[Resolved] More info please: 213.91.141.18 blacklisted

[tarantula]

Can I have more information regarding the blacklisting of our mailserver (213.91.141.18)? Any help you provide will be greatly appreciated. We are not relaying or sending spam but we constantly appear in your blacklists. I don't think any of our machines is infected by a virus, so please help!

[Farelf]

Can I have more information regarding the blacklisting of our mailserver (213.91.141.18)? Any help you provide will be greatly appreciated. We are not relaying or sending spam but we constantly appear in your blacklists. I don't think any of our machines is infected by a virus, so please help!

Hopefully a paying user with history access will help out, however I note reports (other than spamtrap) have been going to

Reporting addresses:

postmaster[at]unacs.bg

Have you looked there for reports?

While SCBL seems to be the only one registering that IP address SenderBase shows increased activity:

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.4 5673%

Last 30 days 3.3 366%

Average 2.7

[Derek T]

Hopefully a paying user with history access will help out,

Here, Sir!

Report History:

Query short history (7 days)
Submitted: Mon, 04 Dec 2006 16:20:47 GMT:
at intend

	* 2048467912 ( 213.91.141.18 ) To: postmaster[at]unacs.bg 

Submitted: Sun, 03 Dec 2006 16:16:40 GMT:
Be so needs

	* 2047155393 ( 213.91.141.18 ) To: spamcop[at]imaphost.com
	* 2047155341 ( 213.91.141.18 ) To: postmaster[at]unacs.bg 

Older Reports

Sorry to say this but you most definitely ARE sending spam. whether you know it or not. Seems like primary spam spew rather than backscatter. Check your firewall logs and see the FAQ here about the SMTP/AUTH hack.

[tarantula]

* 2047155393 ( 213.91.141.18 ) To: spamcop[at]imaphost.com

* 2047155341 ( 213.91.141.18 ) To: postmaster[at]unacs.bg

Does this actually mean that we have sent mail to spamcop[at]imaphost.com or this is the reporting address used by postmaster[at]uniacs.bg? And another question - is a simple report by a user enough to get an IP blacklisted?

Thanks in advance for your answers.

[Wazoo]

Does this actually mean that we have sent mail to spamcop[at]imaphost.com or this is the reporting address used by postmaster[at]uniacs.bg?

Neither .. those are where Reports were sent on spam.spew identified as coming from your server.

And another question - is a simple report by a user enough to get an IP blacklisted?

Thanks in advance for your answers.

Frequently Asked Question .. please see the SpamCopFAQ and/or the SpamCop Wiki .. links at the top of this very page.

[Derek T]

Does this actually mean that we have sent mail to spamcop[at]imaphost.com or this is the reporting address used by postmaster[at]uniacs.bg? And another question - is a simple report by a user enough to get an IP blacklisted?

Thanks in advance for your answers.

There is a 63-fold increase in traffic from your server. Unless you stop the spew SOON you will end up on blocklists that are a lot less forgiving than SpamCop. I suggest you disconnect that server from teh WAN until you sort out your security.

[tarantula]

Thanks everybody for the help. The problem was a pretty nasty virus on one of the workstations and poorly configured firewall on the server.

[kamaraju]

Thanks everybody for the help. The problem was a pretty nasty virus on one of the workstations and poorly configured firewall on the server.

Now that you have solved your problem, Can I suggest something? Why not just use Linux where you do not have any viruses? I am pretty sure that it is only a matter of time before another virus hits your M$ system. Moreover Linux is free and open source where as you have to pay a lot of money to get windows and anti virus software etc.,

raju

[Derek T]

Thanks everybody for the help. The problem was a pretty nasty virus on one of the workstations and poorly configured firewall on the server.

Thank you for 1. sorting the spew out - the net's a better place for it and 2. coming back here to let us know that the matter is resolved (ping moderators).

[Farelf]

Thank you for 1. sorting the spew out - the net's a better place for it and 2. coming back here to let us know that the matter is resolved (ping moderators).

