Jump to content
Sign in to follow this  
david.thomas

Spamcop report - Open Proxy

Recommended Posts

Hi,

Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216.

Thanks,

David

Share this post


Link to post
Share on other sites
Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216

Is there a particular reason why you believe that the open proxy report came from SpamCop? At this point your IP is not listed in the SCBL. There is only one report from a user for your IP in the last 90 days. There may have been spam-trap reports that aren't open to the public to view.

You are, however, listed at cbl.abuseat.org and pbl.spamhaus.org You'll have to deal with those lists through their own operators.

Andrew

Share this post


Link to post
Share on other sites
Is there a particular reason why you believe that the open proxy report came from SpamCop? At this point your IP is not listed in the SCBL. There is only one report from a user for your IP in the last 90 days. There may have been spam-trap reports that aren't open to the public to view.

You are, however, listed at cbl.abuseat.org and pbl.spamhaus.org You'll have to deal with those lists through their own operators.

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

We are aware of the CBL & PBL issues and are following that up with the respective groups.

Share this post


Link to post
Share on other sites
...The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?
Hi David, can't help with the specific process used by SC but discussions here usually suggest the telnet relay-test.mail-abuse.org - as suggested http://forum.spamcop.net/forums/index.php?...ost&p=27379 other resources are shown in http://spamlinks.net/prevent-secure-relay-test.htm

HTH

[added on edit - a test with http://www.antispam-ufrj.pads.ufrj.br/cgi-...=83.137.133.216 was inconclusive. It appears to show an accepted relay in Test 8 but that is no proof by itself.]

Share this post


Link to post
Share on other sites
The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.

Andrew

Share this post


Link to post
Share on other sites
That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.

And SpamCop itself does not test for open proxies. It does submit to other tests (by other blocklists) those that show signs of being submitted through an open proxy.

Share this post


Link to post
Share on other sites

Hi, David, and welcome!

And SpamCop itself does not test for open proxies.

<snip>

...Nor would SpamCop list your server solely because it met an open proxy test. See SpamCop FAQ (there's a link to it near the top left of each SpamCop Forum page) entry labeled "What is on the list?."

Share this post


Link to post
Share on other sites
The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

None of us can see the email report referenced by that ID number, but I rather doubt that it was telling you that you had an open proxy...perhaps it only mentioned the possibility. In any case, it wasn't the result of a test, but rather a specific piece of email reported as spam by a SpamCop user.

DT

Share this post


Link to post
Share on other sites
That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.
Yeah, would have to be the same one Andrew
Report History:

--------------------------------------------------------------------------------

Submitted: Monday, 16 June 2008 7:45:20 PM +0800:

Work with Russian overseas property partners

3200297675 ( 83.137.133.216 ) To: ripe[at]pure360.com

None of us can see the email report referenced by that ID number, ...
True enough but just for the benefit of new users, the foregoing limited detail can be pulled up by entering the report number in the "Jump to report ID:" box in any member's "Past Reports" tab on the member (log in) page.

Share this post


Link to post
Share on other sites
Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216.

Open Proxy???? I don't think so more like spamming.

---------------------------------------------------

See: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65317

83.137.133.0/24 is listed on the Spamhaus Block List (SBL)

16-Jun-2008 22:16 GMT | SR04

PUR3.NET

Sending not-Confirmed-Opt-In spam from most IPs in this range. Content is casino, vistaprint, etc.

---------------------------------------------------

According to senderbase every IP in the /24 is in multiple blocklists. Looks like spam to me.

Share this post


Link to post
Share on other sites

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

We are aware of the CBL & PBL issues and are following that up with the respective groups.

You followed up with the cbl and it looks lke they put you back on.

------------------------------------------------------------------------------------------------------

IP Address 83.137.133.216 is currently listed in the CBL.

It was detected at 2008-06-15 23:00 GMT (+/- 30 minutes), approximately 1 days, 20 hours, 30 minutes ago.

It has been relisted following a previous removal at 2008-06-13 10:18 GMT

----------------------------------------------------------------------------------------------------

The problem is if you ask to be delisted you should not spam the same address again :(

Share this post


Link to post
Share on other sites

David are you a customer of pur3.net?

Do you work for pur3.net?

do you own pur3.net?

what is your involvement with pur3.net?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×