timothyx Posted March 19, 2009 Share Posted March 19, 2009 What bumbling idiots created the blacklist removal tool? It does a reverse DNS lookup on my mail server's IP address, surprise surprise its comes back to my internet providers domain. Of course there are no MX records... So now you offer me a choice of some common administrator emails at my ISP's domain how exactly am i supposed to request delisting based on those emails? Link to comment Share on other sites More sharing options...
Farelf Posted March 19, 2009 Share Posted March 19, 2009 We're mostly just users here - look at http://www.spamcop.net/fom-serve/cache/290.html for the standard BL FAQ, come back if it remains unclear how to proceed. Link to comment Share on other sites More sharing options...
Wazoo Posted March 19, 2009 Share Posted March 19, 2009 What bumbling idiots created the blacklist removal tool? Someone that a lot of folks hold in very high regard, showing signs of genuis in many ways. It does a reverse DNS lookup on my mail server's IP address, And just what mail server might this be? (Actually, at this point, it doesn't matter .. the rDNS lookup is done against the IP Address, not your "mail server') The only information provided in your post is (data available to just a few) is the IP Address of the system you posted from. So that's what I used to start trying to look things up in order to try to answer your apparent 'real' question ... Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au ... doesn't really 'look' like an 'official' e-mail server, more like someone's DSL connection to their ISP. surprise surprise its comes back to my internet providers domain. Of course there are no MX records... ??? and if there are MX records somewhere that point to something else, where and what might they be? Of course, the real question is actually asking just what IP Address is really involved .... which of course then leads to even more questions like is it one computer, a network point, is there a router and/or firewall in place, on and on .. all that wonderful stuff not mentioned in your rant ... On the other hand .... telnet 203.191.163.83 25 220 insightinformatics.com.au Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 19 Mar 2009 16:55:51 +1000 ns18.zoneedit.com reports the following MX records for 'insightinformatics.com.au': Preference Host Name IP Address 0 mail.insightinformatics.com.au 203.191.163.83 Reverse DNS FAILED! This is a problem. (also explains some of your ranted-about issues) So there really is an e-mail server running at that IP Address .... but there's some bad background data involved. Wondering if you really meant to lie about the "no MX records" or is it that this server/network/whatever isn't really under "your" control? So now you offer me a choice of some common administrator emails at my ISP's domain how exactly am i supposed to request delisting based on those emails? The "you" in question isn't actually 'here' .... on the other hand, delisting at the moment doesn't look like very good idea. http://www.spamcop.net/w3m?action=checkblock&ip=203.191.163.83 203.191.163.83 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week Has this been corrected yet? Hmmm, doesn't look like it .... http://www.senderbase.org/senderbase_queri...=203.191.163.83 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ...... 3.5 ... 1357% Last month .. 2.4 A starting spot might be http://www.spamcop.net/bl.shtml?203.191.163.83 It seems that taking the time to look at some FAQs, read some existing Posts/Discussions made by folks that have "been there before you" might be a better use of your time, as compared to simply stopping by here and venting .... especially without providing any real data. The delisting process would make more sense if the numbers and details seen above changed dramatically, typically by finding and removing the compromised system(s) from the network, infected computer(s) cleaned up, stuff like that .... Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 19, 2009 Share Posted March 19, 2009 The important thing is that apparently there is an infected computer (or insecure wireless router) at that IP address. However, many server admins will not allow email from computers that have no reverse DNS. It doesn't affect the spamcop blocklist, but server admins do not only use the spamcop blocklist, but a variety of blocklists and content filters to prevent spam from entering their space. Being listed on the spamcop blocklist is an early warning sign that somehow a spammer is using this IP address to send spam, usually without the owner's knowledge. If the computer is not cleaned up, then eventually that IP address will be listed on lots of blocklists. The spamcop blocklist is automatic - spam stops being reported, the IP address comes off the blocklist. Other blocklists are not automatic. Miss Betsy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2009 Share Posted March 19, 2009 What bumbling idiots created the blacklist removal tool? It does a reverse DNS lookup on my mail server's IP address, surprise surprise its comes back to my internet providers domain. The primary function of that page is to allow the administrators of the mail server in question to delist after the issues have been resolved. It only allows that to be done once before you are forced to wait the 24 hours after the last spam is received, so precautions are needed. Link to comment Share on other sites More sharing options...
Farelf Posted March 19, 2009 Share Posted March 19, 2009 blcheck (<23 hours from listing) 203.191.163.83 not listed in bl.spamcop.net ------------------------------------------------------------------------------------------- SenderBase Report on IP address: 203.191.163.83 Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day 3.6 1449% Last month 2.4 Information from whois No information found for 203.191.163.83 ------------------------------------------------------------------------------------------- nslookup > set type=mx > insightinformatics.com.au ... Non-authoritative answer: insightinformatics.com.au MX preference = 0, mail exchanger = mail.insight informatics.com.au mail.insightinformatics.com.au internet address = 203.191.163.83 > asklibero.com ... Non-authoritative answer: asklibero.com MX preference = 0, mail exchanger = mail.asklibero.com mail.asklibero.com internet address = 203.191.163.83 -------------------------------------------------------------------------------------------- SenderBase Report on hostname: mail.insightinformatics.com.au Volume Statistics for this Network Owner Magnitude Vol Change vs. Last Month Last day 0.0 N/A Last month 0.0 Information from whois [ Show/hide details ] Network Owner: Registrant ID: ACN 010979987 Eligibility Type: Sole Trader Link to comment Share on other sites More sharing options...
Lking Posted March 19, 2009 Share Posted March 19, 2009 blcheck (<23 hours from listing) 203.191.163.83 not listed in bl.spamcop.net ------------------------------------------------------------------------------------------- SenderBase Report on IP address: 203.191.163.83 Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day 3.6 1449% Last month 2.4 Information from whois No information found for 203.191.163.83 203.191.163.83 Record Type: IP Address OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: 202.0.0.0 - 203.255.255.255 CIDR: 202.0.0.0/7 NetName: APNIC-CIDR-BLK NetHandle: NET-202-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: TINNIE.ARIN.NET NameServer: NS-SEC.RIPE.NET NameServer: DNS1.TELSTRA.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/info/faq/abuse Comment: RegDate: 1994-04-05 Updated: 2005-05-20 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: search-apnic-not-arin[at]apnic.net Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.