Agree on all counts - thank you players, thank you ballboys (er... persons)

[turetzsr]

Moreover Linux is free and open source where as you have to pay a lot of money to get windows and anti virus software etc.,

...Agree that it may be worthwhile to consider Linux but you may want to take TCO into account. It does you no good to save $10,000 (illustrative amount only, not saying that is what the cost actually is) on licenses for Microsoft products but then spend $100,000 (again, illustrative amount only, not saying that is what the cost actually is) to implement and support "free" Linux and its applications. <g>

[Telarin]

Just to point out, he said that the problem was an infected workstation, not anything on the server. And whoever said there were no viruses for linux needs to do their homework a little better. There are a number of viruses, exploits, and trojans out there for linus. Not to mention the fact that it is an administrative nightmare to try to support on end-user desktops.

[kamaraju]

...Agree that it may be worthwhile to consider Linux but you may want to take TCO into account. It does you no good to save $10,000 (illustrative amount only, not saying that is what the cost actually is) on licenses for Microsoft products but then spend $100,000 (again, illustrative amount only, not saying that is what the cost actually is) to implement and support "free" Linux and its applications. <g>

1. I do not agree with the numbers you quote. They are not even close in terms of order of magnitude...

2. Support for Linux or microsoft would be roughly the same. I do not think supporting Linux would be any more expensive than supporting M$ applications.

Just to point out, he said that the problem was an infected workstation, not anything on the server. And whoever said there were no viruses for linux needs to do their homework a little better. There are a number of viruses, exploits, and trojans out there for linus. Not to mention the fact that it is an administrative nightmare to try to support on end-user desktops.

OK. What I meant was that the number of viruses/exploits/trojans etc., on a typical Linux distribution (Ex:- Debian Stable aka sarge currently) are way less compared to the number of viruses/exploits/trojans on M$ (Ex:- Windows XP). Now go ahead and prove me wrong. I am all ears.

I do not think that supporting Linux would be any more administrative nightmare as compared to supporting M$ desktops. Especially with all the viruses/exploits/trojans etc.,

[Telarin]

Honestly, in a corporate environment, viruses and trojans aren't much of a concern. We run anti-virus on all our boxes, and I haven't had a single hit in years. By simply implementing attachment filtering at the mail server so no executable attachments can get through without administrative approval, a firewall to keep malicious users out of the network altogether, and some basic browser security changes to prevent execution of unwanted ActiveX controls and prevent some of the exploits out there, you can secure a corporate environment quite easily.

Granted, *nix doesn't have as many viruses/trojans out there, but as I said, those are not a terribly large concern in a properly secured corporate environment.

Its also much harder to find a qualified *nix tech that has a decent amount of experience in anything larger than a home network. And anyone who has done any outside consulting knows the simple equation:

Hard To Find == Specialty == $++

Support for linux can also be difficult to get for complex problems. On the other hand, if I have a problem with a Windows server, its simply a matter of picking up the phone and calling Microsoft. Yes, a server support call runs about $245, but I've had instances where I've sat on the phone with a tech for 13 hours straight until the issue was fixed. Thats about $18.85 per hour if you want to do the math. And at times I had both an Exchange and Small Business Server specialist on the phone. They are well trained and very knowledgable about the internal workings of their products, so I guarantee they didn't make any money off that call. Interesting side note on this, they actually refunded the $245 at the end of the call because they determined it was a bug in Exchange 2003 and they had to write a hotfix for me...

[turetzsr]

...Agree that it may be worthwhile to consider Linux but you may want to take TCO into account. It does you no good to save $10,000 (illustrative amount only, not saying that is what the cost actually is) on licenses for Microsoft products but then spend $100,000 (again, illustrative amount only, not saying that is what the cost actually is) to implement and support "free" Linux and its applications. smile.gif <g>

1. I do not agree with the numbers you quote. They are not even close in terms of order of magnitude...

...That you replied this way means that I failed miserably in expressing my point. The reason I wrote (twice) "illustrative amount only, not saying that is what the cost actually is" is that I do not know the costs or their magnitude and was simply trying to convey that anyone considering replacing Microsoft products with a different set of products should take into account not just the cost of acquiring the software but also the costs of installing, supporting and maintaining it!

2. Support for Linux or microsoft would be roughly the same. I do not think supporting Linux would be any more expensive than supporting M$ applications.

<snip>

...That is not my understanding but you almost certainly know more about it than do I. On the other hand, so does Will and he presents some reasoning that would suggest that post-acquisition costs of Linux would likely be greater than those of Microsoft products.