Jump to content

Somebody help me!


stefi

Recommended Posts

I am new to all this, and my understanding of SpamCop is minimal, all I know is that in the last few weeks my mail has been blocked, I don't understand why?

These are the emails I get sent

host proxy-relay1.red.net [195.74.128.13]: 554 Service unavailable; Client host [83.244.130.25] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.244.130.25

Can somebody tell me whats happenening?? :unsure:

Link to comment
Share on other sites

host proxy-relay1.red.net [195.74.128.13]: 554 Service unavailable; Client host [83.244.130.25] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.244.130.25

Can somebody tell me whats happenening?? :unsure:

Have you taken the time to read the information contained in the link you posted here? If so, what part of it do you not understand?

People using your mailserver, or the mailserver itself, is sending bounces to forged email addresses. This is a bad practice today and is why your mailserver ends up on the SpamCopBL.

Link to comment
Share on other sites

Yes I have read it thanks, but I don't understand how anybody is using my mailserver, or what I can do to stop it...?

There is a temporary slowdown of the SC system which means I cannot read the reasons provided at http://www.spamcop.net/bl.shtml?83.244.130.25 But this will give you a clue to the cause which, in turn, will suggest a resolution.

Checking other sources of information I can see that the mail server shows a significant increase in Emails in the last 24 hours.

Magnitude Vol Change vs. Average

Last day 5.0 1197%

Last 30 days 4.4 244%

Average 3.9

A 1197% increase in Email passing through the server indicates a compromised mail server currently being used by a spammer.

Since the mail server appears to be operated by an ISP based in London, my guess is that a customer of the ISP has had their machine compromised or the server has been broken into by a spammer. Either way you need to take up the issue with whatever company provides your outgoing Email service.

Having typed all the above, SpamCop is back up to speed and the following information is also available.

Causes of listing

	* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
	* It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it.

Additional potential problems
(these factors do not directly result in spamcop listing)

	* System administrator has already delisted this system once

Again you probably need to speak to your ISP. But if you are sending automated replies to Emails then you should turn that facility off as well.

Andrew

Link to comment
Share on other sites

Yes I have read it thanks, but I don't understand how anybody is using my mailserver, or what I can do to stop it...?
Are you using autoresponders like "Out of Office" "On Vacation"? If you insist on using these, you must find a way to filter out the spam prior to sending out autoresponses. By sending out auto responses to spam messages you have become a spammer yourself, as most of the addresses you are sending your autoresponses to are forged (that is the ones contained in spam messages)
Link to comment
Share on other sites

No I don't use auto reponders...

You do however accept messages and then later bounce then to the envelope sender. This is the cause of your listing.

Submitted: 05 September 2006 08:25:23 +0100:
Warning: message 1GJXek-000Ego-3A delayed 48 hours

    * 1907489565 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 22:43:40 +0100:
Mail delivery failed: returning message to sender

    * 1906929924 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 21:36:44 +0100:
Mail delivery failed: returning message to sender

    * 1906840084 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 20:28:57 +0100:
Mail delivery failed: returning message to sender

    * 1906749467 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 19:59:01 +0100:
Mail delivery failed: returning message to sender

    * 1906710162 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 17:57:28 +0100:
Mail delivery failed: returning message to sender

    * 1906537613 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 17:55:23 +0100:
Mail delivery failed: returning message to sender

    * 1906534027 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 17:25:12 +0100:
Mail delivery failed: returning message to sender

    * 1906493422 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Submitted: 04 September 2006 17:19:30 +0100:
Mail delivery failed: returning message to sender

    * 1906485626 ( 83.244.130.25 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Link to comment
Share on other sites

OK, THANKS, BUT I DON'T QUITE UNDERSTAND WHAT THAT MEANS (SORRY) OR HOW I STOP IT??

No need to shout. :P

When your server is receiving messages, it is telling the remote server that everything is fine and the message will be delivered. Later, it decides that it can't actually deliver the message and since it is no longer talking to the sending server, it is sending a mail to the address that claims to have sent the mail to inform them of the failure. Since spam accounts for a high percentage of total email volume and 99.999% of spam has a forged sender address, all you end up doing is sending a copy of the spam to an innocent third party.

Read the Spamcop FAQ on misdirected bounces.

Doing some digging, it looks like your ISP accepts your mail for spam filtering purposes. After filtering, they send on clean messages to your server. However, your ISP server doesn't have a list of valid addresses for your domain and when it forwards mail to your server with an address that doesn't exist, then your server sends a bounce message. You can resolve this problem by either stopping sending bounce messages or configuring things so that your ISPs machine knows all of the valid addresses for your domain through something like an LDAP database.

