orlandoc Posted February 5, 2010 Share Posted February 5, 2010 It appears as if all inbound messages to our domain (rrjfs.org) are being bounced back with the following message: 173.9.185.13 does not like recipient. Remote host said: 550 5.7.1 208.109.78.208 has been blocked by Spamcop Giving up on 173.9.185.13. When I test our email server locally using telnet on port 25, I get the same message stating that my INTERNAL ip address being blocked. I am now getting messages stating that my local gateway ip is being blocked by Spamcop as well. This sounds like a virus to me, but I cannot seem to find any information that matches that my sepecific problem. Help! Link to comment Share on other sites More sharing options...
Wazoo Posted February 6, 2010 Share Posted February 6, 2010 It appears as if all inbound messages to our domain (rrjfs.org) are being bounced back with the following message: When I test our email server locally using telnet on port 25, I get the same message stating that my INTERNAL ip address being blocked. I am now getting messages stating that my local gateway ip is being blocked by Spamcop as well. From the dscription, title used, and even results from a 'local' test, the problem would seem to be the configuration of whatever application is invoked to attempt to 'use' the SpamCopDNSBL. Read this as the suugested scenario in that "all" IP Addresses are failing some test and the 'bad' exit code then pulls up the text entered for a positive SpamCopDNSBL result. Basically, multiple errors in the configuration settings ..... all IP Addresses locked out and the wrong error messge selected, at a minimum. (Again, based on your description.) mx:rrjfs.org mx Pref Hostname IP Address TTL 10 rrjfs.org.1.0001.arsmtp.com 204.232.236.134 60 min SMTP Test Blacklist Check 20 rrjfs.org.2.0001.arsmtp.com 204.232.236.135 60 min SMTP Test Blacklist Check Reported by ns27.domaincontrol.com smtp:204.232.236.134 smtp 220 server56.appriver.com ESMTP srv-d Not an open relay. 0 seconds - Good on Connection time 2.262 seconds - Good on Transaction time OK - 204.232.236.134 resolves to server56.appriver.com OK - Reverse DNS matches SMTP Banner Session Transcript: HELO please-read-policy.mxtoolbox.com 250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [62 ms] MAIL FROM: <supertool[at]mxtoolbox.com> 250 supertool[at]mxtoolbox.com sender accepted [47 ms] RCPT TO: <test[at]example.com> 571 test[at]example.com prohibited. We do not relay [2106 ms] QUIT 221 inbound.appriver.com SMTP closing connection [47 ms] smtp:204.232.236.135 smtp 220 server56.appriver.com ESMTP srv-e Not an open relay. 0 seconds - Good on Connection time 2.324 seconds - Good on Transaction time OK - 204.232.236.135 resolves to server57.appriver.com OK - Reverse DNS matches SMTP Banner Session Transcript: HELO please-read-policy.mxtoolbox.com 250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [172 ms] MAIL FROM: <supertool[at]mxtoolbox.com> 250 supertool[at]mxtoolbox.com sender accepted [62 ms] RCPT TO: <test[at]example.com> 571 test[at]example.com prohibited. We do not relay [2028 ms] QUIT 221 inbound.appriver.com SMTP closing connection [62 ms] MX test seems to show the server is working, but can't help but note the (different) Domain names in use which would mak it look like this isn't "your" e-mail server. Your Host needs a holler about your issue. and after yet more searching around, now wondering just how BlueGate enters into this picture ...???? Link to comment Share on other sites More sharing options...
turetzsr Posted February 6, 2010 Share Posted February 6, 2010 <snip> 173.9.185.13 does not like recipient. Remote host said: 550 5.7.1 208.109.78.208 has been blocked by Spamcop <snip> ...If you can find whomever is responsible for the content of the error messages, please ask them to change the content: SpamCop never blocks e-mail except e-mails directed to one of its servers, so saying "blocked by SpamCop" is, at best, misleading. If the receiving server is blocking because the source IP address appears on the SpamCop Blacklist, then the message could say that. ...Thanks! And good luck. Link to comment Share on other sites More sharing options...
