mputson Posted January 10, 2007 Share Posted January 10, 2007 195.97.227.10 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Automatic delisting If you are the administrator of post.mceplc.com. and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue. Looking for potential administrative email addresses for 195.97.227.10: cannot find an mx for post.mceplc.com 194.176.73.105 is an mx ( 10 ) for mceplc.com My isp has blocked the company's outgoing emails because of this. Things I have checked/fixed. 1) I upgraded the firewall we use on Monday, and this may have caused other pcs to be able to send emails that could have been hit with a virus. This is now fixed. 2) Some users who were allowed to be sent email are no longer with the company and RNDRs were issued. The allowable list of emails via the email spam prevention system we use (Xwall) has been recified. The automatic delisting doesn't work as I never received any emails. I guessing this is because you try to smtp to the ip address directly instead of the mx record for mceplc.com. (The firewall and the xwall only allow specific ip addresses to connect to it.). Hence I have clicked on the dispute link on the page and entered the same information I have here. I am basically posting to ask how long it takes for the issues to be resolved. Also if I may have missed anything. Link to comment Share on other sites More sharing options...
dra007 Posted January 10, 2007 Share Posted January 10, 2007 Looks like you've done something right, Sender Base suggests the spew of bad stuff has stopped: Report on IP address: 195.97.227.10 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 2.0 -100% Last 30 days 1.3 265% Average 0.6 There are no user reports which suggests bounces to spamtraps may have been your only issue.. Link to comment Share on other sites More sharing options...
Wazoo Posted January 10, 2007 Share Posted January 10, 2007 I am basically posting to ask how long it takes for the issues to be resolved. Also if I may have missed anything. Suggests that you have not looked at a FAQ anywhere. You posted four hours ago, showing data of "will be delisted automatically in 16 hours" ... Check now shows "will be delisted automatically in 12 hours." Per the FAQ data not looked up, the listing/delisting/time is based on the results of a mathematical formula. The use of a "dispute" does not correlate with your description .. note the words offered "... and you are sure this listing is erroneous .." .... appearances are that it wasn't 'erroneously' listed. http://www.senderbase.org/search?searchBy=...g=195.97.227.10 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 2.0 .. -100% Last 30 days .. 1.3 ... 261% Average ........ 0.6 Numbers seem strange, but then the 'real' factoid junps out; Date of first message seen from this address 2007-01-08 This being a "new" server wasn't mentioned in your write-up of the background involved. Link to comment Share on other sites More sharing options...
mputson Posted January 10, 2007 Author Share Posted January 10, 2007 This being a "new" server wasn't mentioned in your write-up of the background involved. Is is not a "new" server. The server has been in place with the same configuration for the past 4 years. The only thing that changes is the spam server software (xwall). Hence the end part of the post. "Also if I may have missed anything." "System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)" This is hard to figure out what is up with a server being listed on your system. I looked at your FAQ, i made relevent changes according to that, as per the post above, I was asking if there was anything missing. If it was say reverse RNDRs, that are causing the spam, then maybe something like: Server replying to NDR for users that doesn't exist. Will help people to figure out what is going wrong. Link to comment Share on other sites More sharing options...
turetzsr Posted January 10, 2007 Share Posted January 10, 2007 <snip> "System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)" This is hard to figure out what is up with a server being listed on your system. I looked at your FAQ, <snip> ...That's intentional, to keep spammers from gaming the system and to ensure the integrity of the spam Traps. ...Only the SpamCop Deputies have access to detailed information about e-mail hitting spam traps. Please send an e-mail to the Deputies at address deputies[at]admin.spamcop.net and provide sufficient information to allow them to determine that you are a server admin responsible for the listed IP. ...Good luck! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 11, 2007 Share Posted January 11, 2007 Is is not a "new" server. The server has been in place with the same configuration for the past 4 years. The only thing that changes is the spam server software (xwall). Is the xwall software on a different IP address? It looks like it from the IronPort staqts. If so, then your mail is coming from a new address. SpamCop takes (took?) that into account when calculating the block entry. Link to comment Share on other sites More sharing options...
mputson Posted January 11, 2007 Author Share Posted January 11, 2007 Is the xwall software on a different IP address? It looks like it from the IronPort staqts. If so, then your mail is coming from a new address. SpamCop takes (took?) that into account when calculating the block entry. Well yes and no. basically it the same on the internet address but on a different internal ip that is port mapped firewall -> Xwall -> exchange you cannot connect to port 25 on our firewall as only the isp can. outgoing email is like the following: exchange -> Xwall -> firewall -> isp smtp Basically 195.97.227.10 is our only public facing ip address. Looks like it has been delisted now. So looks like it was a few rogue email address xwall was accepting and sending non delivery reports. Link to comment Share on other sites More sharing options...
Wazoo Posted January 12, 2007 Share Posted January 12, 2007 Pushing >- Suggests that you have not looked at a FAQ anywhere. Suggests that you still need to learn some manners. Excuse me for not laughing. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 12, 2007 Share Posted January 12, 2007 Excuse me for not laughing. ????? Was that pulled from a PM? Link to comment Share on other sites More sharing options...
mputson Posted January 12, 2007 Author Share Posted January 12, 2007 Wazoo, where did you get that text you have quoted on? It is certainly not from me. Anyhow thanks people for the help people problem I have also worked out why the server is listed as a new one. To stop a long story short, our isp have changed the way there forward emails out when connecting to their smtp servers, hence even although our configuration has not changed the configuration in what the isp sends on in its smtp queue has. So hence the ip address was listed as a new server. Link to comment Share on other sites More sharing options...
turetzsr Posted January 12, 2007 Share Posted January 12, 2007 ...Thanks for taking the time to return here to let us know that this matter has been resolved. I shall mark this Forum thread accordingly. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.