Jump to content

Topic hijack removal #3

bayasaa

By bayasaa
in SpamCop Blocklist Help

Recommended Posts

turetzsr What Life?

turetzsr

Posted
Posted
<snip>

I have problem with sending mail from Outlook .

message rejected by the server

Server Response : 550 Blocked - see

http://www.spamcop.net/bl.shtml?202.179.10.10

202.179.10.26 202.179.10.58 202.179.10.86

I newer send spam mail !

<snip>

...Please read the advice from others, above. Also, p Please navigate to the link you provided (http://www.spamcop.net/bl.shtml?202.179.10.10) -- there is specific information there about machine 202.179.10.10, which seems to be the machine through which your e-mails are being sent.

...The problem appears to be that your provider (Micom Co., Ltd) appears to be letting spam through their system.

Link to comment
Share on other sites
Merlyn Been There

Merlyn

Posted
Posted

A lot of spam coming from this IP, looks like it is trojanned:

------------------------------------------------------

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------

SBLXBL Combined zone to reduce queries. Includes both SBL and XBL zones: sbl-xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------

ZEN Spamhaus combined SBL, XBL and PBL - replaces SBLXBL: zen.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

-------------------------------------------------------

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

-----------------------------------------------------

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?202.179.10.10

-----------------------------------------------------

PWBL list from .pl: bl.student.pw.edu.pl -> ptr.bl.student.pw.edu.pl. -> 127.0.0.2

ptr.bl.student.pw.edu.pl.

Private RBL of Samorzad Studentow PW. Go Away!

--------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

Link to comment
Share on other sites
Merlyn Been There

Merlyn

Posted
Posted

except for these:

+ XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

-------------------------------------------------------------

SBLXBL Combined zone to reduce queries. Includes both SBL and XBL zones: sbl-xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------------

ZEN Spamhaus combined SBL, XBL and PBL - replaces SBLXBL: zen.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

---------------------------------------------------------

PWBL list from .pl: bl.student.pw.edu.pl -> ptr.bl.student.pw.edu.pl. -> 127.0.0.2

ptr.bl.student.pw.edu.pl.

Private RBL of Samorzad Studentow PW. Go Away!

-----------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

Link to comment
Share on other sites
bayasaa Newbie

bayasaa

Posted
  • Author
Posted

HI. Could you tell me how can i except these Ip from your black list

202.179.10.10

202.179.10.26

202.179.10.58

202.179.10.86

please help me!!!!

Thank's

Best regards

Bayasaa

I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (12264 matches)

40 deny tcp any any range 135 139 (259 matches)

50 deny tcp any any eq 1214 (63 matches)

60 deny udp any any eq 1214 (15 matches)

70 deny tcp any any eq 2754 (328 matches)

80 deny tcp any any eq 2745 (303 matches)

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (54467 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444 (175 matches)

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (1983 matches)

40 deny tcp any any range 135 139 (52 matches)

50 deny tcp any any eq 1214

60 deny udp any any eq 1214

70 deny tcp any any eq 2754

80 deny tcp any any eq 2745

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (1437738 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss (1 match)

150 permit tcp any 202.179.0.0 0.0.31.255 eq smtp (4577 matches)

160 deny tcp any any eq smtp (105306 matches)

170 permit ip any any (3486791 matches)

please help me

Link to comment
Share on other sites
Farelf What Life?

Farelf

Posted
Posted
HI. Could you tell me how can i except these Ip from your black list

202.179.10.10

202.179.10.26

202.179.10.58

202.179.10.86

please help me!!!!

None of those is currently on the SpamCop blocking list. You need to follow the links Merlyn has provided to see about other blocking lists. Maybe there is someone "here" with experience in some of those others who can help.
I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (12264 matches)

40 deny tcp any any range 135 139 (259 matches)

50 deny tcp any any eq 1214 (63 matches)

60 deny udp any any eq 1214 (15 matches)

70 deny tcp any any eq 2754 (328 matches)

80 deny tcp any any eq 2745 (303 matches)

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (54467 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444 (175 matches)

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (1983 matches)

40 deny tcp any any range 135 139 (52 matches)

50 deny tcp any any eq 1214

60 deny udp any any eq 1214

70 deny tcp any any eq 2754

80 deny tcp any any eq 2745

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (1437738 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss (1 match)

150 permit tcp any 202.179.0.0 0.0.31.255 eq smtp (4577 matches)

160 deny tcp any any eq smtp (105306 matches)

170 permit ip any any (3486791 matches)

please help me

Can anyone comment on the adequacy/completeness of the above measures to help bayasaa?