orlandoc Posted February 6, 2010 Author Share Posted February 6, 2010 From the dscription, title used, and even results from a 'local' test, the problem would seem to be the configuration of whatever application is invoked to attempt to 'use' the SpamCopDNSBL. Read this as the suugested scenario in that "all" IP Addresses are failing some test and the 'bad' exit code then pulls up the text entered for a positive SpamCopDNSBL result. Basically, multiple errors in the configuration settings ..... all IP Addresses locked out and the wrong error messge selected, at a minimum. (Again, based on your description.) mx:rrjfs.org mx Pref Hostname IP Address TTL 10 rrjfs.org.1.0001.arsmtp.com 204.232.236.134 60 min SMTP Test Blacklist Check 20 rrjfs.org.2.0001.arsmtp.com 204.232.236.135 60 min SMTP Test Blacklist Check Reported by ns27.domaincontrol.com smtp:204.232.236.134 smtp 220 server56.appriver.com ESMTP srv-d Not an open relay. 0 seconds - Good on Connection time 2.262 seconds - Good on Transaction time OK - 204.232.236.134 resolves to server56.appriver.com OK - Reverse DNS matches SMTP Banner Session Transcript: HELO please-read-policy.mxtoolbox.com 250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [62 ms] MAIL FROM: <supertool[at]mxtoolbox.com> 250 supertool[at]mxtoolbox.com sender accepted [47 ms] RCPT TO: <test[at]example.com> 571 test[at]example.com prohibited. We do not relay [2106 ms] QUIT 221 inbound.appriver.com SMTP closing connection [47 ms] smtp:204.232.236.135 smtp 220 server56.appriver.com ESMTP srv-e Not an open relay. 0 seconds - Good on Connection time 2.324 seconds - Good on Transaction time OK - 204.232.236.135 resolves to server57.appriver.com OK - Reverse DNS matches SMTP Banner Session Transcript: HELO please-read-policy.mxtoolbox.com 250 inbound.appriver.com your name is not please-read-policy.mxtoolbox.com [172 ms] MAIL FROM: <supertool[at]mxtoolbox.com> 250 supertool[at]mxtoolbox.com sender accepted [62 ms] RCPT TO: <test[at]example.com> 571 test[at]example.com prohibited. We do not relay [2028 ms] QUIT 221 inbound.appriver.com SMTP closing connection [62 ms] MX test seems to show the server is working, but can't help but note the (different) Domain names in use which would mak it look like this isn't "your" e-mail server. Your Host needs a holler about your issue. and after yet more searching around, now wondering just how BlueGate enters into this picture ...???? Thanks for the input! It looks like the problem has been resolved for now, but the cause is still unknown. I stopped the Virtual SMTP Server on my Exchange 2003 Server, and created a new one with the same configuration as the old one, however with a different name. After I started the service, I tested using telnet (locally). Now the RCPT message "xxx.xxx.xxx.xxx is blocked by Spamcop" was gone, and I was able to send and receive email from internal and external domains. So far so good, but like I said, I still don't know what caused the problem to begin with. The BlueGateSoftware domain is my personal email email host, which I used to test the inbound messages. Each time I sent an email to my work domain it was rejected, with the NDR showing a different IP address, all of which were stated as being blocked by Spamcop, and which appeared on several RBL servers. I have run anti-virus and malware scanners on the Exchange server repeatedly, and it appears to be clean - all the more puzzling. This weekend all machines on the network will get similar workouts, the thought being that maybe there is a machine on the network that passed a virus to the Exchange server and hijacked the SMTP service. Link to comment Share on other sites More sharing options...
Wazoo Posted February 6, 2010 Share Posted February 6, 2010 Thanks for the input!Thanks for the feedback/followup. Tagging this as Resolved. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.