Jump to content
Sign in to follow this  
mputson

[Resolved] 195.97.227.10 blocked

Recommended Posts

195.97.227.10 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Automatic delisting

If you are the administrator of post.mceplc.com. and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue.

Looking for potential administrative email addresses for 195.97.227.10:

cannot find an mx for post.mceplc.com

194.176.73.105 is an mx ( 10 ) for mceplc.com

My isp has blocked the company's outgoing emails because of this.

Things I have checked/fixed.

1) I upgraded the firewall we use on Monday, and this may have caused other pcs to be able to send emails that could have been hit with a virus. This is now fixed.

2) Some users who were allowed to be sent email are no longer with the company and RNDRs were issued. The allowable list of emails via the email spam prevention system we use (Xwall) has been recified.

The automatic delisting doesn't work as I never received any emails. I guessing this is because you try to smtp to the ip address directly instead of the mx record for mceplc.com. (The firewall and the xwall only allow specific ip addresses to connect to it.).

Hence I have clicked on the dispute link on the page and entered the same information I have here.

I am basically posting to ask how long it takes for the issues to be resolved. Also if I may have missed anything.

Share this post


Link to post
Share on other sites

Looks like you've done something right, Sender Base suggests the spew of bad stuff has stopped:

Report on IP address: 195.97.227.10

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 2.0 -100%

Last 30 days 1.3 265%

Average 0.6

There are no user reports which suggests bounces to spamtraps may have been your only issue..

Edited by dra007

Share this post


Link to post
Share on other sites
I am basically posting to ask how long it takes for the issues to be resolved. Also if I may have missed anything.

Suggests that you have not looked at a FAQ anywhere.

You posted four hours ago, showing data of "will be delisted automatically in 16 hours" ...

Check now shows "will be delisted automatically in 12 hours."

Per the FAQ data not looked up, the listing/delisting/time is based on the results of a mathematical formula.

The use of a "dispute" does not correlate with your description .. note the words offered "... and you are sure this listing is erroneous .." .... appearances are that it wasn't 'erroneously' listed.

http://www.senderbase.org/search?searchBy=...g=195.97.227.10

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 2.0 .. -100%

Last 30 days .. 1.3 ... 261%

Average ........ 0.6

Numbers seem strange, but then the 'real' factoid junps out;

Date of first message seen from this address 2007-01-08

This being a "new" server wasn't mentioned in your write-up of the background involved.

Share this post


Link to post
Share on other sites

This being a "new" server wasn't mentioned in your write-up of the background involved.

Is is not a "new" server. The server has been in place with the same configuration for the past 4 years. The only thing that changes is the spam server software (xwall).

Hence the end part of the post. "Also if I may have missed anything."

"System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)"

This is hard to figure out what is up with a server being listed on your system. I looked at your FAQ, i made relevent changes according to that, as per the post above, I was asking if there was anything missing.

If it was say reverse RNDRs, that are causing the spam, then maybe something like:

Server replying to NDR for users that doesn't exist. Will help people to figure out what is going wrong.

Edited by mputson

Share this post


Link to post
Share on other sites
<snip>

"System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)"

This is hard to figure out what is up with a server being listed on your system. I looked at your FAQ,

<snip>

...That's intentional, to keep spammers from gaming the system and to ensure the integrity of the spam Traps.

...Only the SpamCop Deputies have access to detailed information about e-mail hitting spam traps. Please send an e-mail to the Deputies at address deputies[at]admin.spamcop.net and provide sufficient information to allow them to determine that you are a server admin responsible for the listed IP.

...Good luck!

Share this post


Link to post
Share on other sites

Is is not a "new" server. The server has been in place with the same configuration for the past 4 years. The only thing that changes is the spam server software (xwall).

Is the xwall software on a different IP address? It looks like it from the IronPort staqts. If so, then your mail is coming from a new address. SpamCop takes (took?) that into account when calculating the block entry.

Share this post


Link to post
Share on other sites

Is the xwall software on a different IP address? It looks like it from the IronPort staqts. If so, then your mail is coming from a new address. SpamCop takes (took?) that into account when calculating the block entry.

Well yes and no.

basically it the same on the internet address but on a different internal ip that is port mapped

firewall -> Xwall -> exchange

you cannot connect to port 25 on our firewall as only the isp can.

outgoing email is like the following:

exchange -> Xwall -> firewall -> isp smtp

Basically 195.97.227.10 is our only public facing ip address.

Looks like it has been delisted now. So looks like it was a few rogue email address xwall was accepting and sending non delivery reports.

Share this post


Link to post
Share on other sites
Pushing

>- Suggests that you have not looked at a FAQ anywhere.

Suggests that you still need to learn some manners.

Excuse me for not laughing.

Share this post


Link to post
Share on other sites

Wazoo, where did you get that text you have quoted on? It is certainly not from me.

Anyhow thanks people for the help people problem

I have also worked out why the server is listed as a new one. To stop a long story short, our isp have changed the way there forward emails out when connecting to their smtp servers, hence even although our configuration has not changed the configuration in what the isp sends on in its smtp queue has. So hence the ip address was listed as a new server.

Edited by mputson

Share this post


Link to post
Share on other sites

...Thanks for taking the time to return here to let us know that this matter has been resolved. I shall mark this Forum thread accordingly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×