Jump to content

IP 66.170.37.26


bugs4263

Recommended Posts

I'm new this and don't know that much. My problem is that we have been listed on spamcop and I have done all I know to try to fix it but am having no luck.

I need someone who knows a lot more than me to guide me if you would. I'm running exchange 2003 and all tests show no open relays. I don't know where to even go to see what we are sending out let alone how to stop it.

This is really a problem for the users and I could really use some guidance

Thank you

IP is 66.170.37.26

Link to comment
Share on other sites

A paying reporter will drop by soon and I'm sure they will post the subject information that is available to them, if any.

However, as an Exchange 2003 admin myself, I can give you some tips on places to start.

Make sure your users aren't using autoresponders excessively. Vacation responders are probably ok if they don't get too much spam that would get misdirected replies, but auto-responding to every message is right out.

Is the Exchange server the only computer at 66.170.37.26 or is that IP shared with other computers via some kind of NAT appliance? If it is shared, any computer sharing that IP could be causing your problem, make sure that your firewall blocks all outbound traffic on port 25 not originating from the Exchange server itself.

If you are using an Anti-Virus program that scans incoming email, make sure it is not set to send "you sent us an infected email" messages in response. These will only go to the forged "FROM" address on the message, so will only be annoying innocent 3rd parties and not doing any good.

Make sure if you have SMTP AUTH enabled that all of your user accounts have strong passwords and are required to change them regularly. If your users don't need to be able to relay mail through your Exchange server from outside your network, turn off SMTP AUTH altogether.

Make sure you have the "Filter recipients who are not in the Directory" checkbox selected on the "Recipient Filtering" tab of the Message Delivery Properties, otherwise you may be sending bounces to forged "FROM" addresses and annoying innocent 3rd parties.

Those would be the first items to check until we can get some more information from a paying reporter.

Edit: You might also want to contact abuse[at]indigital.net, as they would have received any complaints regarding your IP address. They should have forwarded those on to you, but clearly that is not the case, you might want to find out why.

Link to comment
Share on other sites

Looks like pill spams are spewing out that IP

Report History: 


--------------------------------------------------------------------------------

Submitted: Monday, October 30, 2006 11:21:26 AM -0500: 
Unbelievable! U can be healthy! 
1992981795 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 
1992981777 ( 66.170.37.26 ) To: abuse[at]indigital.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, October 18, 2006 7:03:58 PM -0400: 
Want to be healthy? U can! 
1974051806 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 
1974051800 ( 66.170.37.26 ) To: abuse[at]indigital.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, October 18, 2006 7:03:20 PM -0400: 
Cheapest way to solve health problems. 
1974051258 ( 66.170.37.26 ) To: spamcop[at]imaphost.com 
1974051250 ( 66.170.37.26 ) To: abuse[at]indigital.net 
_____________________________________

Seems to be a recent problem...as there are no older reports available.

Sender base shows you have taken some action to stop the spew:

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 2.2 -100%

Last 30 days 3.1 -7%

Average 3.1

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...