Jump to content
Sign in to follow this  
mmarklew

My IP Blacklisted but it no longer sends e-mail

Recommended Posts

IP: 203.33.254.150

After first been listed last week I started examining my mail logs in detail trying to find the customer responsible. I managed to stop a couple of customers sending non-deliverable reports but we are only talking like 5 messages a day out of some 10,000 we send.

After continual re-listing over the weekend, many late nights examining logs, writing filters and attempts to contact Spamcop for more information I gave up and changed the IP of my mail server yesterday morning some 30hours + ago. I really didn't want to do this as if there is a problem I would like to fix it.

The new IP hasn't been listed yet. But the old IP has been relisted since I stopped it sending any e-mail?

How is this possible, am I missing something?

The spamcop site doesn't really give any details of the reason for listing, other then the obvious.

Share this post


Link to post
Share on other sites
idl.net.au' post='46922' date='Aug 30 2006, 12:39 AM']The spamcop site doesn't really give any details of the reason for listing, other then the obvious.

Besides the obvious?

http://www.spamcop.net/w3m?action=checkblo...=203.33.254.150

203.33.254.150 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 17 hours.

Causes of listing

SpamCop users have reported system as a source of spam about 60 times in the past week

(this is the first listing showing something besides "less than 10 times" I've seen in a long time ..)

Additional potential problems

DNS error: 203.33.254.150 is mail.idl.com.au but mail.idl.com.au has no DNS information

System administrator has already delisted this system once

http://www.senderbase.org/?searchBy=ipaddr...=203.33.254.150

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.6 .. -73%

Last 30 days ... 3.3 .. -86%

Average ......... 4.1

It is still sending e-mail, per those numbers .... something like 10,000 a day, based on data at SenderBase's "Magnitude" Explained

It appears that you're checking in the wrong place ..... or you've offered up the wrong IP address.

whois -h whois.apnic.net 203.33.254.150 ...

% [whois.apnic.net node-2]

% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 203.33.254.0 - 203.33.254.255

netname: MAGNETICANDOPTI-AU

descr: Magnetic and Optic Labs

descr: 5 Garlick Close

descr: Kariong

descr: NSW 2250

country: AU

admin-c: DM252-AP

tech-c: DM252-AP

remarks: ** Conversion note - reference 'DM252-AU' changed to 'DM252-AP'

remarks: Record imported from AUNIC as part of AUNIC->APNIC migration

remarks: Please see http://www.apnic.net/db/aunic/

mnt-by: APNIC-HM

status: ALLOCATED PORTABLE

changed: nobody[at]aunic.net 19961025

changed: aunic-transfer[at]apnic.net 20010525

changed: hm-changed[at]apnic.net 20041214

source: APNIC

You mat also want to take a look at Spammers love Forum name = e-mail address

Share this post


Link to post
Share on other sites

Thats me, been staring at those pages for many hours now :P

I added a smart host yesterday to relay all the messages via a different machine. Logs show the messages all going to the remote machine and recieved on the other end to.

It doesn't track messages via a relay does it?

Or how updated is it?

Share this post


Link to post
Share on other sites

All kind of spam, including pills, porn and gambling:

Report History: 

Don't Display UUBE
--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:37:38 PM -0400: 
Re: yuRXie 
1898003822 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:22:43 PM -0400: 
pressed 
1897992162 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:18:30 PM -0400: 
Youngest glorious Schoolgirl fu**eed by oldman. 
1897984720 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:18:23 PM -0400: 
Got free time? Become richer! Tue, 29 Aug 2006 12:49:42 -0400 
1897984741 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:18:18 PM -0400: 
Re: geRXly 
1897984862 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:17:47 PM -0400: 
blackjack 
1897993452 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:17:28 PM -0400: 
FW: Job proposition from "FinanceAct Corp 
1897993955 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 7:17:16 PM -0400: 
! Try the new miracle weight loss herb 
1897994071 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Monday, August 28, 2006 11:48:44 PM -0400: 
Re: BEST PRICE ON HUMAX PAU-42THD PLASMA SCREEN 
1896620124 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Monday, August 28, 2006 11:48:43 PM -0400: 
Pain killers are here 
1896620161 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 
---------------------------------------------------------------------------------------
Submitted: Monday, August 28, 2006 11:48:46 PM -0400: 
issues. stories weeks 
1896619922 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Monday, August 28, 2006 11:48:45 PM -0400: 
Which rules are in effect here? 
1896620017 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Monday, August 28, 2006 10:37:53 AM -0400: 
Undelivered Mail Returned to Sender 
1895728296 ( 203.33.254.150 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------------
Submitted: Sunday, August 27, 2006 9:02:41 PM -0400: 
Email address: The 
1894923578 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Sunday, August 27, 2006 6:40:11 PM -0400: 
Be a powerful warrior in the bedroom! 
1894779776 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Saturday, August 26, 2006 11:44:29 PM -0400: 
Undelivered Mail Returned to Sender 
1893731739 ( 203.33.254.150 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------------
Submitted: Saturday, August 26, 2006 9:50:52 AM -0400: 
Undelivered Mail Returned to Sender 
1892962948 ( 203.33.254.150 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 8:42:19 PM -0400: 
Your Express-credits Fri, 25 Aug 2006 09:25:58 +1000 
1890963303 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:23 PM -0400: 
Xmas Party's on Trade BOOK NOW !! Is this what you mean??? 
1890845278 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:16 PM -0400: 
Didnt Happen Brenda 
1890845291 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

