Jump to content
Sign in to follow this  
CWright

Please help me understand the delisting message

Recommended Posts

Hi

We have for the past number of days been on the IP blacklist for address 80.168.211.51 This is our firewall external address which also re-directs e--mails in and out. In to our mail server, out to whomever...

ISP is Clara.net.

I am currently trying to ascertain the possible cause of the spam supposedly coming from us but in the meantime could someone explain the following to me.

This morning (GMT) on checking our status the message said the following

You will be de-listed in 7 hours

Listed History in the past 6.7 days, it has been listed 4 times for a total of 3.5 days

Now it reports (nearly 7 hours later)

You will be de-listedin 22 hours

Listed History in the past 7 days it has been listed 4 times for a total of 3.8 days

How is it we have rather than being de-listed been put back on for another 24 hours when the number of spam (4) has not changed?

Any help would be gratefully recived plus any other guidance with regard to getting us of this list.

Thanx

Craig :angry:

Share this post


Link to post
Share on other sites

Looks like the reason for your continued listing is messages that are being sent to specially-designated SpamCop "spam trap" addresses:

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There are also five spam items reported by users that are visible to those who can view the "history" of an IP, but it's the continuing hits to spam trap addresses that's causing your problem. You probably need to work with the SpamCop Deputies on this.

In addition to the SpamCop blocklist, your IP is also on:

psbl.surriel.com

dnsbl-1.uceprotect.net

DT

Share this post


Link to post
Share on other sites

Looks like the reason for your continued listing is messages that are being sent to specially-designated SpamCop "spam trap" addresses:

There are also five spam items reported by users that are visible to those who can view the "history" of an IP, but it's the continuing hits to spam trap addresses that's causing your problem. You probably need to work with the SpamCop Deputies on this.

In addition to the SpamCop blocklist, your IP is also on:

psbl.surriel.com

dnsbl-1.uceprotect.net

DT

OK Thanks for that, I will liase with the deputies. On my original question does the "listed 4 times" mean per day or frand total?

I have checked psbl and we are on but only recently. Looking at the evidence another 4 spam have hit it.

One question I have is in the Recd header it shows Received: from [80.168.211.51] (helo=mail.froudeconsine.co.uk) whereas our firewall replies with helo=netpilot.froudehofmann.com would that suggest the spam is not comiong from the frewall itself but maybe generated elsewhere on our network. For the record froudeconsine is our old domain froudehofmann the new but the MX record for 80.168.211.51 still says mail.froudeconsine.co.uk

Thanks in advance

Craig

Share this post


Link to post
Share on other sites

4 times over 3.8 days. Each listing lasts about 24 hours if there is no new spam seen but any new spam will reset the 24 hour timer based on the time the spam was received (the latter is why your listing jumped from 7 hours to 22 hours).

The difference in HELO strings is an indication that the spam was not relayed by your mail server.

Share this post


Link to post
Share on other sites

You have to quit manually removing yourself from various blocklists because pretty soon you will be blocked permanantly on them and it will be well deserved. the first thing to do is find the infected machine behind your firewall and shut it down.

It might even be this machine you have services running on it.

FTP - 21 Error: TimedOut

SMTP - 25 220 netpilot.froudehofmann.com ESMTP Postfix

HTTP - 80 Error: TimedOut

POP3 - 110 +OK Microsoft Exchange Server 2003 POP3 server version 6.5.7638.1 (capella.FroudeHofmann.local) ready.

IMAP - 143 Error: TimedOut

your main concern should be stopping the spam.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×