nick@wwu Posted April 27, 2004 Posted April 27, 2004 Recently, we've been receiving spamcop reports which seem to falsely identify computers which are infected with some sort of trojan and spamming as running an open proxy server. eg [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 66.165.*.* / 24 Apr 2004 11:26:19 -0000 66.165.*.* is an open proxy, see: http://www.spamcop.net/mky-proxies.html http://www.spamcop.net/w3m?i=yadayadayada Checking the original spamcop report, the IP is listed at cbl.abuseat.org; however, the CBL is not a list of open SMTP relays. I've taken a look at several machines reported as open proxies, and they don't appear to be running any sort of open proxy. How does spamcop determine what an open proxy is? Does it do some sort of active checking, or does it rely on the message headers to figure it out? Also, the spamcop emails have a link to http://www.spamcop.net/mky-proxies.html. This link does not load properly for me, it immediately redirects to spamlinks.port5.com, then fails to load. Any information would be appreciated, thanks. -Nick
Wazoo Posted April 27, 2004 Posted April 27, 2004 The great job done on munging the data needed to do any look-ups leaves me with little incentive in trying to research your issue .. sorry .. maybe someone else might show up that feels differently.
WB8TYW Posted April 28, 2004 Posted April 28, 2004 The cbl.abuseat.org is not exclusively a list of open proxies, it is a list of computers that have sent unsolited e-mail to a spamtrap address. See their web site for their explanation. It will list on receiving a virus or spam. It tries not to list abusive mail servers that bounce viruses, or send abusive virus reports. To delist from the cbl.abuseat.org, just use the web form. No tests are done. If what ever caused the system to send the unsolicted e-mail to spamtraps is not fixed, it will get listed again. The message from Spamcop.net that it is an open proxy because it is in that list is not correct, it is just statistically likely that it is an open proxy or likely to become one. -John Personal Opinion Only
Recommended Posts
Archived
This topic is now archived and is closed to further replies.