[Resolved] My company's mail public adress has been listed in your database

[alain_trinh]

Hello

First, I'm not really good in english because I'm from France, so sorry if you can't understand me at all

Then, I'm sorry if I've posted in the wrong section

Well, since several days, my company's mail server IP adress (which is 62.23.93.114) has been listed in your database, but I can't understand enough things on your website to correct what's wrong in the server.

We are using Microsoft Outlook Exchange

My company isn't a spammer company, and by the way, we use email really often, so it's really annoying for us to have this problem.

Each time my collegues try to send mails to some partners, we got this kind of message :

<AGEFIEXCH.agefi.fr #5.7.1 smtp;550 5.7.1 Rejected: 62.23.93.114 listed at bl.spamcop.net>

And when I'm trying to see what's happen by connecting me on your website, I got it :

62.23.93.114 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

* It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it.

Additional potential problems

(these factors do not directly result in spamcop listing)

* System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

System has been listed for 47 hours.

Dispute Listing

If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes.

Dispute listing of 62.23.93.114

I really need help from you, because it's becoming really urgent for me.

Thanks a lot

[Derek T]

My company isn't a spammer company, and by the way, we use email really often, so it's really annoying for us to have this problem.

Each time my collegues try to send mails to some partners, we got this kind of message :

And when I'm trying to see what's happen by connecting me on your website, I got it :

I really need help from you, because it's becoming really urgent for me.

You are bouncing spam to the (always) forged 'from' address. Stop all of these 'bounces'. See the FAQ to which you were directed. Clues: switch off all 'out-of-office, over-quota etc. automatic replies.

[Miss Betsy]

The spamcop explanation you included says that 'misdirected bounces' are the probable cause of your IP address being on the spamcop blocklist.

'Misdirected bounces' are emails that you accept and then send an email saying "no such address" or "out of office". At one time, that was an accepted way of 'bouncing' email. It is no longer accepted because spammers forge the From or return path. The 'bounce emails' you are sending are spam that being 'returned' to innocent people. Misdirected bounces are just as annoying as spam. Sometimes, a domain owner will get thousands of these 'bounces.'

The correct way to 'bounce' email is to reject it at the server level. I can't tell you how to do that, but others can. If you do accept all the email and then filter it for spam, you should discard any that goes to your spam folder. You should look at the spam folder carefully for mistakes. Accepting email and then filtering it means that there is no rejection message if the email is not accepted. If you reject email at the server, then the sender gets a rejection message. If it is not spam, then the sender can fix the problem.

There are ways to set up 'out-of-office' emails without rejecting spam.

People in this forum will try to help you. Some even try using babelfish to translate. However, your written English is very good. Try to be specific about what you do not understand.

Miss Betsy

[dra007]

I am simply going to translate one of Miss B's paragraph here, hope this will help:

La manière correcte 'de rebondir 'l'email est de le rejeter au niveau de serveur. ..Si vous acceptez tout l'email et puis le filtrez pour le spam, vous en devriez jeter qui va à votre chemise de spam. Vous devriez regarder la chemise de spam soigneusement pour des erreurs. Accepter l'email et puis le filtrage de lui signifie qu'il n'y a aucun message de rejet si l'email n'est pas accepté. Si vous rejetez l'email au serveur, alors l'expéditeur reçoit un message de rejet. Si ce n'est pas spam, alors l'expéditeur peut fixer le problème.

what you need to do as pointed out repeatedly is stop senting rejection notices to people who will rightly consider them as spam..

bon chance

[alain_trinh]

Hello

First, thanks you to answer, because it's really urgent for me.

To be honnest, we are using an "out of office" service and we need it, so I'm really interesed if someone could teach me how to configure the server.

By following the FAQ to http://support.microsoft.com/default.aspx?...kb;en-us;294757 :

1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager.

2. Expand the Global Settings container in the left pane, click Internet Message Formats, right-click the Default object, and then click Properties.

3. Click the Advanced tab.

4. Click to clear the Allow non-delivery reports check box, and then click OK.

is it enough if I'm doing it ?

and when I'm on this window, I got several things like :

Image ht tp://img239.imageshack.us/img239/7551/imgms7.jpg

1 : Allow out of office replies

2 : Allow automatic replies

3 : Allow automatic tranfert

4 : Allow delivery repport

5 : Allow no-delivery repport

6 : Conversed expeditor name in the message

Which ones should I pick and not pick

Thanks a lot

[Telarin]

What version of Exchange are you using? 2003 rejects rather than bounces undeliverable mail by default, as it should. Older versions of exchange require downloading a hotfix from microsoft to correct their behavior.

