Jump to content
Sign in to follow this  
As_user

[Resolved] Please tell the reason of listing

Recommended Posts

Hi

couldn't you tell us please, the reason why our IP is blocklisted consantly this week ?

http://www.spamcop.net/w3m?action=checkblo...ip=195.12.82.25

Our IP is static, we didn't make any changes in our configurations, except

adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in

our SMTP-gateway configuration (it is an checking addon of Traffic

Inspector - our firewall, and we're using it for 2 years).

Also we've got Panda Antivirus installed and renewing instantly on all

machines in our net, including servers and workstations.

Please let us know the reason, for we could correct our (possible) mistakes. :-(

Share this post


Link to post
Share on other sites
Please let us know the reason, for we could correct our (possible) mistakes. :-(

Presumably you looked at the reasons listed at the error URL you provided where it states:

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

This typically indicates that one or more machines at your location have become victim to a spyware trojan or similar. Currently you will be delisted in 19 hours but that assumes no more spam-traps are hit by Emails starting at your IP.

Senderbase doesn't have sufficient data to provide any statistics.

You also have some configuration issues which don't affect your listing but which you may want to take note of - again at the URL you provided.

Andrew

Share this post


Link to post
Share on other sites
This typically indicates that one or more machines at your location have become victim to a spyware trojan or similar.

Another possibility is that you re sending misdirected 'bounces' due to 'out-of-office', 'over-quota' etc.

Share this post


Link to post
Share on other sites
we didn't make any changes in our configurations, except adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in our SMTP-gateway configuration

OK, so you added blocklists to the equation. Now tell us EXACTLY what happens to mail that 'fails' the blocklist test. What is the machine configured to do with it? EXACTLY how does it reply?

Share this post


Link to post
Share on other sites
the reason why our IP is blocklisted 195.12.82.25
The IP is sending ordinary spam. I can't share many details for fear of revealing our secret trap addresses, but this info may help:

Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25])

by [our trap server] with SMTP; 27 Feb 2008 19:xx:xx -0800

Subject: RE: February 83% OFF

From: <x[at]x>

Date: Wed, 27 Feb 2008 19:xx:xx -0800 (PST)

Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25])

by [our trap server] with SMTP; 26 Feb 2008 21:xx:xx -0800

Subject: RE: February 83% OFF

From: <x[at]x>

Date: Tue, 26 Feb 2008 21:xx:xx -0800 (PST)

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites
The IP is sending ordinary spam.

Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours.

Share this post


Link to post
Share on other sites
Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours.

I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem.

As it maybe interesting - I'ld like to tell about it.

2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately.

It's my fault, as I could't beleive that trojans could penetrate over Panda defense.

And 1 thing more I've done - in our firewall (which connected to ISP) I closed 25 (SMTP) port for all workstations, because after analysing its logs I've found out that this 2 PC's were generating (as I beleive) mail spam traffic exactly on 25 port.

Thank you all for answering and help :-)

Share this post


Link to post
Share on other sites
Thank you all for answering and help :-)

Thank your for handling the issue. I see that your IP is already not listed in the SCBL.

Andrew

Share this post


Link to post
Share on other sites
I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem.

As it maybe interesting - I'ld like to tell about it.

Please accept my apologies for 'rushing to judgment' we do get quite a few 'post-and-runs' in here but obviously you are not one of them. Also please accept my thanks for sorting the matter thus making the internet a better and safer place for us all and for updating us.

Share this post


Link to post
Share on other sites
<snip>

As it maybe interesting - I'ld like to tell about it.

2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately.

<snip>

...Thank you all for answering and help :-)

...And thank you for taking the time to let us know the good news! :) <g> Based on your note, I shall mark this thread as "Resolved."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×