rabeatz Posted July 27, 2012 Share Posted July 27, 2012 I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office. Two examples of the bounceback messages: Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com) for <*******[at]rmxmail.com>; Fri, 27 Jul 2012 11:07:55 -0400 Return-Path: <> Received: from [127.0.0.1] ([local]) by cdptpa-omtalb.mail.rr.com (envelope-from <>) (ecelerity 2.2.3.46 r()) with INTERNAL id 9D/60-13948-A2FA2105; Fri, 27 Jul 2012 15:09:30 +0000 From: Mail Delivery System <> To: ********[at]rmxmail.com Subject: Mail Delivery Failure Message-ID: <9D.60.13948.A2FA2105[at]cdptpa-omtalb.mail.rr.com> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ==" Date: Fri, 27 Jul 2012 15:09:30 +0000 X-FromIP: 75.180.132.120 --Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ== Content-Type: text/plain This message was created automatically by the mail system (ecelerity). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: >>> *********[at]ackerteam.com (reading BANNER): 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120 --Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ== Content-Type: message/delivery-status Arrival-Date: Fri, 27 Jul 2012 15:09:30 +0000 Reporting-MTA: dns; cdptpa-oedge02.mail.rr.com Action: failed Last-Attempt-Date: Fri, 27 Jul 2012 15:09:30 +0000 Final-Recipient: rfc822; **********[at]ackerteam.com Status: 5.7.1 Remote-MTA: dns; mx.ackerteam.com.cust.hostedemail.com Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host [75.180.132.120] blocked using urbl.hostedemail.com; http://www.spamcop.net/w3m?action=checkblock&ip=75.180.132.120 --Id7wdBo9ALkTdHJE95aS3IFMfkqq8aFIrd3KmQ== Content-Type: text/plain Content-Disposition: inline ------ This is a copy of the original message, including all headers. ------ Return-Path: <******[at]rmxmail.com> X-Authority-Analysis: v=2.0 cv=Dp/UCRD+ c=1 sm=0 a=cYGYzK+LAVxdjIOtyVjxAg==:17 a=KQuzrrapFAIA:10 a=prFSLUeVHZoA:10 a=0WDCIKVhAAAA:8 a=Q_hLOjj4PwCIcsF2ycAA:9 a=CjuIK1q_8ugA:10 a=_iCh-uIyOFYA:10 a=3_vKLM2jDl5xk6q7u80A:9 a=n3BslyFRqc0A:10 a=bhkaYMs-ANYA:10 a=Sf_gFPzhefAA:10 a=fjv4MY9m2sLIHau1:21 a=uZOPtBc_rCyJ7-c7:21 a=cYGYzK+LAVxdjIOtyVjxAg==:117 X-Cloudmark-Score: 0 X-Originating-IP: 71.41.210.130 Received: from [71.41.210.130] ([71.41.210.130:65251] helo=RNPE2A354) by cdptpa-oedge02.mail.rr.com (envelope-from <********[at]rmxmail.com>) (ecelerity 2.2.3.46 r()) with ESMTP id 94/60-13948-92FA2105; Fri, 27 Jul 2012 15:09:30 +0000 EXAMPLE 2 Received: from [75.180.132.120] by rmxmail.com (ArGoSoft Mail Server .NET v.1.0.8.4) with ESMTP (EHLO cdptpa-omtalb.mail.rr.com) for <**********[at]rmxmail.com>; Wed, 25 Jul 2012 14:56:20 -0400 Return-Path: <> Received: from [127.0.0.1] ([local]) by cdptpa-omtalb.mail.rr.com (envelope-from <>) (ecelerity 2.2.3.46 r()) with INTERNAL id AD/28-28917-0B140105; Wed, 25 Jul 2012 18:57:52 +0000 From: Mail Delivery System <> To: *********[at]rmxmail.com Subject: Mail Delivery Failure Message-ID: <AD.28.28917.0B140105[at]cdptpa-omtalb.mail.rr.com> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA==" Date: Wed, 25 Jul 2012 18:57:52 +0000 X-FromIP: 75.180.132.120 --CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA== Content-Type: text/plain This message was created automatically by the mail system (ecelerity). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: >>> *********[at]remax.net (after RCPT TO): 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net --CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA== Content-Type: message/delivery-status Arrival-Date: Wed, 25 Jul 2012 18:57:52 +0000 Reporting-MTA: dns; cdptpa-oedge04.mail.rr.com Action: failed Final-Recipient: rfc822;*********[at]remax.net Status: 5.0.0 Last-Attempt-Date: Wed, 25 Jul 2012 18:57:52 +0000 Remote-MTA: dns; smtp1.mke.securence.com Diagnostic-Code: smtp; 550 Unable to add *********[at]remax.net because host 75.180.132.120 is listed on RBL bl.spamcop.net --CxcVXPc7HQKCFMM/Y/lHHK868Ul3HIaej3LWTA== Content-Type: text/plain Content-Disposition: inline Also, ironically, GMAIL considered my signup email from this spamcop forum to be spam. Link to comment Share on other sites More sharing options...