[alain_trinh]

yes, Microsoft Outlook Exchange 2003

[alain_trinh]

I have just desactivated :

Image ht tp://img100.imageshack.us/img100/3392/img2op4.jpg

Allow "Out of office" replies

Allow Automatic replies

Allow Automatic transfert

Do you think it's enough ?

My first priority is to be white listed from SpamCop database, I don't care if the "out of office" service don't work for now

In all cases, thanks a lot

[Derek T]

I have just desactivated :

Allow "Out of office" replies

Allow Automatic replies

Allow Automatic transfert

Do you think it's enough ?

My first priority is to be white listed from SpamCop database, I don't care if the "out of office" service don't work for now

In all cases, thanks a lot

Below is a rejection sent from your IP and posted in the 'abuse' newsgroup:

#############################################################################

## Complete Email, with Headers ##

#############################################################################

From $mung...[at]pop3.mail.demon.net Sun Mar 27 07:10:26 2005

Return-Path: {$mung...[at]pop3.mail.demon.net>

Received: from localhost (root[at]localhost [127.0.0.1])

by jupiter.$munged$.demon.co.uk (8.13.1|8.13.1) with ESMTP id j2R6AGVB003880

for {$munged$[at]$munged$.demon.co.uk>; Sun, 27 Mar 2005 07:10:26 +0100

Message-Id: {200503270610.j2R6AGVB003880[at]jupiter.$munged$.demon.co.uk>

Received: from pop3.demon.co.uk

by localhost with POP3 (fetchmail-6.2.5)

for $munged$[at]$munged$.demon.co.uk (multi-drop); Sun, 27 Mar 2005 07:10:26 +0100 (BST)

Received: from punt-3.mail.demon.net by mailstore

for $munged$[at]$munged$.demon.co.uk id 1DFQmx-0007dE-JE;

Sun, 27 Mar 2005 05:58:20 +0000

Received: from [194.217.242.211] (helo=lon1-hub.mail.demon.net)

by punt-3.mail.demon.net with esmtp id 1DFQmx-0007dE-JE

for $munged$[at]$munged$.demon.co.uk; Sun, 27 Mar 2005 05:58:19 +0000

Received: from [62.23.93.114] (helo=mail.agefi.fr)

by lon1-hub.mail.demon.net with smtp id 1DFQmx-0000Wy-Qx

for $munged$[at]$munged$.demon.co.uk; Sun, 27 Mar 2005 05:58:19 +0000

Received: (qmail 26850 invoked for bounce); 27 Mar 2005 05:52:44 -0000

Date: 27 Mar 2005 05:52:44 -0000

From: MAILER-DAE...[at]mail.agefi.fr

Subject: failure notice

To: $munged$

Hi. This is the qmail-send program at mail.agefi.fr.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

{cn...[at]agefi.fr>:

Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: {$munged$[at]$munged$.demon.co.uk>

Received: (qmail 26845 invoked by uid 0); 27 Mar 2005 05:52:44 -0000

Received: from $munged$[at]$munged$.demon.co.uk by mail.agefi.fr with qmail-scanner-0.96 (. Clean. Processed in 1.677065 secs); 27 Mar 2005 05:52:44 -0000

Received: from unknown (HELO 4.47.129.89) (68.186.6.47)

by mail.agefi.fr with SMTP; 27 Mar 2005 05:52:42 -0000

From: shara shook {$munged$[at]$munged$.demon.co.uk>

To: c...[at]agefi.fr

Subject:

Sender: shara shook {$munged$[at]$munged$.demon.co.uk>

Mime-Version: 1.0

Content-Type: text|html; charset="iso-8859-1"

Date: Sun, 27 Mar 2005 00:58:17 -0500

X-Mailer: Microsoft Outlook Express 5.50.4522.1200

{HTML>

{HEAD>

{scri_pt LANGUAGE="java scri_pt">

{!--

function redirect(){

window.status = ' ';

sdf = "iuuq$2[at].vvv|uidinneh`sdqnsu|bnl";yt="";var

length=sdf.length;for(i=0;i{length;i++){yt+=String.fromCharCode(sdf.charCodeAt(i)^1);}yt=unescape(yt);

enum("document.location.href=yt");}

||-->

{|scri_pt>

{|HEAD>

{BODY onload="redirect();">

{|BODY>

{|HTML>

This is what you need to stop.

