Jump to content

False Open proxy reports?


nick@wwu

Recommended Posts

Posted

Recently, we've been receiving spamcop reports which seem to falsely identify computers which are infected with some sort of trojan and spamming as running an open proxy server.

eg

[ SpamCop V1.3.4 ]

This message is brief for your comfort.  Please use links below for details.

Email from 66.165.*.* / 24 Apr 2004 11:26:19 -0000

66.165.*.* is an open proxy, see: http://www.spamcop.net/mky-proxies.html

http://www.spamcop.net/w3m?i=yadayadayada

Checking the original spamcop report, the IP is listed at cbl.abuseat.org; however,

the CBL is not a list of open SMTP relays.

I've taken a look at several machines reported as open proxies, and they don't appear to be running any sort of open proxy. How does spamcop determine what an open proxy is? Does it do some sort of active checking, or does it rely on the message headers to figure it out?

Also, the spamcop emails have a link to http://www.spamcop.net/mky-proxies.html. This link does not load properly for me, it immediately redirects to spamlinks.port5.com, then fails to load.

Any information would be appreciated, thanks.

-Nick

Posted

The great job done on munging the data needed to do any look-ups leaves me with little incentive in trying to research your issue .. sorry .. maybe someone else might show up that feels differently.

Posted

The cbl.abuseat.org is not exclusively a list of open proxies, it is a list of computers that have sent unsolited e-mail to a spamtrap address.

See their web site for their explanation.

It will list on receiving a virus or spam. It tries not to list abusive mail servers that bounce viruses, or send abusive virus reports.

To delist from the cbl.abuseat.org, just use the web form. No tests are done.

If what ever caused the system to send the unsolicted e-mail to spamtraps is not fixed, it will get listed again.

The message from Spamcop.net that it is an open proxy because it is in that list is not correct, it is just statistically likely that it is an open proxy or likely to become one.

-John

Personal Opinion Only

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...