jamaro Posted February 4, 2009 Share Posted February 4, 2009 Greetings. Ours IP (213.186.195.179) have wrongly blocked. We are not engaged spam in dispatch. Please unblock ours IP. Thanks! Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 4, 2009 Share Posted February 4, 2009 You may not intend to send spam. There is spam coming from your IP address. You may have an infected computer that is sending spam without your knowledge. Please inspect your computers for trojans or viruses. You may also be sending 'misdirected bounces' If you do not understand about 'misdirected bounces', please ask. If you ask here, someone can tell you how to find the infected computer if you need help. Miss Betsy Link to comment Share on other sites More sharing options...
Derek T Posted February 4, 2009 Share Posted February 4, 2009 Greetings. Ours IP (213.186.195.179) have wrongly blocked. We are not engaged spam in dispatch. Please unblock ours IP. Thanks! Yours IP have rightly blocked 213.186.195.179 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) * SpamCop users have reported system as a source of spam less than 10 times in the past week please fix your server. De-listing is automatic when the spam stops. Link to comment Share on other sites More sharing options...
jamaro Posted February 4, 2009 Author Share Posted February 4, 2009 At us is not present infected with virus PC. I have personally checked up it. Besides on PC it is installed NOD32 and Trojan Remover NOD32 And Trojan Remover are regularly updated 22 hours it long to wait, as it is possible to accelerate process Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 4, 2009 Share Posted February 4, 2009 SpamCop is automatic. Your IP address will be de-listed when the spam stops. You need to find the source of the spam or backscatter (also called 'misdirected bounces'). From the SenderBase Statistics Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day 3.5 135% Can you account for 135% increase in your volume of email today? You are also listed at cbl.abuseat.org They say: ATTENTION: At the time of detection, this IP was infected with, or NATting for a computer infected with a high volume spam sending trojan - it is participating or facilitating a botnet sending spam or spreading virus/spam trojans. If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent outbound port 25 connections to the Internet except from your real mail servers. If you are running a Barracuda anti-spam appliance, turn off the "bounce spam" feature before delisting. Barracuda appliances with the "bounce spam or virus" feature turned on are showering innocent third parties with bounces of email that they didn't send. This is called "backscatter", and can get you listed in quite a number of DNSBLs (including SpamCop). The sooner you find the source of the spam, the sooner you will be delisted. If you don't find the source of the spam, you will be listed on many more blocklists. Some of those blocklists are difficult to be removed from. Miss Betsy Link to comment Share on other sites More sharing options...
Derek T Posted February 4, 2009 Share Posted February 4, 2009 At us is not present infected with virus PC. I have personally checked up it. Besides on PC it is installed NOD32 and Trojan Remover NOD32 And Trojan Remover are regularly updated 22 hours it long to wait, as it is possible to accelerate process Despite your protestations, you are still spewing spam. 1330 GMT: Counter reset to 24 hours - spam still coming from that IP FIX IT! If you are running a Barracuda anti-spam appliance, turn off the "bounce spam" feature before delisting. Barracuda appliances with the "bounce spam or virus" feature turned on are showering innocent third parties with bounces of email that they didn't send. This is called "backscatter", and can get you listed in quite a number of DNSBLs (including SpamCop). The sooner you find the source of the spam, the sooner you will be delisted. If you don't find the source of the spam, you will be listed on many more blocklists. Some of those blocklists are difficult to be removed from. Looking at the reports, it does not appear to be back-scatter. Link to comment Share on other sites More sharing options...
DavidT Posted February 4, 2009 Share Posted February 4, 2009 Yes, you have a computer sending through that IP that seems to be infected and part of a botnet. Here are the spam reports that we can see, but the bigger problem is what we can't see, which are the hits to secret spamtrap addresses: Submitted: Tuesday, February 03, 2009 4:51:32 PM -0700: Lets Chat * 3838856646 ( 213.186.195.179 ) To: mole[at]devnull.spamcop.net Submitted: Tuesday, February 03, 2009 4:01:20 AM -0700: Lets Chat * 3836975172 ( 213.186.195.179 ) To: igorp[at]mas-el.kiev.ua So, you're going to have to check whatever SMTP logs you might have to see how those spam messages are getting sent by your system. I compared all of the commercial antivirus/security products recently, and although NOD32 was high on my list, I think that the Kaspersky products currently might be better at detecting this kind of thing. DT Link to comment Share on other sites More sharing options...
Farelf Posted February 4, 2009 Share Posted February 4, 2009 Now listed in dnsbl-1.uceprotect.net as well. Proceed to http://www.uceprotect.net/en/rblcheck.php and enter IP address for detail. Link to comment Share on other sites More sharing options...
Derek T Posted February 5, 2009 Share Posted February 5, 2009 1550 GMT Counter reset again (23hrs) and a further user report submitted yesterday. Time to unplug that server from the internet until it's been cleaned up, I think. Link to comment Share on other sites More sharing options...
Wazoo Posted February 12, 2009 Share Posted February 12, 2009 http://www.spamcop.net/w3m?action=checkblo...213.186.195.179 213.186.195.179 not listed in bl.spamcop.net http://www.senderbase.org/senderbase_queri...213.186.195.179 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ........ 0.0 .. N/A Last month ... 3.3 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.