Link to comment
Share on other sites

Many thanks for your help

stopping sending bounce message: how?

configuring things so that your ISPs machine knows all of the valid addresses for your domain through something like an LDAP database: how?

Sorry to be a dunce :blink:

No problem. From your posts, it seems to me that you are not a technical person. You are probably better either getting your computer guy or somebody from your ISP involved and sending them a link to this thread. They will either be able to solve your problem or ask the correct questions to allow them to solve it. Simply asking "how?" can't get us anywhere as it is highly dependent on the systems involved and how they are currently configured. Sorry I can't give you anything useful.

Link to comment
Share on other sites

2 Reports which are not labeled as uube:

Report History:

Display UUBE

--------------------------------------------------------------------------------

Submitted: Tuesday, September 05, 2006 8:18:47 AM -0400:

Mail delivery failed: returning message to sender

1907851917 ( 83.244.130.25 ) To: abuse[at]hastwood.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:14:59 PM -0400:

Project Mail !!

1879339291 ( http://www.sedb.com/ ) To: abuse#equinix.com[at]devnull.spamcop.net

1879339278 ( 83.244.130.25 ) To: relays[at]admin.spamcop.net

1879339270 ( 69.36.167.183 ) To: spamcop[at]imaphost.com

1879339261 ( 69.36.167.183 ) To: abuse[at]westhost.com

Link to comment
Share on other sites

ok, I have found out what an uube is — so if they are not uubes — what are they??

Thanks in advance

They are reports from human users who are saying..."THIS IS spam"

Somebody received those messages in their inbox and went to the trouble of manually reporting them as spam.

I just don't understand this, I don't have a 'computer' guy...

Then you are likely an end user. In that case, you should be complaining to your ISP that you are not getting the service you expect for the money you are paying them. You can direct them to this thread for more information.

Link to comment
Share on other sites

Coming in way late on this one ... I see what appear to be assumptions based on the first post's statement of "my mail" and the third post's staement of "my server" that the user was an admin of the server ... yet, all the follow-on remarks certainly indicate that running an e-mail server is something not done by the poster.

http://www.spamcop.net/w3m?action=blcheck&...p=83.244.130.25

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 4 hours.

spamtrap hits are the only listed cause ...

as posted above, a link from that page leads one to http://www.senderbase.org/?searchBy=ipaddr...g=83.244.130.25

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.9 .. 1095%

Last 30 days .. 4.4 ... 245%

Average ........ 3.9

heardly down a tick from the previous posting of this data ...

but this amount of traffic ( SenderBase's "Magnitude" Explained suggesting 130,000+ e-mails a day) kind of sugeest that this probably isn't a "home compter" situation either ....

So as hinted, stated, explained a number of times in the preceding replies here ... the likelyhood of this SpamCopDNSBL listing being solely stefi's e-mail alone is rather remote. Someone at .. hmmmm ...

crystal ball is cloudy here ....

09/05/06 12:19:42 Slow traceroute 83.244.130.25

Trace 83.244.130.25 ...

4.68.101.65 RTT: 39ms TTL: 0 (ae-1-53.bbr1.Chicago1.Level3.net ok)

212.187.128.58 RTT: 105ms TTL: 0 (ae-1-0.bbr1.London1.Level3.net ok)

4.68.116.105 RTT: 114ms TTL: 0 (ge-11-1.ipcolo1.London1.Level3.net ok)

212.113.5.67 RTT: 108ms TTL: 0 (No rDNS)

83.244.134.86 RTT: 108ms TTL: 0 (transit-i-gw2.hastwood.com bogus rDNS: host not found [authoritative])

* * * failed

* * * failed

inetnum: 83.244.130.0 - 83.244.130.255

netname: UK-EENET-HASTINGS

descr: Assigned to Advantage Interactive

descr: http://www.advantage-interactive.net

descr: Advantage Interactive Ltd

descr: 10-16 Tiller Road

descr: London

descr: E14 8PX

remarks: ******************************************************************

remarks: * All reports regarding these networks should be sent to:- *

remarks: * abuse[at]ai270.net only, If you report abuse to any other address *

remarks: * you will get no response.

country: GB

admin-c: EEUK1-RIPE

tech-c: EEUK1-RIPE

status: ASSIGNED PA

mnt-by: EXPONENTIAL-E-MNT

role: Exponential-e Ltd

address: Exponential-e Ltd

address: Frazer House

address: 32/38 Leman Street

address: London E1 8EW

address: England

phone: +44 (0)20 7173 6100

However, is has to be noted that stefi is posting here from an IP address located within the block;

inetnum: 84.92.128.0 - 84.92.191.255

netname: PLUSNET-DIAL-ADSL

descr: Dial-up and ADSL pool

descr: PlusNet Technologies Ltd

country: GB

admin-c: PLUS1-RIPE

tech-c: PNET2-RIPE

status: ASSIGNED PA

mnt-by: MAINT-AS6871

source: RIPE # Filtered

role: Plusnet Hostmaster

address: PlusNet Technologies Ltd

address: Technology Building

address: Terry Street

address: Sheffield

address: S9 2BU

address: UK

phone: +44 114 2200084

remarks: trouble: abuse[at]plus.net

I'm not familiar with the linkage between these entities ....

