Jump to content

Blocked address


Teligent

Recommended Posts

On 4/21/04 3:56 pm et one of our people received an e-mail stating that our exchange server was blocked by spamcop.net. My ip is 64.64.159.7 and I am one of the exchange administrators at Teligent. I would like to receive a report of the mail that tripped the spam trap. Please send the report to abuse[at]teligent.com and I will do whatever I can to halt the spam.

Thank you

Link to comment
Share on other sites

I hope you check back here because I can't email you now.

The usual reason for a whitehat ISP to get listed is sending auto replies for viruses or spam to spam traps. The second most common reason is that there is a compromised machine or other security hole.

If you can't find it on your own, you need to write to deputies <at> spamcop.net because only they can see the email that triggered the listing.

Miss Betsy

Link to comment
Share on other sites

You could take a look at http://forum.spamcop.net/forums/index.php?showtopic=972 ... but it may not help in your situation. The big flag in your query is the "exchange server" .. as this jumps up to the much-too-common issue of hacked accounts based on default and/or weak passwords. There are a number of spammers that are known for brute-force work on compromising "exchange servers" and they seem to be pretty successful at finding these systems. Starting out with the most obvious ... is the Guest account still active and has the password to that account ever been changed to something a bit more difficult to guess that "guest" ... Just trying to suggest where to start looking as one would think that you'd already been through your logs looking for other things ..???

As the BL page currently only mentions spamtrap hits, you might be able to get some data from your query to Deputies .. but a complete copy of the e-mail isn't the way the spamtrap data is handled, so while waiting for what info Deputies may provide, you might want to look at the "admin" accounts to see if they've been compromised, firewall activity reports to see if a machine on your network has been compromised and sending e-mail "around" your exchange server .. things like that ..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...