Derek T Posted July 27, 2012 Share Posted July 27, 2012 I'm having an issue where messages sent from an IP are being blocked by servers that use Spamcop. They reference spamcop in the bounceback message yet when I look up the IP in spamcop it does not show them as listed.. any idea what the issue could be? I have posted two examples. The messages being kicked back are scans from our copier/scanner in our office. There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal. Link to comment Share on other sites More sharing options...
rabeatz Posted July 27, 2012 Author Share Posted July 27, 2012 There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal. Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet? Link to comment Share on other sites More sharing options...
turetzsr Posted July 27, 2012 Share Posted July 27, 2012 Hi, rabeatz, ...If you follow the link that is included in the reject (bounceback) message, http://www.spamcop.net/w3m?action=checkblo...=75.180.132.120, and click on the link labeled "Trace IP," it will tell you to whom reports are sent ("Reporting addresses") and that will give you a clue as to whom to ask for further information. ...Note that 24 hours after the last spam report, IP addresses are delisted in the SpamCop BL. ...Good luck! Link to comment Share on other sites More sharing options...
Derek T Posted July 27, 2012 Share Posted July 27, 2012 Thanks for the reply. Anywhere I'd be able to view those spam reports? We're still getting bounceback messages at the moment referencing spamcop. Perhaps the end recipient's host URBL hasn't updated yet? It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. There's nothing anyone here can do about that. Recipient's server, recipient's rules. Maybe your contact could ask their admin to whitelist you? Regrettably, many servers are configured to cite SpamCop's BL even when it is quite another BL that has the listing. Again their server, their rules and SpamCop can do nothing about it. You might like to put your IP into one of the many 'Composite Blocklist' sites to see if it is still listed elsewhere. You might also ask RR to route your mail through a different (non-listed) server. After all, it's them you have the contract and commercial relationship with. Money talks. Link to comment Share on other sites More sharing options...
lisati Posted July 27, 2012 Share Posted July 27, 2012 It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. One possibility that comes to mind is that the recipient's server has at some point queried the Spamcop list, and cached the result. Link to comment Share on other sites More sharing options...
turetzsr Posted July 27, 2012 Share Posted July 27, 2012 <snip> and cached the result. Hi, lisati, ...Thanks, I was thinking the same. But Derek beat us to it: It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. <snip> <g> Link to comment Share on other sites More sharing options...
rabeatz Posted July 28, 2012 Author Share Posted July 28, 2012 Hi, lisati, ...Thanks, I was thinking the same. But Derek beat us to it: <g> Thanks for the assistance guys. What boggled me is why the scanner was using the roadrunner SMTP when I built an email server for this company. I was afraid my email server was getting blacklisted due to low security settings, etc, but my server is fine. I switched the copier over to using the server I built for them and all is well. I appreciate the support! As far as I'm concerned, moderator can mark this thread closed. Link to comment Share on other sites More sharing options...
turetzsr Posted July 28, 2012 Share Posted July 28, 2012 <snip> As far as I'm concerned, moderator can mark this thread closed. ...Closing keeps others from adding what may be valuable additional posts so I instead went with the "Resolved" tag. Link to comment Share on other sites More sharing options...
rabeatz Posted July 28, 2012 Author Share Posted July 28, 2012 ...Closing keeps others from adding what may be valuable additional posts so I instead went with the "Resolved" tag. Good policy. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.