Jump to content

[Resolved] Help with figuring out why I keep getting listed?


avbrand

Recommended Posts

My own email server keeps getting blocked:

Diagnostic-Code: smtp;554 Service unavailable; Client host [208.68.90.156] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?208.68.90.156

A few weeks ago, when it first got blocked, I had a bunch of vacation autoresponders and stuff like that. I've since disabled all of that, and turned off pretty much every bounce message I can find (I'm using IMail v8).

But I keep getting listed.

The same server also runs a forum where registration emails are sent to whatever address people put in, so there's really nothing I can do if someone puts in a spamcop "honeypot" address.

Do you have any suggestions?

Thanks

-av

Link to comment
Share on other sites

No suggestions but here is some further information. Two 'human' reports from yesterday.

Submitted: Thu, 16 Feb 2012 23:16:15 GMT:
Oh my, Christian! College nude run made me wanna show my nudity in public! #...

	5708078627 ( http://www.subota.kz/Edward ) To: tatyana.kalacheva[at]telecom.kz
	5708078626 ( http://www.subota.kz/Edward ) To: akushner[at]online.kz
	5708078625 ( http://www.subota.kz/Edward ) To: onekrasova#online.kz[at]devnull.spamcop.net
	5708078624 ( http://www.subota.kz/Edward ) To: bilyarov[at]online.kz
	5708078623 ( http://www.subota.kz/Edward ) To: nic#online.kz[at]devnull.spamcop.net
	5708078622 ( http://www.subota.kz/Edward ) To: dzhusipbek[at]online.kz
	5708078621 ( http://www.subota.kz/Edward ) To: natalya.petrova[at]telecom.kz
	5708078619 ( http://www.subota.kz/Edward ) To: dsuranchin#online.kz[at]devnull.spamcop.net
	5708078616 ( http://www.subota.kz/Edward ) To: lserebryanik#online.kz[at]devnull.spamcop.net
	5708078615 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708078614 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Submitted: Thu, 16 Feb 2012 12:26:14 GMT:
=?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82=D1=83=D0=BB=D1=8C=D0=BA=D0=B8=...

	5708103194 ( 208.68.90.156 ) To: [concealed user-defined recipient]
	5708103193 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net
	5708103192 ( 208.68.90.156 ) To: support[at]spdnetwork.net 

Which looks like good old-fashioned spam rather than vacation bounces. Looks like you have an infected machine somewhere on your network.

Link to comment
Share on other sites

Thanks for getting back to me. I'm running a virus scan on the server now, but is there any more information you can give me? Maybe a header of the spam that was sent so I can see the User Agent of the server or something?

I'm trying to figure out if this is a problem in my Imail or in my IIS SMTP.

Thanks,

-av

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...