Jump to content

"Relay access denied": Is it blocking reason ?


reinerotto
 Share

Recommended Posts

Hi,

my IP has been blocked some time ago for some valid reason. My email-server, running on a Virtual Linux Server, has been used as a relay for spam, and even as a source, using IP "0.0.0.0" as a destination.

Up to my knowledge, this problem is fixed. At least in my logs, I can not veryfy, that spam is still sent or relayed. However, I am still blocked, and spamcop tells me:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

The time for delisting does not decrease, stayes just below 24h, so I suspect, that I am re-listed and re-listed gain, without knowing the real cause.

The only idea, which I have: In the logs I see a lot of unsuccessful (?) tries to relay some spam, like

Feb 28 20:28:36 h123456 postfix/smtpd[18119]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <535_lee_f_benson[at]kcc.com>: Relay access denied; from=<eric.peoples_er[at]sprint.ca> to=<535_lee_f_benson[at]kcc.com> proto=ESMTP helo=<wxs.nl>

Feb 28 19:35:59 h123456 postfix/smtpd[5380]: warning: numeric domain name in resource data of MX record for seed.net: 0.0.0.0

Feb 28 19:35:59 h123456 postfix/smtpd[5380]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <umtaida[at]seed.net>: Recipient address rejected: Access denied; from=<yang-nico[at]hotmail.com> to=<umtaida[at]seed.net> proto=SMTP helo=<ppp-217-77-221-14.wildpark.net>

May be, it is not correct to "reject" the mails, could this be the reason of being blocked ?

Link to comment
Share on other sites

May be, it is not correct to "reject" the mails, could this be the reason of being blocked ?

Rejecting with a 5xx at the time of the SMTP connection is exactly the right thing to do and will not get you listed. Please make sure that your system is not generating new mail to the (spoofed) 'from field'. See the FAQ on bounces and backscatter. An email to the administrators might result in your being told what sort of 'spam' is hitting their spamtraps.

Link to comment
Share on other sites

I am not a server admin, so I don't completely understand about relays and error messages. However, if you closed the relay for all relaying, then I would think that your logs would show IP addresses rather than email addresses trying to access it and being rejected. If those rejection messages are going to email addresses, rather than being returned to the sending server, that is backscatter, as Derek says.

Miss Betsy

Link to comment
Share on other sites

If you would like to send me the IP address of your server, I would be happy to look into the blocking history.

Yeah, that How to ask a good question thing all over again. On the other hand, the question asked can be answered by the single word "no" .... a 5xx rejection has no bearing on a SpamCopDNSBL listing/de-listing. Derek T said this in a lot more words, also making the suggestion to make more direct contact for possible specific data.

For the all-too-typical-issue, the problem probably isn't with or via the e-mail server ... these days the typical 'source' of bad e-mail traffic is from an infected/compromised machine attached to the network involved.

Link to comment
Share on other sites

Topic starter data -> Last Active ... 1st March 2009 - 06:49 PM .... Approximately 25 minutes after the last previous post. Appearances would suggest that any further discussion has gone off-line, tilting towards that nasty "handled by e-mail" scenario.

As no specific information has been made within this discussion, who could complain then if this Topic was tagged as "Resolved" ...???? Well, that is, ignoring those folks that might use the magic set of words for a search and end up landing on this Discussion, hoping to "find an answer" .....

Link to comment
Share on other sites

Topic starter data -> Last Active ... 1st March 2009 - 06:49 PM .... Approximately 25 minutes after the last previous post. Appearances would suggest that any further discussion has gone off-line, tilting towards that nasty "handled by e-mail" scenario.

As no specific information has been made within this discussion, who could complain then if this Topic was tagged as "Resolved" ...???? Well, that is, ignoring those folks that might use the magic set of words for a search and end up landing on this Discussion, hoping to "find an answer" .....

I provided the IP in question by email to a spamcopadmin, to get further info about being detected in the spamtraps.

For some reason, I do not want the IP in question to be public.

My IP is NOT an OpenRelay, at least according to my test, and according to the test of another third party.

However, can anybody suggest a real strict test program, to check an IP for OpenRelay ?

So, problem is still pending. I am willing to share results from ongoing investigation, as soon as there is definite info.

Link to comment
Share on other sites

Then, if the relay is closed, there are two possibilities - that you are accepting email and then sending a rejection email to an innocent person or that you have not found the source of the infection on your computer or a computer that is linked to your computer.

If you are using a wireless router, that may the source of the problem also. Spammers can easily gain access to a wireless router.

Miss Betsy

Link to comment
Share on other sites

I provided the IP in question by email to a spamcopadmin, to get further info about being detected in the spamtraps.

For some reason, I do not want the IP in question to be public.

As noted by Derek, this pretty much precludes any investigation or much help from this side of the screen.

My IP is NOT an OpenRelay, at least according to my test, and according to the test of another third party.

However, can anybody suggest a real strict test program, to check an IP for OpenRelay ?

So, problem is still pending. I am willing to share results from ongoing investigation, as soon as there is definite info.

Yet .. there are so many existing previous Discussions on other's who have gone through this and actually found a solution. As I suggested earlier, if you believe that your e-mail server is 'secure' .. then why hasn't anything been said about looking for other traffic? Specifically, Port 25 traffic from a networked computer/system (if yout e-mail server is virtualized, what other processes are running on that same system?) that is making it past your apparently non-existent firewall ....???

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...