M.Wijkhuisen Posted April 7, 2009 Share Posted April 7, 2009 Hi, We are blacklisted with 193.172.8.36 as IP. We did al the things SpamCop advised for removal from the block. It will take another 18 hours before SpamCop remove us from the blacklist. How can I be removed from the blacklist so our users can mail again ? Greetz, M.Wijkhuisen Link to comment Share on other sites More sharing options...
DavidT Posted April 7, 2009 Share Posted April 7, 2009 According to the database, someone (you?) already used the "express delisting" option, and then your IP went back on the list. Because you're only allowed to use that feature once, and must be sure that you fix your backscatter problem *before* you use it, I think you'll have to wait another 17 hours before the IP will be clear. I'm just another user -- you can get an official answer from SpamCopAdmin if he sees this topic and responds. DT Link to comment Share on other sites More sharing options...
M.Wijkhuisen Posted April 7, 2009 Author Share Posted April 7, 2009 yes that was last week, then there was an attack from china on our mail relay, then we have reloaded the OS on the mail relay to be sure there was no backdoor on that server and checked every client and server in the internal lan and checked every server in our DMZ. Al servers and clients came out clean. And now spamcop says we have misdirected bounce messages and the spam where he talks about is from last week. Link to comment Share on other sites More sharing options...
Wazoo Posted April 7, 2009 Share Posted April 7, 2009 We are blacklisted with 193.172.8.36 as IP. We did al the things SpamCop advised for removal from the block. Out of curiosity, just what "things" did you actually do? It will take another 18 hours before SpamCop remove us from the blacklist. How can I be removed from the blacklist so our users can mail again ? http://www.senderbase.org/senderbase_queri...ng=193.172.8.36 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ..... 2.7 .. 471% Last month ..2.0 A bit confusing .. 'seen' traffic has gone up from a couple of hundred to over a thousand e-mails a day, but your complaint is that your users can't send 'any' e-mail??? http://spamcop.net/w3m?action=checkblock;ip=193.172.8.36 talks about both spamtrap hits and suggests the probability/possibility of Misdirected Bounces .. nothing about plain old user Reports. Not knowing what you did (as asked above) so perhaps this traffic number is on its way down ...????? Edit: ouch! While I was typing the previous, you posted again .. why are you using the term "mail relay" ..???? Link to comment Share on other sites More sharing options...
M.Wijkhuisen Posted April 7, 2009 Author Share Posted April 7, 2009 we have 2 "mail" servers, one our "mail relay", this is a server which relays the domains we have in our organizations, (Thats why i use Mail relay and on our IT department everybody then knows about which server we talk about ) and scans the incoming and outgoing massages, the messages that are allowed and are clean then send to our internal Exchange. We can send not to al our users needs because they use spamcop.net as blacklist Link to comment Share on other sites More sharing options...
Wazoo Posted April 7, 2009 Share Posted April 7, 2009 It's coming up on an hour and the SenderBase data hasn't changed yet (per my look-up just now) ... you dudn't say anything about the volume being acceptable/correct or not. Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted April 7, 2009 Share Posted April 7, 2009 I removed 193.172.8.36 from our list. The server is sending delivery failure notices to spamtrap addresses that feed our complaint database. A spamtrap is an unused address whose sole reason for existence is to see if people will send unsolicited mail to it. Spamtraps are basically the nonexistent addresses at small vanity domains owned by us or our associates. It's misdirected bounces that are causing the server to be listed. Our trap addresses aren't sending any mail, so they shouldn't be getting any bounces. The bounces are being sent "delayed." Instead of refusing mail during the SMTP conversation, the server is accepting mail with forged headers and then later sending a bounce to what it thinks is the sender, but is in reality a forged return address. Delivery failure notices should be sent by the sending server that failed to deliver the message, not by the receiving server that rejected it. This FAQ offers suggestions about solutions. http://www.spamcop.net/fom-serve/cache/329.html Misdirected bounces are becoming a *huge* problem. The beleaguered victims of spammer forgery are being inundated with bounces. Allowing the system to send that mail is just not right. - Don D'Minion - SpamCop Admin - service[at]admin.spamcop.net . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.