Jump to content

[Resolved] Spam traps help


br53

Recommended Posts

Hi,

Our server is listed due to spam traps: http://www.spamcop.net/bl.shtml?210.9.130.146

I've since made changes so that we don't accept messages and then bounce back delivery failures. But this morning when we were due to be automatically delisted, it's back to 23 hours.

I've used the form to contact Spamcop already, but it's becoming quite urgent so I'm posting here too.

Any help is appreciated.

Thanks

Josh

Link to comment
Share on other sites

Sender base shows an unusual increase in trafic recently:

Report on IP address: 210.9.130.146

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.0 404%

Last 30 days 2.9 -64%

Average 3.3

I, however, cannot find any reported history that would shed some light on this. If you already wrote to the deputies, patience is golden, and I am sure you'll be able to resolve your issue. Please let us know.

Link to comment
Share on other sites

If the volume is up, that can mean a compromised machine that does not use the normal port 25 to send the spew. Check your firewall logs for unusual traffic.

and the PSBL evidence shows real fresh spam rather than bounces, which also suggests either a trojanned machine or an SMPT-AUTH hack, rather than the problem being simply auto-replies.

There is also now one human report to add to the spamtrap hits:

Submitted: 08 September 2006 08:11:27 +0100:

Fwd:

* 1912415028 ( 210.9.130.146 ) To: abuse[at]connect.com.au

(which will have reset the delist clock)

looks like the reports are going to your upstream, you might discuss with them getting copies of the reports or registering your own abuse address. It seems you have a real 'live' problem to deal with here, things seem to be going from bad to worse.

Link to comment
Share on other sites

The PSBL is pretty interesting:

2006-09-01 00:36:36.18671 received spamtrap mail

2006-09-04 23:13:08.923761 major smtp violation

2006-09-05 19:08:39.299366 received spamtrap mail

2006-09-07 20:03:03.386709 received spamtrap mail

Wonder what a major smtp violation is?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...