Jump to content
Sign in to follow this  
bayasaa

Topic hijack removal #3

Recommended Posts

<snip>

I have problem with sending mail from Outlook .

message rejected by the server

Server Response : 550 Blocked - see

http://www.spamcop.net/bl.shtml?202.179.10.10

202.179.10.26 202.179.10.58 202.179.10.86

I newer send spam mail !

<snip>

...Please read the advice from others, above. Also, p Please navigate to the link you provided (http://www.spamcop.net/bl.shtml?202.179.10.10) -- there is specific information there about machine 202.179.10.10, which seems to be the machine through which your e-mails are being sent.

...The problem appears to be that your provider (Micom Co., Ltd) appears to be letting spam through their system.

Edited by turetzsr

Share this post


Link to post
Share on other sites

A lot of spam coming from this IP, looks like it is trojanned:

------------------------------------------------------

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------

SBLXBL Combined zone to reduce queries. Includes both SBL and XBL zones: sbl-xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------

ZEN Spamhaus combined SBL, XBL and PBL - replaces SBLXBL: zen.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

-------------------------------------------------------

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

-----------------------------------------------------

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?202.179.10.10

-----------------------------------------------------

PWBL list from .pl: bl.student.pw.edu.pl -> ptr.bl.student.pw.edu.pl. -> 127.0.0.2

ptr.bl.student.pw.edu.pl.

Private RBL of Samorzad Studentow PW. Go Away!

--------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

Share this post


Link to post
Share on other sites

except for these:

+ XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

-------------------------------------------------------------

SBLXBL Combined zone to reduce queries. Includes both SBL and XBL zones: sbl-xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------------

ZEN Spamhaus combined SBL, XBL and PBL - replaces SBLXBL: zen.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=202.179.10.10

---------------------------------------------------------

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

---------------------------------------------------------

PWBL list from .pl: bl.student.pw.edu.pl -> ptr.bl.student.pw.edu.pl. -> 127.0.0.2

ptr.bl.student.pw.edu.pl.

Private RBL of Samorzad Studentow PW. Go Away!

-----------------------------------------------------

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=202.179.10.10

Share this post


Link to post
Share on other sites

HI. Could you tell me how can i except these Ip from your black list

202.179.10.10

202.179.10.26

202.179.10.58

202.179.10.86

please help me!!!!

Thank's

Best regards

Bayasaa

I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (12264 matches)

40 deny tcp any any range 135 139 (259 matches)

50 deny tcp any any eq 1214 (63 matches)

60 deny udp any any eq 1214 (15 matches)

70 deny tcp any any eq 2754 (328 matches)

80 deny tcp any any eq 2745 (303 matches)

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (54467 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444 (175 matches)

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (1983 matches)

40 deny tcp any any range 135 139 (52 matches)

50 deny tcp any any eq 1214

60 deny udp any any eq 1214

70 deny tcp any any eq 2754

80 deny tcp any any eq 2745

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (1437738 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss (1 match)

150 permit tcp any 202.179.0.0 0.0.31.255 eq smtp (4577 matches)

160 deny tcp any any eq smtp (105306 matches)

170 permit ip any any (3486791 matches)

please help me

Share this post


Link to post
Share on other sites
HI. Could you tell me how can i except these Ip from your black list

202.179.10.10

202.179.10.26

202.179.10.58

202.179.10.86

please help me!!!!

None of those is currently on the SpamCop blocking list. You need to follow the links Merlyn has provided to see about other blocking lists. Maybe there is someone "here" with experience in some of those others who can help.
I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (12264 matches)

40 deny tcp any any range 135 139 (259 matches)

50 deny tcp any any eq 1214 (63 matches)

60 deny udp any any eq 1214 (15 matches)

70 deny tcp any any eq 2754 (328 matches)

80 deny tcp any any eq 2745 (303 matches)

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (54467 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444 (175 matches)

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

30 deny udp any any eq netbios-ns (1983 matches)

40 deny tcp any any range 135 139 (52 matches)

50 deny tcp any any eq 1214

60 deny udp any any eq 1214

70 deny tcp any any eq 2754

80 deny tcp any any eq 2745

90 deny udp any any eq 1434

100 deny tcp any any eq 445 (1437738 matches)

110 deny tcp any any eq 593

120 deny tcp any any eq 4444

130 deny udp any any eq tftp

140 deny udp any any range 135 netbios-ss (1 match)

150 permit tcp any 202.179.0.0 0.0.31.255 eq smtp (4577 matches)

160 deny tcp any any eq smtp (105306 matches)

170 permit ip any any (3486791 matches)

please help me

Can anyone comment on the adequacy/completeness of the above measures to help bayasaa?

