janjan Posted April 27, 2004 Share Posted April 27, 2004 My company email server had been passed the ORDB test since last week but found our IP is still listed on SpamCop .... Could anyone can check it for us? Our mail server IP : 202.77.231.231 Thanks. Jan Leung Link to comment Share on other sites More sharing options...
dra007 Posted April 27, 2004 Share Posted April 27, 2004 202.77.231.231 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 10 times by less than 10 users. It has been sending mail consistently for at least 24.5 days. In the past 10.6 days, it has been listed 2 times for a total of 7.8 days In the past week, this system has: Been detected sending mail to spam traps Been witnessed sending mail about 190 times unfortunately the spam was sent to spamtraps! Link to comment Share on other sites More sharing options...
janjan Posted April 27, 2004 Author Share Posted April 27, 2004 Any time / sample that SpamCop detected regarding to such spamtraps? Thanks. Link to comment Share on other sites More sharing options...
turetzsr Posted April 27, 2004 Share Posted April 27, 2004 Hi, Jan, Any time / sample that SpamCop detected regarding to such spamtraps? Thanks. ...Sorry, we here don't have the information available to help you with that. Please send a request via e-mail to "deputies <at> spamcop.net" with the IP address being blocked and any reject messages. ...Good luck! Link to comment Share on other sites More sharing options...
janjan Posted April 28, 2004 Author Share Posted April 28, 2004 Sent. Hope I will get fast respond with that. Thanks. Link to comment Share on other sites More sharing options...
WB8TYW Posted April 28, 2004 Share Posted April 28, 2004 My company email server had been passed the ORDB test since last week but found our IP is still listed on {insert specific DNSbl here} .... If that question is not covered in one of the existing pinned topics, it should be. Apparently the ORDB tests are not complete. Passing an open relay test does not mean that your system is secure, or properly configured. People show up on the various forums about DNSbls all the time saying that, and then it turns out that they actually had a serious security problem on their server. The dsbl.org has a forum for asking questions about their DNSbl, and they can do a more comprehensive test on your server for vulnerabilities, and possibly give you pointers on how to fix them. The first thing that shows up for your I.P. address is that you do not have an rDNS configured. While that will not affect your spamcop.net listing, it will cause many mail servers to either refuse your mail, or to silently delete it unread. Put that on your list of things to get fixed as all servers visible on the Internet are supposed to have a valid rDNS. First check: http://www.moensted.dk/spam/?addr=+202.77....1&Submit=Submit Shows no major DNSbls beside Spamcop.net currently listing your I.P. address. The fastest look up from there is the MAPS-OPS list to see if it has any spam samples. It does, but they are not current. Apparently that I.P. addres was an open relay in November of 2003. A google groups search of ".sightings spam 202.77.231.231 2004" does not show anything, so your back to the case of needing a response from a deputy. Typically what shows up is either a weak password on a mail server that is allowing a spammer access, or something on a mail server that is generating a new mail message in response to anything that it receives. If you have a virus scanner on the mail server, make sure that it is neversending out virus reports to people outside of your network. Those notifications are not going to anyone that had anything to do with sending the virus. It is against the rules for spamcop.net members to report abusive bounces and misconfigured virus scanners. The rules for spamtraps may be different. -John Personal Opinion Only Link to comment Share on other sites More sharing options...
janjan Posted April 28, 2004 Author Share Posted April 28, 2004 Finally de-listed .... btw, thanks for your detailed explanation and I have much more understanding with SpamCop now. Is there any way to use SpamCop with Exchange? I found a link in SpamCop but it is blank..... Thanks. Link to comment Share on other sites More sharing options...
Derek T Posted April 28, 2004 Share Posted April 28, 2004 Is there any way to use SpamCop with Exchange? Exchange eh? that explains a lot! Best thing to do with exchange IMNSHO is to put a linux distro disc in the CD-ROM and select the 'delete all windows partitions' option during install Link to comment Share on other sites More sharing options...
janjan Posted April 28, 2004 Author Share Posted April 28, 2004 i will love to do that if the company is mine ....... XD Link to comment Share on other sites More sharing options...
Ellen Posted April 28, 2004 Share Posted April 28, 2004 My company email server had been passed the ORDB test since last week but found our IP is still listed on SpamCop .... Could anyone can check it for us? Our mail server IP : 202.77.231.231 Thanks. Jan Leung Your exchange server is relaying spam for spammers. It appears that your exchange server is being used by spammers exploiting the SMTP/AUTH hack. Please see this faq for information about the exploit and how to fix the problem: http://news.spamcop.net/cgi-bin/fom?file=372 This exploit allows spammers to relay thru your exchange server. This relaying does *not* show up using standard open relay tests as the spammer has gained "legal" access to your server by hacking an account/password combination. You can write to me at the address in my sig and I can give you slightly more information. Link to comment Share on other sites More sharing options...
janjan Posted April 29, 2004 Author Share Posted April 29, 2004 Thanks for your information. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.