spamtraps are but a small fraction of reports.

Edited by Wazoo

Share this post


Link to post
Share on other sites
idl.net.au' post='46926' date='Aug 30 2006, 01:47 AM']It doesn't track messages via a relay does it?

Or how updated is it?

http://forum.spamcop.net/scwik/SenderBase for the general background. Bottom line, those "data collection points" are seeing traffic from that IP address .... it is basically "live" ....

Share this post


Link to post
Share on other sites

That is my personal old uni e-mail address that forwards to my ISP account. My mail server 203.33.254.150 does not send that e-mail out it recieves it from the newcastle uni.

Is there something wrong with spam cop?

PS: I can't believe I put my e-mail as the login and I can't figure out where to change it. Anyone know?

Share this post


Link to post
Share on other sites

I could go on, but this is one of the most productive source of spam I have seen yet, possibility of a hijacked PC is very likely:

Submitted: Thursday, August 24, 2006 6:20:07 PM -0400: 
Ill 
1890845231 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:20:07 PM -0400: 
money for you 
1890845232 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:20:03 PM -0400: 
Latest stuff Now you could grant your wish Revel in 
1890845233 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:20:06 PM -0400: 
Info for the Rock 
1890845245 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:20:06 PM -0400: 
killing Just Schoolgirl and killing Schoolgirls from Your dreeam! 
1890845246 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:20:05 PM -0400: 
beautiful Sluts at Porn! 
1890845249 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:40 PM -0400: 
Russsian attractive Teen hardcoree action. 
1890845256 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:30 PM -0400: 
good-looking russiann Teen in poono! 
1890845259 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:28 PM -0400: 
Credit Card Expiration Approaching 
1890845267 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

--------------------------------------------------------------------------------
Submitted: Thursday, August 24, 2006 6:19:28 PM -0400: 
{mob} 
1890845269 ( 203.33.254.150 ) To: c9514955[at]alinga.newcastle.edu.au 

Edited by Wazoo

Share this post


Link to post
Share on other sites

Missed my post :)

Yes, My spam assassin works like mad filtering all the crap generated from that account. Again its sent to my mail server not the other way around..

c9514955[at]newcastle.edu.au forwards to 203.33.254.150.

Share this post


Link to post
Share on other sites
idl.net.au' post='46922' date='Aug 30 2006, 12:39 AM']IP: 203.33.254.150

After continual re-listing over the weekend, many late nights examining logs, writing filters and attempts to contact Spamcop for more information I gave up and changed the IP of my mail server yesterday morning some 30hours + ago. I really didn't want to do this as if there is a problem I would like to fix it.

The new IP hasn't been listed yet. But the old IP has been relisted since I stopped it sending any e-mail?

How is this possible, am I missing something?

Any explanation for the response I get ....???

C:\>telnet 203.33.254.150 25

220 mail.idl.net.au ESMTP

There's still an e-mail server sitting at that IP address .....

Share this post


Link to post
Share on other sites

Yes.. But it doesnt send any e-mail directly. It relays via another host.

I do not send e-mail to c9514955[at]newcastle.edu.au it's my personal old UNI account. They forward my e-mail to my ISP that I happen to own..

They forward to 203.33.254.150 not the other way around. I just logged into their webmail admin and turned off the forwarding. BUT there must be an issue somewhere, what if one of my customers did this.

I know you get a lot of noobs posting crap, and at the risk of sounding like I don't know what I am doing let me say that I do know what I am doing and I am an ISP admin of some 10 years.