Thanks for your efforts to stop the spam bayasaa!

Share this post


Link to post
Share on other sites

CBL Lookup Utility

Note: Automated/scripted bulk lookups are forbidden.

Enter an IP address:

IP Address 202.179.10.10 was found in the CBL.

It was detected at 2007-05-22 01:00 GMT (+/- 30 minutes), approximately 2 days, 2 hours, 29 minutes ago.

ATTENTION: please read this to find out why your IP was listed, and ways to fix it so it doesn't relist.

Request delisting of 202.179.10.10.

------------------------------------------------------

P Address 202.179.10.58 was found in the CBL.

It was detected at 2007-05-19 04:00 GMT (+/- 30 minutes), approximately 4 days, 23 hours, 30 minutes ago.

--------------------------------------------------------

IP Address 202.179.10.26 was found in the CBL.

It was detected at 2007-05-24 01:00 GMT (+/- 30 minutes), approximately 2 hours, 30 minutes ago.

------------------------------------------------------------

P Address 202.179.10.86 was found in the CBL.

It was detected at 2007-05-22 02:00 GMT (+/- 30 minutes), approximately 2 days, 1 hours, 30 minutes ago.

----------------------------------------------------------------------

Help me!!!!!!!!!

Share this post


Link to post
Share on other sites

Seems to me that bayassa's issue is unrelated to the SCBL.

Could we gather up his/her posts in several threads and place them in a more appropriate location to get attention?

Andrew

Share this post


Link to post
Share on other sites

Having been "up" for the last three days, in a hospital trying to make sense out of a situation that at last count had 16 specialist doctors, dozens of RNs, and a couple of technical folks involved with some implanted electronic gear all completely baffled (still no change at ths point other than I came home to get some sleep this morning) .... walking into this 'mess' was quite an unwanted surprise.

Topic hijacking posts were removed from all those other unrelated discussions .... merged into 'this' Topic .. numerous 'repeated' posts deleted .... many of the remaining edited to remove even more duplication, unneeded quoting, massive misuse of vertical whitespace ..... and yet, there are even more edits/deletions that probably should be accomplished ... geeze ....

I find it absurd that someone could manage to 'discover' those other Discussions, ignore the contents of those Discussions, and make all these repeated posts ... then apparently not paying much attention to answers provided to those multiple posts (even though including some of those replies in one Topic in a follow-up "quoted" post in a different Topic .. very strange ..)

I' checking router's configuration access-list extended spam-in in

access-list extended spam-in in

Can anyone comment on the adequacy/completeness of the above measures to help bayasaa?

Not at all sure how this actually/directly translates to 'stopping spam' .... this looks more to me like a set of 'firewall rules' .... which would typically be considered more of an attempt to stop "server hacking" ...????

I am not going to probing around to figure out just what might be running on that server, but it sure seems like it would be easier to 'deny everything' and then only "allow something" .. i.e., only 'allow' SMTP on port 25, POP3 on port 110, etc. If the questions is "is this list complete?" the answer would be "no"

As noted by others and even in the 'error messages' provided, there does not appear to be much of direct connection to a SpamCopDNSBL listing for the majority of the actual query. This is where the obligatory SpamCop FAQ notice would be placed, but I am also suspecting that English is not the primary language of the original poster ,,,, but again, I will admit to being "very" tired right now ....

Share this post


Link to post
Share on other sites
I' checking router's configuration access-list extended spam-in in

This is checking

Extended IP access list spam-in

10 deny udp any any eq netbios-dgm (694 matches)

<snip>

150 permit ip any any (4537573 matches)

Extended IP access list spam-out

10 deny udp any any eq netbios-dgm (316 matches)

20 deny udp any any eq netbios-ss

<snip>

170 permit ip any any (3486791 matches)

please help me

Unless you are an ISP, your setup is broken at a very basic level. Your router is allowing any traffic that isn't explicitly denied into and out of your network. A secure configuration would start by denying all traffic and then only allowing what is needed to pass through in both directions. Your current configuration is nothing but an invitation for virus/worm/zombie infection.

Edited by GraemeL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×