share on other sites

I wish I knew how to turn the NDRs off within sendmail, I would be willing to try that.

I think what is happening that we are receiving a much higher incoming spam load than normal, and then sending NDRs to all the spoofed senders, which is getting us on the list.

Link to comment
Share on other sites

I wish I knew how to turn the NDRs off within sendmail, I would be willing to try that.

I think what is happening that we are receiving a much higher incoming spam load than normal, and then sending NDRs to all the spoofed senders, which is getting us on the list.

That's almost guaranteed to get you listed.

Does this previous post help...?

http://forum.spamcop.net/forums/index.php?showtopic=6357

Andrew

Link to comment
Share on other sites

Yep, if you're sending NDRs, its only a matter of time before you hit spamtraps with them. You should be able to do a google for "sendmail NDR" or something similar and find the information you need. If not, you might also check the spamcop FAQ as it has configuration tips for a number of different MTAs.

Link to comment
Share on other sites

Andrew, thanks for trying, but that example is too terse and generic, I just don't understand it.

As I don't use sendmail I'm not the one to try and make things easier :-)

I'd go to sendmail support groups and ask for help. What you need to do is reject undeliverable messages with a 550 type error instead of NDR. Since this is a very common means of doing this I'm sure you'll find help.

Andrew

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...