Share this post


Link to post
Share on other sites
idl.net.au' post='46929' date='Aug 30 2006, 01:56 AM']Is there something wrong with spam cop?

Reports routes for 203.33.254.150:

routeid:21471794 203.33.254.0 - 203.33.254.255 to:c9514955[at]alinga.newcastle.edu.au

Administrator found from whois records

Parsing input: 203.33.254.150

host 203.33.254.150 = mail.idl.com.au (cached)

host 203.33.254.150 = mail.idl.com.au (cached)

Routing details for 203.33.254.150

[refresh/show] Cached whois for 203.33.254.150 : c9514955[at]alinga.newcastle.edu.au

Using last resort contacts c9514955[at]alinga.newcastle.edu.au

Removing old cache entries.

Tracking details

"whois 203.33.254.150[at]whois.apnic.net" (Getting contact from whois.apnic.net mirror)

Display data:

dm252-ap = c9514955[at]alinga.newcastle.edu.au

whois.apnic.net 203.33.254.150 = c9514955[at]alinga.newcastle.edu.au

whois: 203.33.254.0 - 203.33.254.255 = c9514955[at]alinga.newcastle.edu.au

Routing details for 203.33.254.150

Using last resort contacts c9514955[at]alinga.newcastle.edu.au

PS: I can't believe I put my e-mail as the login and I can't figure out where to change it. Anyone know?

???? The link to the Announcement was provided in a previous post .. that Announcemnt has a link to an entry in the Forum FAQ (which also available at the top of this screen)

Share this post


Link to post
Share on other sites

Ahh.. Should I feel stupid now?

So you are saying the reports where sent to c9514955[at]alinga.newcastle.edu.au, not that the spam was reported by this address?

I cant change the whois lookup as I registered that subnet some 12 years ago and unless I start paying APNIC they wont update records. Any way to get notifications to go to a different address?

Do you have any details of the actual message headers so I can track it within my network. I really want to know how I can miss so many in my logs. Still doesn't answer the question as to why I am getting re-listed when that sever does not send e-mail directly.

Any more help please?

Share this post


Link to post
Share on other sites
idl.net.au' post='46935' date='Aug 30 2006, 02:06 AM']Yes.. But it doesnt send any e-mail directly. It relays via another host.

Firewall in use? Can you send e-mail 'to' this server and 'prove' that it is relaying for you properly?

If so, then there's a lot more to the story .....

I do not send e-mail to c9514955[at]newcastle.edu.au it's my personal old UNI account. They forward my e-mail to my ISP that I happen to own..

They forward to 203.33.254.150 not the other way around. I just logged into their webmail admin and turned off the forwarding. BUT there must be an issue somewhere, what if one of my customers did this.

As shown, that address is found in the WHOIS data/records ..... thus you should have been receiving all those reports. Not sure what you 'solved' by turning off the forwarding, other than having to check that account directly now ....

I know you get a lot of noobs posting crap, and at the risk of sounding like I don't know what I am doing let me say that I do know what I am doing and I am an ISP admin of some 10 years.

I just fessed up to making a huge error in only applying half a modification to some other code in another application here .... I had it running just fine on the original installation .. was involved with Alpha and Beta testing with the next release, then installed the 'final' of that last release .. eventually copying over the 'final' into the 'original' location .... a couple of weeks ago .. problem only noticed a few hours back ... how I missed inserting the second bit of code is beyond me, but ..... and I've been around for a lot longer than 10 years <g>

Share this post


Link to post
Share on other sites
Firewall in use? Can you send e-mail 'to' this server and 'prove' that it is relaying for you properly?

Yes, the mail definatly goes via the smart host and then is sent to the Internet.

As shown, that address is found in the WHOIS data/records ..... thus you should have been receiving all those reports. Not sure what you 'solved' by turning off the forwarding, other than having to check that account directly now ....

My bad, thought that was the address reporting the spam (please see my last post, we really need a chat line instead of a discussion board.. and thanks for you quick help)

I just fessed up to making a huge error in only applying half a modification to some other code in another application here .... I had it running just fine on the original installation .. was involved with Alpha and Beta testing with the next release, then installed the 'final' of that last release .. eventually copying over the 'final' into the 'original' location .... a couple of weeks ago .. problem only noticed a few hours back ... how I missed inserting the second bit of code is beyond me, but ..... and I've been around for a lot longer than 10 years <g>

My comment was a litte toung in cheek. I get self proclamed network admin's calling for support ever day that don't even know how to forward a port.