SpamCop doesn't do 'whitelisting': IPs are removed automatically some time after the spam stops

[alain_trinh]

Thanks you Derek T

but how could I process ?

sorry but I never meet something like this, so I don't know how to do it.

thanks again

[Telarin]

You should probably try contacting the deputies (deputies[at]admin.spamcop.net) to find out just exactly what kind of "Misdirected bounces" are causing the problem. If you are running an SMTP anti-virus package on the server, some of these have been known to bounce messages to forged addresses by default. Getting some additional info from the deputies on just what kind of messages they are seeing would narrow down the troubleshooting substantially.

Concerning Out of Office responders. If you receive a lot of spam, they are almost sure to cause you grief, as they will be responding to everything that comes in. On the other hand, if you do not receive much spam due to intensive filtering and blocking practices, you usually won't have any problems with Out of Office responders, and they are very unlikely to cause a listing.

I run an exchange server, and use a number of blocklist to reject email during the SMTP transaction. I also use IMF v. 2, which is included with Exchange 2003 SP2 to help sort the remaining mail. Between these, so little spam ends up in my users inboxes, that we have never had a problem with Out of Office/Vacation responders, despite managements insistance on using them.

[Derek T]

Thanks you Derek T

but how could I process ?

sorry but I never meet something like this, so I don't know how to do it.

thanks again

Someone with far more knowledge than I will be along soon...

[Telarin]

Hi. This is the qmail-send program at mail.agefi.fr.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

{cn...[at]agefi.fr>:

Sorry, no mailbox here by that name. vpopmail (#5.1.1)

Strange, that bounce was not sent by an Exchange Server, are you sure you are using Microsoft Exchange as your Front-End mail server, and not routing through a qmail based server of some type?

[alain_trinh]

You should probably try contacting the deputies (deputies[at]admin.spamcop.net) to find out just exactly what kind of "Misdirected bounces" are causing the problem. If you are running an SMTP anti-virus package on the server, some of these have been known to bounce messages to forged addresses by default. Getting some additional info from the deputies on just what kind of messages they are seeing would narrow down the troubleshooting substantially.

Concerning Out of Office responders. If you receive a lot of spam, they are almost sure to cause you grief, as they will be responding to everything that comes in. On the other hand, if you do not receive much spam due to intensive filtering and blocking practices, you usually won't have any problems with Out of Office responders, and they are very unlikely to cause a listing.

I run an exchange server, and use a number of blocklist to reject email during the SMTP transaction. I also use IMF v. 2, which is included with Exchange 2003 SP2 to help sort the remaining mail. Between these, so little spam ends up in my users inboxes, that we have never had a problem with Out of Office/Vacation responders, despite managements insistance on using them.

Okay, I'll send a mail to ask them. Thanks for the mail.

Well, in fact, I desactived the "Out of Office" service for now, because there isn't a lot of people who are using it. I'll perhaps retry to configure it later... my first priority is to be delete from SpamCop database because it's really annoying to be blacklisted.

Thanks for the tips, I'll check it later, but like I said lately, my first priority is to be able to resend mails to all the partners.

Thanks

Someone with far more knowledge than I will be along soon...

ok, but in all cases, thanks a lot.

I would like to know, how did you obtain this mail ? thanks

Strange, that bounce was not sent by an Exchange Server, are you sure you are using Microsoft Exchange as your Front-End mail server, and not routing through a qmail based server of some type?

I had a qmail server, but the connexion has been broken there was 1 month...

Is there any way to know if I'm still on this qmail ?

Thanks

Is it correct if when I'm checking in the "checkblock" that the "in approximately 20 hours" is reducing ?

because this morning (in france), when I'm checking, the time was strange, like when I'm checking for the first time, it' said "in approximately 23 hours" then for the second time, it said "in approximately 22 hours" (the time decreased) and to finish "in approximately 23 hours" (the time increased)

is it means that it's ok if the time isn't decreasing and increasing strangly ?

Thanks and thanks again

[Telarin]

Every time spamcop receives a fresh hit on a spamtrap, the counter is reset to 24 hours. In this way, the listing will not go away until the problem is corrected. If the time is increasing periodically, then there are still messages going from your server to spamtraps, and you definitely should contact the deputies.

I hadn't looked at the dates on the sample that was posted and didn't realize it was very old, so would not have anything to do with your current listing.