Thanks for your efforts to stop the spam bayasaa!

Link to comment
Share on other sites
bayasaa Newbie

bayasaa

Posted
  • Author
Posted

CBL Lookup Utility

Note: Automated/scripted bulk lookups are forbidden.

Enter an IP address:

IP Address 202.179.10.10 was found in the CBL.

It was detected at 2007-05-22 01:00 GMT (+/- 30 minutes), approximately 2 days, 2 hours, 29 minutes ago.

ATTENTION: please read this to find out why your IP was listed, and ways to fix it so it doesn't relist.

Request delisting of 202.179.10.10.

------------------------------------------------------

P Address 202.179.10.58 was found in the CBL.

It was detected at 2007-05-19 04:00 GMT (+/- 30 minutes), approximately 4 days, 23 hours, 30 minutes ago.

--------------------------------------------------------

IP Address 202.179.10.26 was found in the CBL.

It was detected at 2007-05-24 01:00 GMT (+/- 30 minutes), approximately 2 hours, 30 minutes ago.

------------------------------------------------------------

P Address 202.179.10.86 was found in the CBL.

It was detected at 2007-05-22 02:00 GMT (+/- 30 minutes), approximately 2 days, 1 hours, 30 minutes ago.

----------------------------------------------------------------------

Help me!!!!!!!!!

Link to comment
Share on other sites
Wazoo What Life?

Wazoo

Posted
Posted

Having been "up" for the last three days, in a hospital trying to make sense out of a situation that at last count had 16 specialist doctors, dozens of RNs, and a couple of technical folks involved with some implanted electronic gear all completely baffled (still no change at ths point other than I came home to get some sleep this morning) .... walking into this 'mess' was quite an unwanted surprise.

Topic hijacking posts were removed from all those other unrelated discussions .... merged into 'this' Topic .. numerous 'repeated' posts deleted .... many of the remaining edited to remove even more duplication, unneeded quoting, massive misuse of vertical whitespace ..... and yet, there are even more edits/deletions that probably should be accomplished ... geeze ....

I find it absurd that someone could manage to 'discover' those other Discussions, ignore the contents of those Discussions, and make all these repeated posts ... then apparently not paying much attention to answers provided to those multiple posts (even though including some of those replies in one Topic in a follow-up "quoted" post in a different Topic .. very strange ..)

I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

Can anyone comment on the adequacy/completeness of the above measures to help bayasaa?

Not at all sure how this actually/directly translates to 'stopping spam' .... this looks more to me like a set of 'firewall rules' .... which would typically be considered more of an attempt to stop "server hacking" ...????

I am not going to probing around to figure out just what might be running on that server, but it sure seems like it would be easier to 'deny everything' and then only "allow something" .. i.e., only 'allow' SMTP on port 25, POP3 on port 110, etc. If the questions is "is this list complete?" the answer would be "no"

As noted by others and even in the 'error messages' provided, there does not appear to be much of direct connection to a SpamCopDNSBL listing for the majority of the actual query. This is where the obligatory SpamCop FAQ notice would be placed, but I am also suspecting that English is not the primary language of the original poster ,,,, but again, I will admit to being "very" tired right now ....

Link to comment
Share on other sites
GraemeL Advanced Member

GraemeL

Posted
Posted
I' checking router's configuration access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

<snip>

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

<snip>

170 permit ip any any (3486791 matches)

please help me

Unless you are an ISP, your setup is broken at a very basic level. Your router is allowing any traffic that isn't explicitly denied into and out of your network. A secure configuration would start by denying all traffic and then only allowing what is needed to pass through in both directions. Your current configuration is nothing but an invitation for virus/worm/zombie infection.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...