Share this post


Link to post
Share on other sites

PM sent, asking for a test e-mail so I can see the headers .. Tracking URL will be forthcoming ....

Share this post


Link to post
Share on other sites

Are you able to give me the full headers for one or some of these messages by any chance? I honostly have spent many hours (like 4 days up until midnight) trying to figure out where it is coming from.

I like nothing more then to disconnect a user who is sending spam , kind of like disconnecting an ISP that sends spam I suppose :)

Edited by mmarklew

Share this post


Link to post
Share on other sites
Are you able to give me the full headers for one or some of these messages by any chance? I honostly have spent many hours (like 4 days up until midnight) trying to figure out where it is coming from.

Section 8 - SpamCop's System & Active Staff User Guide

You've gotten all the data that other 'users' can provide. Yoy're saying that the Subject: lines don't do you any good, thus I asked for an e-mail to see what is actually in those headers.

Share this post


Link to post
Share on other sites

Tracking URL: http://www.spamcop.net/sc?id=z1047543055za...2b5fdbb20a16afz

Bottom line, this "legitimate' e-mail would resilt in reports being sent to you about the 'other' IP address ....

Report spam to:

Re: 203.33.254.129 (Administrator of network where email originates)

To: c9514955[at]alinga.newcastle.edu.au

So that the spam being reported shown by dra007 was either prior to your switching to the smarthost ... or there is definitely someone managing to bypass the alleged e-mail server itself, yet using the same IP address to get out on (so back to the firewall logs ..????)

On the other hand, the parser shows lots of problems (well even the e-mail header itself complains aboit a misconfigured server ....) I really hate to post the whole mess here, but I'm guessing that as you don't have even a free reporting account, I don't know if you will be able to see the "full, technical details" ..????

Received: from smtp2.idl.com.au (smtp3.idl.com.au[203.33.254.147](misconfigured sender))

by sccqmxc94.asp.att.net (sccqmxc94) with ESMTP

id <20060830074230q9400ob5gde>; Wed, 30 Aug 2006 07:42:30 +0000

203.33.254.147 is not an MX for smtp3.idl.com.au

Host smtp3.idl.com.au (checking ip) = 203.33.254.147

203.33.254.147 not listed in dnsbl.njabl.org

203.33.254.147 not listed in cbl.abuseat.org

203.33.254.147 not listed in dnsbl.sorbs.net

203.33.254.147 is not an MX for sccqmxc94.asp.att.net

203.33.254.147 is not an MX for smtp3.idl.com.au.

203.33.254.147 is not an MX for smtp2.idl.com.au

203.33.254.147 is not an MX for sccqmxc94.asp.att.net

203.33.254.147 not listed in dnsbl.njabl.org

203.33.254.150 is not an MX for mail.idl.com.au

Host mail.idl.com.au (checking ip) = 203.33.254.150

Host smtp2.idl.com.au (checking ip) = 203.32.82.5

203.32.82.5 not listed in dnsbl.njabl.org

203.32.82.5 not listed in cbl.abuseat.org

203.32.82.5 not listed in dnsbl.sorbs.net

Chain test:smtp2.idl.com.au =? smtp3.idl.com.au.

Host smtp3.idl.com.au. (checking ip) = 203.33.254.147

203.33.254.147 is not an MX for smtp2.idl.com.au

Host smtp2.idl.com.au (checking ip) = 203.32.82.5

203.33.254.147 is not an MX for smtp2.idl.com.au

smtp2.idl.com.au and smtp3.idl.com.au. have same domain - chain verified

Possible relay: 203.33.254.147

203.33.254.147 not listed in relays.ordb.org.

203.33.254.147 has already been sent to relay testers

Received: from localhost (localhost.localdomain [127.0.0.1]) by bishop.idl.com.au (Postfix) with ESMTP id B5B6451C775 for <xxxxx>; Wed, 30 Aug 2006 17:39:33 +1000 (EST)

Received: from bishop.idl.com.au ([127.0.0.1]) by localhost (bishop [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29416-07 for <xxxxx>; Wed, 30 Aug 2006 17:39:33 +1000 (EST)

Cannot accept line without valid 'by'. Skipping chain test - would fail.

