Jump to content

[Resolved] Help with figuring out why I keep getting listed?


avbrand

Recommended Posts

Posted

My own email server keeps getting blocked:

Diagnostic-Code: smtp;554 Service unavailable; Client host [208.68.90.156] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?208.68.90.156

A few weeks ago, when it first got blocked, I had a bunch of vacation autoresponders and stuff like that. I've since disabled all of that, and turned off pretty much every bounce message I can find (I'm using IMail v8).

But I keep getting listed.

The same server also runs a forum where registration emails are sent to whatever address people put in, so there's really nothing I can do if someone puts in a spamcop "honeypot" address.

Do you have any suggestions?

Thanks

-av

Posted

No suggestions but here is some further information. Two 'human' reports from yesterday.

Submitted: Thu, 16 Feb 2012 23:16:15 GMT:
Oh my, Christian! College nude run made me wanna show my nudity in public! #...

	5708078627 ( http://www.subota.kz/Edward ) To: tatyana.kalacheva[at]telecom.kz
	5708078626 ( http://www.subota.kz/Edward ) To: akushner[at]online.kz
	5708078625 ( http://www.subota.kz/Edward ) To: onekrasova#online.kz[at]devnull.spamcop.net
	5708078624 ( http://www.subota.kz/Edward ) To: bilyarov[at]online.kz
	5708078623 ( http://www.subota.kz/Edward ) To: nic#online.kz[at]devnull.spamcop.net
	5708078622 ( http://www.subota.kz/Edward ) To: dzhusipbek[at]online.kz
	5708078621 ( http://www.subota.kz/Edward ) To: natalya.petrova[at]telecom.kz
	5708078619 ( http://www.subota.kz/Edward ) To: dsuranchin#online.kz[at]devnull.spamcop.net
	5708078616 ( http://www.subota.kz/Edward ) To: lserebryanik#online.kz[at]devnull.spamcop.net
	5708078615 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708078614 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Submitted: Thu, 16 Feb 2012 12:26:14 GMT:
=?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82=D1=83=D0=BB=D1=8C=D0=BA=D0=B8=...

	5708103194 ( 208.68.90.156 ) To: [concealed user-defined recipient]
	5708103193 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708103192 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Which looks like good old-fashioned spam rather than vacation bounces. Looks like you have an infected machine somewhere on your network.

Posted

Thanks for getting back to me. I'm running a virus scan on the server now, but is there any more information you can give me? Maybe a header of the spam that was sent so I can see the User Agent of the server or something?

I'm trying to figure out if this is a problem in my Imail or in my IIS SMTP.

Thanks,

-av

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...