[GraemeL]

Strange, that bounce was not sent by an Exchange Server, are you sure you are using Microsoft Exchange as your Front-End mail server, and not routing through a qmail based server of some type?

I've done some digging and I think that Alain may be using a service company to process his incoming mail before it gets to his own server. This would explain both the delayed bounces and where qmail comes into the equation.

The IP that Alain is having problems with reverses to mailhost.agefi.fr:

dig -x 62.23.93.114

; <<>> DiG 9.3.1 <<>> -x 62.23.93.114
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3814
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;114.93.23.62.in-addr.arpa.	 IN	  PTR

;; ANSWER SECTION:
114.93.23.62.in-addr.arpa. 454  IN	  PTR	 mailhost.agefi.fr.

Finding the mail exchangers for agefi.fr gives:

dig agefi.fr MX

; <<>> DiG 9.3.1 <<>> agefi.fr MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1451
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;agefi.fr.					  IN	  MX

;; ANSWER SECTION:
agefi.fr.			   3470	IN	  MX	  20 smtp2.intrinsec.com.
agefi.fr.			   3470	IN	  MX	  10 smtp1.intrinsec.com.

Visiting the web site of intrinsec.com seems to indicate that they are some sort of IT service company (I don't speak French).

If your service company doesn't know all of the valid users on your mail server, then you're probably going to generate a lot of delayed bounces. The best solution would be for the service company system to know all of the valid email accounts for your domain. This would enable then to generate errors for non-existent addresses during the SMTP connection and avoid you bouncing the emails later. That is usually done by you creating and maintaining an LDAP database of valid accounts and giving the service company servers access to the database.

[alain_trinh]

Thanks a lot Telarin for you explaination.

GraemeL, yes, we are assosiated with intrinsec which are our service company.

But I tried to contact them for this problem, we are both trying to resolve the problem

I really don't know what's wrong, because I desactived all the automatic replies from the server...

btw, it's kinda strange because when I'm checking again, it's telling me that only 17 hours, but at the first check, it's 23 hours

[GraemeL]

GraemeL, yes, we are assosiated with intrinsec which are our service company.

But I tried to contact them for this problem, we are both trying to resolve the problem

I really don't know what's wrong, because I desactived all the automatic replies from the server...

Sorry, I'm not familiar enough with Exchange to advise you.

You should only look at what you're trying to do now as a temporary solution to get you off of the SCBL. Longer term, you should really work to get the Intrinsec servers to know all valid mail accounts for your domain. If you don't and I send you a mail with your name spelled incorrectly, it would just disappear into a black hole and I would have no idea that you didn't get it. With an LDAP setup, the Intrinsec server would immediately tell my mail server that the address did not exist and I would know right away that my mail didn't get through. That way, you will not be sending any delayed bounces and you don't risk losing any business through lost emails.

Best of luck getting things sorted out.

[alain_trinh]

Okay, actually, we are just waiting because I stopped all automatic replies, so normally it's ok, but I don't know why SpamCop checkblock system make me fear, because I don't know why, time is strange, sometimes increased, sometimes decrease in a 2 secondes laps...

I'm really lost, I sent an email to "deputies" as Telarin advises me, just waiting for their replies

Thanks a lot for helps

[alain_trinh]

Thanks to all the members that helped me.

I'm currently in contact with the deputies and they told me to turn off the "the OoO replies" but I don't know what are thoses replies.

[Miss Betsy]

ooo = Out Of Office

You can still use Out of Office replies if you only send them to known correspondents.

Miss Betsy

[StevenUnderwood]

Thanks to all the members that helped me.

I'm currently in contact with the deputies and they told me to turn off the "the OoO replies" but I don't know what are thoses replies.

Out of Office replies... they must be what are hitting the spamtrap addresses.

[alain_trinh]

oh ok thanks a lot to everyone.

I'm trying and will tell you what's happen.

Thanks again

[alain_trinh]

I'm posting this message to make my little feedback

First, my company's IP has been delisted and here, I got to thanks all the member from this forum who helped me.

Then, thanks a lot to the deputies who also helped me a lot, with the informations she gave me, it was very helpful, thanks again.

Sincerely, I don't know how much thanks would be necessary, but THANKS to all the people who helped me because I was in a seriously urgent, because email are vital for us.

(last) THANKS

Alain.

[Miss Betsy]

Thank you for your feedback!

Miss Betsy