Merak Mailserver and Misdirected bounces

[abusiness]

Hello

The last month one of our mailservers has been listed in bl.spamcop.net four times. We have been worked very hard to find a solution but without any luck.

The cause of listing is:

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Does anyone have experience with this error and a Merak Mailserver? We are using the latest version 8.5.0-8.

Thanks.

Best regards,

Lars

[Telarin]

Well, the first thing you need to do, since you are only showing spamtrap hits, is to email deputies[at]admin.spamcop.net, provide them with the IP address of your server, and ask them what type of traffic they are seeing. There are several possibilities as to what could cause these hits:

Misdirected Bounces: Your mail server is sending bounces (Out of Office Replies, NDRs, Over Quota, etc) to the forged FROM address on spam. A mail server should not send an NDR after accepting a message for delivery, instead it should reject the message during the SMTP session with a 400 or 500 series error message.

Zombied/Compromised Computer: Either your mail server (or another computer if you have more than one computer behind the same IP address) is compromised and is being used by a spammer to send spam. This scenario is less likely however, as it usually results in some amount of manual reports as well, but not always.

Infected Computer: Either your mail server (or another computer if you have more than one computer behind the same IP address) is infected with a virus and is sending out virus infected messages in an attempt to propogate itself. This scenario is less likely however, as it usually results in some amount of manual reports as well, but not always.

[StevenUnderwood]

The last month one of our mailservers has been listed in bl.spamcop.net four times. We have been worked very hard to find a solution but without any luck.

The cause of listing is:

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Does anyone have experience with this error and a Merak Mailserver? We are using the latest version 8.5.0-8.

I have no experience with that software. A quick look through their web site is showing many options for receiving mail, incliding POP from another account. How do you have this configured?

If the only reason is spamtrap hits, then it is likely you have some auto-responder, out or office, or non-delivery bounce that is going to the "From:" address.

You can get more information by replacing 127.0.0.1 with your IP address in this URL: http://www.spamcop.net/bl.shtml?127.0.0.1

If any of those things could be happening, you will want to turn them off, or modify the system so only messages that are not spam (valid messages) are being replied to. You might want to ask in the Merak forums: http://www.merakmailserver.com/Forum/