avbrand Posted February 17, 2012 Posted February 17, 2012 My own email server keeps getting blocked: Diagnostic-Code: smtp;554 Service unavailable; Client host [208.68.90.156] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?208.68.90.156 A few weeks ago, when it first got blocked, I had a bunch of vacation autoresponders and stuff like that. I've since disabled all of that, and turned off pretty much every bounce message I can find (I'm using IMail v8). But I keep getting listed. The same server also runs a forum where registration emails are sent to whatever address people put in, so there's really nothing I can do if someone puts in a spamcop "honeypot" address. Do you have any suggestions? Thanks -av
Derek T Posted February 17, 2012 Posted February 17, 2012 No suggestions but here is some further information. Two 'human' reports from yesterday. Submitted: Thu, 16 Feb 2012 23:16:15 GMT: Oh my, Christian! College nude run made me wanna show my nudity in public! #... 5708078627 ( http://www.subota.kz/Edward ) To: tatyana.kalacheva[at]telecom.kz 5708078626 ( http://www.subota.kz/Edward ) To: akushner[at]online.kz 5708078625 ( http://www.subota.kz/Edward ) To: onekrasova#online.kz[at]devnull.spamcop.net 5708078624 ( http://www.subota.kz/Edward ) To: bilyarov[at]online.kz 5708078623 ( http://www.subota.kz/Edward ) To: nic#online.kz[at]devnull.spamcop.net 5708078622 ( http://www.subota.kz/Edward ) To: dzhusipbek[at]online.kz 5708078621 ( http://www.subota.kz/Edward ) To: natalya.petrova[at]telecom.kz 5708078619 ( http://www.subota.kz/Edward ) To: dsuranchin#online.kz[at]devnull.spamcop.net 5708078616 ( http://www.subota.kz/Edward ) To: lserebryanik#online.kz[at]devnull.spamcop.net 5708078615 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net 5708078614 ( 208.68.90.156 ) To: support[at]spdnetwork.net Submitted: Thu, 16 Feb 2012 12:26:14 GMT: =?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82=D1=83=D0=BB=D1=8C=D0=BA=D0=B8=... 5708103194 ( 208.68.90.156 ) To: [concealed user-defined recipient] 5708103193 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net 5708103192 ( 208.68.90.156 ) To: support[at]spdnetwork.net Which looks like good old-fashioned spam rather than vacation bounces. Looks like you have an infected machine somewhere on your network.
avbrand Posted February 17, 2012 Author Posted February 17, 2012 Thanks for getting back to me. I'm running a virus scan on the server now, but is there any more information you can give me? Maybe a header of the spam that was sent so I can see the User Agent of the server or something? I'm trying to figure out if this is a problem in my Imail or in my IIS SMTP. Thanks, -av
avbrand Posted February 17, 2012 Author Posted February 17, 2012 I think I found it -- some old user accounts on Imail had apparently been compromised. Thanks for your help!
turetzsr Posted February 17, 2012 Posted February 17, 2012 Hi, av, ...Good sleuthing! I am adding the "resolved" flag to the subject line of this topic.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.