Bottom line, I don't see that stefi has any "direct" control over the e-mail server in question.

Link to comment
Share on other sites

So as hinted, stated, explained a number of times in the preceding replies here ... the likelyhood of this SpamCopDNSBL listing being solely stefi's e-mail alone is rather remote. Someone at .. hmmmm ...

crystal ball is cloudy here ....

09/05/06 12:19:42 Slow traceroute 83.244.130.25

Trace 83.244.130.25 ...

4.68.101.65 RTT: 39ms TTL: 0 (ae-1-53.bbr1.Chicago1.Level3.net ok)

212.187.128.58 RTT: 105ms TTL: 0 (ae-1-0.bbr1.London1.Level3.net ok)

4.68.116.105 RTT: 114ms TTL: 0 (ge-11-1.ipcolo1.London1.Level3.net ok)

212.113.5.67 RTT: 108ms TTL: 0 (No rDNS)

83.244.134.86 RTT: 108ms TTL: 0 (transit-i-gw2.hastwood.com bogus rDNS: host not found [authoritative])

* * * failed

* * * failed

The reason you can't get to the address is that it appears to be an outbound server only. I tried a TCP trace to it on port 25 and got knocked back too. It reverses to out-mta2.ai270.net.

The ai270.net domain has only one registered MX at mail-scan.hostingweb.co.uk, which is why I was suggesting that it's a problem where the inbound server doesn't know what the valid accounts are on the destination server which end up doing the delayed bounces.

This is what I meant by "doing some digging" in one of my previous posts. At the time, I didn't think the information would be useful, but now there are more techies around, it is probably worth mentioning how things look to be set up.

Link to comment
Share on other sites

I'm even more confused... :blush:

Quoting massive things like that previous post and adding only a one-liner like this isn't good practice. You may have noticed a number of previous posts were edited a bit, things like this "fixed" ....

That you don't understand is what I was trying to say, in that the issue isn't something you have control over, nothing "you" can fix. Where I ran into issues is trying to sort out just who you need to contact. You stated you were going to contact your ISP, but ....???? You are connecting to the Internet through one ISP, but the e-mail server in question is owned/managed by a different ISP .. and those ownership details weren't very clear. If you could shed some light on why/how you are using wo ISPs to handle your outgoing e-mail, that'd help, realizing of course that this may also be a business arrangement between these two ISPs, which you may or may not know anything about ....

Link to comment
Share on other sites

The "my server" thing might be addressed via the hosting of a web-site .. perhaps this is the "source of the e-mail in question" ...????

whois -h whois.nic.uk stefiorazi.co.uk ...

Domain name:

stefiorazi.co.uk

09/05/06 16:01:05 Slow traceroute stefiorazi.co.uk

Trace stefiorazi.co.uk failed, no such host

09/05/06 16:01:24 Slow traceroute www.stefiorazi.co.uk

Trace www.stefiorazi.co.uk (83.244.130.78) ...

4.68.116.105 RTT: 113ms TTL: 0 (ge-11-1.ipcolo1.London1.Level3.net ok)

212.113.5.67 RTT: 110ms TTL: 0 (No rDNS)

83.244.134.86 RTT: 120ms TTL: 0 (transit-i-gw2.hastwood.com bogus rDNS: host not found [authoritative])

83.244.130.78 RTT: 120ms TTL: 49 (www.stefiorazi.co.uk ok)

ns0.telivo.com reports the following MX records:

Preference Host Name IP Address

10 mail-scan.telivo.com 83.244.130.70

A bit more data or confusion, yet back to just "which" e-mail source still seems to be an issue for just "who" to contact ....

Link to comment
Share on other sites

I am using an ISP to connect to the internet — wireless network. As I am a freelance designer it means I often have to hook up to various networks, and therefore I don't use the ISP I am connected to for my outgoing mail. My domain name is managed by Telivo, and I use that as my outgoing mail server. Hope this makes sense.

I have spoken to Telivo, who said that emails coming from their server are often seen as spam. They said I should use my ISP as outgoing server, but this isn't always possible as I often 'hotdesk' in various companies...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...