203.33.254.129 is not an MX for gemini.idl.com.au

Host gemini.idl.com.au (checking ip) = 203.33.254.129

Host bishop.idl.com.au (checking ip) = 203.33.254.150

203.33.254.150 not listed in dnsbl.njabl.org

203.33.254.150 not listed in cbl.abuseat.org

203.33.254.150 not listed in dnsbl.sorbs.net

Chain test:bishop.idl.com.au =? mail.idl.com.au

Host mail.idl.com.au (checking ip) = 203.33.254.150

203.33.254.150 is not an MX for bishop.idl.com.au

Host bishop.idl.com.au (checking ip) = 203.33.254.150

ips are identical

bishop.idl.com.au and mail.idl.com.au have close IP addresses - chain verified

Possible relay: 203.33.254.150

203.33.254.150 not listed in relays.ordb.org.

203.33.254.150 has already been sent to relay testers

Lots of configuration "issues" .....

Share this post


Link to post
Share on other sites

Report spam to:

Re: 203.33.254.129 (Administrator of network where email originates)

To: c9514955[at]alinga.newcastle.edu.au

I'll put my mail server on another subnet that I have access to the whois e-mail address or is there another way to change the reporting address? (I cant access the whois due to a APNIC policy with old registered class C's)

So that the spam being reported shown by dra007 was either prior to your switching to the smarthost

It would have been before, I only switched it 40 hours or so ago.

On the other hand, the parser shows lots of problems (well even the e-mail header itself complains aboit a misconfigured server ....)

I fixed the DNS, but am I correct the only error is to do with the virus scanning on outgoing e-mail? I will remove this service.

Lots of configuration "issues" .....

Lots? Other then the anti virus and the dns for 203.33.254.150, am I reading this wrong?

Share this post


Link to post
Share on other sites

Here's a possible scenario. If your mailserver had some kind of virus running on it, that virus would most likely not use your MTA to send mail, it would simply go direct to MX, which means that traffic would still be from your original mail server IP, not your relay. Your legitimate email would bounce from your MTA, to the relay/smart host and out on the new IP. As Wazoo suggested, I would watch port 25 traffic on your firewall logs and see if you are still showing traffic from your mailserver going out on port 25 to places other than your designated relay.

Share this post


Link to post
Share on other sites

Here's a possible scenario. If your mailserver had some kind of virus running on it, that .......

That is a good point and worth checking. Its a Linux server with postfix, I guess its possible it has been compromised. Just checked my netflow records and nothing going external from that IP. You had me worried for a second there.

Sorry to harp and thank you for your help, but I still do not know why I am blocked. Everyone has been helpful to give me records of spam my server sent but nothing in these posts allows me to track it back to my server and the originating user. I check the time stamps and there was nothing at the time I could see to be the message in question (my time is in sync).

Can I gain access to more of the header? I need the bit that shows the sent from/to or the message ID from my server so I can search my logs.

Share this post


Link to post
Share on other sites

but I'm guessing that as you don't have even a free reporting account, I don't know if you will be able to see the "full, technical details" ..????

I have a paid spamcop e-mail account. I am happy to even pay for a reporting account if I can get the info I need. Believe me I see the need for the Spamcop service I am as committed as you at stopping spam. I have read loads of FAQ's and stuff but can find this out. There is a lot of info though. Can you point me to the right docs please?

Edited by mmarklew

Share this post


Link to post
Share on other sites

You should be able to get more detailed information from the deputies (deputies[at]admin.spamcop.net). The users here don't have access to any more information than what has already been posted unfortunately.

Share this post


Link to post
Share on other sites

I have a paid spamcop e-mail account. I am happy to even pay for a reporting account if I can get the info I need. Believe me I see the need for the Spamcop service I am as committed as you at stopping spam. I have read loads of FAQ's and stuff but can find this out. There is a lot of info though. Can you point me to the right docs please?

You get a paid rporting account with your paid email account, but you will not get any more information that way. The email address just above can provide the information, but you wil need to prove to the deputies you are the administrator of that server.

Share this post


Link to post
Share on other sites

Wazoo's previous comment about us getting listed for forwarded e-mail was correct but I didnt quite understand what he ment.

Turns out one of my customers was forwarding e-mail to a spamcop account (I even do this) and the parser was making a mistake with the forwarding via my anti-virus system. Means it was listing my ISP for the e-mail by mistake.

The deputy fixed it but I need to clean up the message routing to prevent this type of thing happening again. I have been using the amavis anti virus for almost a year, but there must be something I have done wrong in its configuration. Anyone seen this type of problem before and know how to fix the headers for amavis + postfix?

Thanks for everyones help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×