Jump to content
Sign in to follow this  
misho

Strange Problem with my IP (87.118.176.200)

Recommended Posts

Hello,

In this days, i am in spamcop( Zlatograd.com mail server running postfix 2.2.3) blacklist, but i not sending spam or i have open relay mail server. If can help me what is the reason for what i am this spamcop blacklist .

And when i understand what is the reason and if problem in my mail server i fix !

Thanks in advance !!

Best Regards

Mihail Peltekov

System Administrator mail server Zlatograd.com !!

Sorry for my bad english !

Share this post


Link to post
Share on other sites

Mihail,

I just looked up some things about the IP address [87.118.176.200], and it's not good news. First, take a look at the statistics on this page:

http://www.senderbase.org/search?searchString=87.118.176.200

Under "Volume Statistics for this IP" the "Last day" value is 2693%, and although the SenderBase has only been watching the volume from that IP for a short time, that's a HUGE increase, so I'll guess that there's lots of stuff being transmitted from the IP without your knowledge.

The reason the IP is listed in the SCBL is totally due to spam reports submitted by SpamCop users, such as these:

Submitted: Thursday, October 26, 2006 1:24:49 PM -0700:

SEXUALLY EXPLICIT : Horny cum eating blonde babe

* 1986600140 ( 87.118.176.200 ) To: spamcop[at]imaphost.com

* 1986600134 ( 87.118.176.200 ) To: ripe[at]itdnet.net

Submitted: Tuesday, October 24, 2006 2:20:11 PM -0700:

No problems in sex - no problems in life. Viagra Pro.

* 1983289213 ( 87.118.176.200 ) To: ripe[at]itdnet.net

Submitted: Monday, October 23, 2006 6:23:04 AM -0700:

Get your ideal weight with this natural method

* 1980983258 ( 87.118.176.200 ) To: mole[at]devnull.spamcop.net

Submitted: Monday, October 23, 2006 6:10:40 AM -0700:

We are trusted, reliable pharmacy

* 1980973849 ( 87.118.176.200 ) To: ripe[at]itdnet.net

Submitted: Monday, October 23, 2006 4:28:11 AM -0700:

[spam] SEXUALLY EXPLICIT : Adorable blonde Carol teasing pink

* 1981551962 ( 87.118.176.200 ) To: spamcop[at]imaphost.com

* 1981551949 ( 87.118.176.200 ) To: ripe[at]itdnet.net

Port spam, pharmaceutical spam....you've got some real problems with what's been going out from your machine! The reports have been sent to the "itdnet.net" adress shown above, so perhaps you can contact them for further details.

If you're running a MS Exchange server, we have some helpful people who will come along and tell you how to secure it against hijacking, etc.

Further info:

Listing History

In the past 4.1 days, it has been listed 3 times for a total of 2.1 days

Other hosts in this "neighborhood" with spam reports

87.118.176.252 87.118.176.254 87.118.177.1

Looks like your IP has been repeated listed this week, and that you, or someone else has tried to "delist" it, so you can't do that any more. What you need to do is to find out who or what is transmitting all that spam from your IP and stop it.

DT

Share this post


Link to post
Share on other sites

Thanks for fast reply !!

Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with spam !!! Who can help me to delist ?

Thanks

Share this post


Link to post
Share on other sites
Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with spam !!! Who can help me to delist ?

Delisting will happen automatically after a set amount of time without receiving a new report. The people at ripe[at]itdnet.net have the reports which include the headers.

The only other way would be to convince the people at deputies[at]spamcop.net you are responsible for that IP address and ask for the headers as well. Not sure it will work (since reports already went to the responsible party on record).

You may want to get this modified so you receive the reports:

Reports routes for 87.118.176.200:

routeid:22815066 87.118.176.0 - 87.118.177.255 to:ripe[at]itdnet.net

Administrator found from whois records

Share this post


Link to post
Share on other sites
Because this server and routing and pc in local network and may be any of PC is have viruses

Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure.

DT

Share this post


Link to post
Share on other sites
Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure.

Hi Again :)

In my first post i said what is my mail server ( Postfix 2.2.3) .. For auth i using SASL smptd, before users send e-mail they must AUTH, but may be my local area 192.168.8.0/24 is in my trusted network ... But think today to remove from there ..

Share this post


Link to post
Share on other sites
Hi Again :)

In my first post i said what is my mail server ( Postfix 2.2.3)

Ah, yes you did....sorry. We've had so many Exchange admins drop by recently I had a "one-track" mind. Sorry for my confusion.

DT

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×