iconsee_99 Posted September 10, 2006 Share Posted September 10, 2006 Hello, I have recently become responsible for the mail servers at a large company and am needing to understand Spamcop thoroughly for the first time - we have been blocked a few times since I've been administrator over the last couple of months and I am trying to understand why so that we can prevent it in the future. I'm currently trying to clean up misdirected bounces, in case that is the problem. And, I know the entire company uses auto-responders for Out-of-Office with Exchange, and have read this can cause blacklisting. However, I've not been able to convince those responsible for Exchange that this could cause the problem. If anyone could help me understand the Spamcop reports, I would be very much appreciative. "Service unavailable; Client host [194.138.160.6] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?194.138.160.6" We're not currently blocked, but the last summary report I got looked like this: [ SpamCop V1.596 Summary Report ] -- See footer for key to columns and notes about this report -- IP_Address Start/Length Trap User Mole Simp Comments RDNS 194.138.160.6 Sep 1 03h/6 1 0 0 0 goliath.siemens.com Thanks in advance, JoAnn Link to comment Share on other sites More sharing options...
Paranoid2000 Posted September 10, 2006 Share Posted September 10, 2006 Welcome to the forums Iconsee_99, Auto-responders certainly can be a cause of problems so are best avoided. If users are that much attached to them, asking them how they would feel having some of their emails blocked or having to deal with dozens of bounces from others' autoresponders is one approach, while calculating how much upstream bandwidth (and money) is wasted due to misdirected bounces would be a better argument for managers. If you can't get rid of them though, the following steps can help reduce the problem: use rigorous filtering (blocklists, content, Bayesian) on incoming mail to remove as much spam as possible; employ extensions like Sender Policy Framework and DomainKeys to detect forged sender addresses (these only work for compliant domains so are not a 100% solution by a long shot, but that should improve over time); have bounces sent from a separate server - this will get blocklisted leaving your main SMTP server unaffected; stop sending bounces altogether - this will mean posters not receiving error messages if they specify an incorrect address but may be the lesser evil if you are currently sending thousands of misdirected bounces. Link to comment Share on other sites More sharing options...
dra007 Posted September 10, 2006 Share Posted September 10, 2006 Misdirected bounces seem to be indeed your major problem: Report History: Don't Display UUBE Submitted: Friday, September 08, 2006 4:10:34 PM -0400: Returned mail: see transcript for details 1913375767 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Friday, September 08, 2006 11:06:09 AM -0400: Returned mail: see transcript for details 1912988817 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Friday, September 08, 2006 2:28:41 AM -0400: Returned mail: see transcript for details 1912370258 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Wednesday, September 06, 2006 7:05:37 PM -0400: Out of Office AutoReply: [Possible spam] Good news for traders 1910322924 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Wednesday, September 06, 2006 7:41:55 AM -0400: Undeliverable: ALVN news 1909470988 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Tuesday, September 05, 2006 10:25:00 PM -0400: Out of Office AutoReply: this going to expolad 1908896523 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Tuesday, September 05, 2006 10:22:11 PM -0400: Returned mail: see transcript for details 1908893313 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Monday, September 04, 2006 8:22:58 PM -0400: Returned mail: see transcript for details 1907088256 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Monday, September 04, 2006 7:27:21 AM -0400: Returned mail: see transcript for details 1906073037 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Sunday, September 03, 2006 11:02:28 PM -0400: Returned mail: see transcript for details 1905560741 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Sunday, September 03, 2006 11:02:01 PM -0400: Returned mail: see transcript for details 1905560172 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Sunday, September 03, 2006 5:32:10 PM -0400: Out of Office AutoReply: High-quality custom logos and business i dentities (... 1905249257 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Saturday, September 02, 2006 3:59:12 PM -0400: Returned mail: see transcript for details 1903824426 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Saturday, September 02, 2006 8:08:30 AM -0400: Returned mail: see transcript for details 1903322686 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Saturday, September 02, 2006 8:07:02 AM -0400: Returned mail: see transcript for details 1903321216 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Friday, September 01, 2006 12:55:07 PM -0400: Returned mail: see transcript for details 1902263166 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Friday, September 01, 2006 12:23:10 PM -0400: Returned mail: see transcript for details 1902226757 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net ------------------------- Submitted: Friday, September 01, 2006 12:06:26 PM -0400: Returned mail: see transcript for details 1902210440 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net Link to comment Share on other sites More sharing options...
Miss Betsy Posted September 10, 2006 Share Posted September 10, 2006 If Out of Office replies are felt necessary by those who use them, in addition to good spam filtering, the OOO replies can go only to a whitelist of regular correspondents to reduce the number that might go to spam traps. Miss Betsy Link to comment Share on other sites More sharing options...
iconsee_99 Posted September 10, 2006 Author Share Posted September 10, 2006 Misdirected bounces seem to be indeed your major problem: Thanks for your help, dra007. The report you posted should prove very helpful - is this a report that I can somehow get on a regular basis? Thanks for everyone's help. This will give me some good solutions to look into and some ammunition to take to the executives who are complaining to me because Spamcop is blocking mail going out to our customers. I'm certainly glad I found this forum! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 10, 2006 Share Posted September 10, 2006 Thanks for your help, dra007. The report you posted should prove very helpful - is this a report that I can somehow get on a regular basis? That informaton is available to paid reporters by clicking the [report history] link in the parser output for your IP address. SpamCop v 1.596 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. Parsing input: 194.138.160.6 host 194.138.160.6 = goliath.siemens.com (cached) host 194.138.160.6 = goliath.siemens.com (cached) [report history]... You also have at least one regular report. Do you have access to the following email account? Any reports will be sent to that address. Report History: Display UUBE ------------------------------------------------------------- Submitted: Saturday, July 29, 2006 1:09:19 PM -0400: Returned mail: see transcript for details 1856671612 ( 194.138.160.6 ) To: klaus.bork[at]siemens.com 1856671611 ( 194.138.160.6 ) To: klaus.bork[at]mch11.siemens.de The reason it picks that address: Tracking details Display data: "whois 194.138.160.6[at]whois.ripe.net" (Getting contact from whois.ripe.net) kb1678-ripe = klaus.bork[at]siemens.com whois.ripe.net 194.138.160.6 = klaus.bork[at]siemens.com whois: 194.138.0.0 - 194.138.255.255 = klaus.bork[at]siemens.com Routing details for 194.138.160.6 Using last resort contacts klaus.bork[at]siemens.com Changing whois data or adding an abuse address to abuse.net should get reports redirected. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.