rgjs Posted May 14, 2004 Share Posted May 14, 2004 I've been trying to send an email to my parent's and my daughter's school and I keep getting a message that my ISP has been blocked due to spam. Can you please tell me what to do to correct this? I'm not sending spam and NEED to be able to send emails to these two people. Here's the message that I received. Thank you. ----- Original Message ----- From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]iowatelecom.net> To: <rgjs[at]iowatelecom.net> Sent: Friday, May 14, 2004 1:55 PM Subject: Returned mail: see transcript for details > The original message was received at Fri, 14 May 2004 13:55:37 -0500 > from hrln-00-097.dsl.iowatelecom.net [69.66.107.225] > > ----- The following addresses had permanent fatal errors ----- > <ELyons[at]Tri-Center.k12.ia.us> > (reason: 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11) > > ----- Transcript of session follows ----- > ... while talking to mail.tri-center.k12.ia.us.: > >>> RCPT To:<ELyons[at]Tri-Center.k12.ia.us> > <<< 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11 > 554 5.0.0 Service unavailable ----- Original Message ----- From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]iowatelecom.net> To: <rgjs[at]iowatelecom.net> Sent: Friday, May 14, 2004 9:31 AM Subject: Returned mail: see transcript for details > The original message was received at Fri, 14 May 2004 09:31:55 -0500 > from hrln-00-097.dsl.iowatelecom.net [69.66.107.225] > > ----- The following addresses had permanent fatal errors ----- > <gjernst[at]harlannet.com> > (reason: 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11) > > ----- Transcript of session follows ----- > ... while talking to email.harlannet.com.: > <<< 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11 > 554 5.0.0 Service unavailable > Link to comment Share on other sites More sharing options...
chip482 Posted May 14, 2004 Share Posted May 14, 2004 The business I work for has also been blocked, and like you, I, too, do not know what to do. I have contacted my ISP provider first, but of course, they had to issue a "ticket". Which will mean I will not hear back from them until Monday, in the mean, we cannot email our customers. The lifeline of our business. We are currently running Norton Internet Security which I thought would give us pretty decent protection, but apparently it has not. Prior to Norton, we were running McAfee Virus Scan. I think someone has gotten around one of the firewalls. We have had situations were salespeople have gotten spam to themselves from themselves! Of course they didn;t send it, it was as if someone was using their email address. ANy suggestions would be appreciated, just keep in mind I am "so" not qualified to handle this! Link to comment Share on other sites More sharing options...
rgjs Posted May 14, 2004 Author Share Posted May 14, 2004 This has just started today, so it makes no sense to me. I followed the link on the message notification that I received and it says it belongs to my ISP and not my address. What a pain! Of course, they emailed me that it was my problem to work out. I have forwarded them the email and cc'd their customer support, so hopefully they can get it resolved. Good Luck with your issue. Link to comment Share on other sites More sharing options...
Spambo Posted May 14, 2004 Share Posted May 14, 2004 I've been trying to send an email to my parent's and my daughter's school and I keep getting a message that my ISP has been blocked due to spam.  Can you please tell me what to do to correct this?  I'm not sending spam and NEED to be able to send emails to these two people.  Here's the message that I received.  Thank you. ----- Original Message ----- From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]iowatelecom.net> To: <rgjs[at]iowatelecom.net> Sent: Friday, May 14, 2004 1:55 PM Subject: Returned mail: see transcript for details > The original message was received at Fri, 14 May 2004 13:55:37 -0500 > from hrln-00-097.dsl.iowatelecom.net [69.66.107.225] > >  ----- The following addresses had permanent fatal errors ----- > <ELyons[at]Tri-Center.k12.ia.us> > (reason: 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11) > > [snip] http://www.spamcop.net/w3m?action=checkblock&ip=69.66.0.11 says: 69.66.0.11 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 40 times by about 10 users. It has been sending mail consistently for at least 93.8 days. It has been listed for less than 24 hours. In the past week, this system has: Been witnessed sending mail about 1300 times If no more spam is reported as originating at 69.66.0.11 it should be removed from the SCBL probably within the next 24 hours. Link to comment Share on other sites More sharing options...
Spambo Posted May 14, 2004 Share Posted May 14, 2004 The business I work for has also been blocked, and like you, I, too, do not know what to do. [snip] ANy suggestions would be appreciated, just keep in mind I am "so" not qualified to handle this! Without the IP in question it is difficult to offer any suggestions. Link to comment Share on other sites More sharing options...
Wazoo Posted May 14, 2004 Share Posted May 14, 2004 69.66.0.11 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 40 times by about 10 users. It has been sending mail consistently for at least 93.8 days. It has been listed for less than 24 hours. In the past week, this system has: Been witnessed sending mail about 1300 times This data found at the link offered up in each of your rejection notices says that about 40 people didn't care for something coming from that e-mail server. Reports would have gone to; Parsing input: 69.66.0.11 host 69.66.0.11 = na.iowatelecom.net (cached) Reporting addresses: abuse[at]iowatelecom.net so theoretically, they are aware of the issue. So, guessing that you've not read any of the FAQs .. SpamCop blocks nothing, it's the use of the DNSbl list by the ISPs you're trying to send mail to that have configured their servers to reject mail coming from spam spew sources. So, you can read the Pinned FAQs, contact your friends & family to see if they can convince their ISPs to whitelist your e-mail server, or get another e-mail account elsewhere that's not on a BL. Yahoo, HotMail, etc are the most famous. Worst case, you can hope that iowatelecom has stopped the spam, and you know have less than 24 more hours to wait for this IP to drop off the list .... but there's a number of assumptions in making that decision that may turn out to be wrong. Link to comment Share on other sites More sharing options...
Merlyn Posted May 14, 2004 Share Posted May 14, 2004 I've been trying to send an email to my parent's and my daughter's school and I keep getting a message that my ISP has been blocked due to spam.  Can you please tell me what to do to correct this?  I'm not sending spam and NEED to be able to send emails to these two people.  Here's the message that I received.  Thank you. ----- Original Message ----- From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]iowatelecom.net> To: <rgjs[at]iowatelecom.net> Sent: Friday, May 14, 2004 1:55 PM Subject: Returned mail: see transcript for details > The original message was received at Fri, 14 May 2004 13:55:37 -0500 > from hrln-00-097.dsl.iowatelecom.net [69.66.107.225] > >  ----- The following addresses had permanent fatal errors ----- > <ELyons[at]Tri-Center.k12.ia.us> > (reason: 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11) > >  ----- Transcript of session follows ----- > ... while talking to mail.tri-center.k12.ia.us.: > >>> RCPT To:<ELyons[at]Tri-Center.k12.ia.us> > <<< 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11 > 554 5.0.0 Service unavailable ----- Original Message ----- From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]iowatelecom.net> To: <rgjs[at]iowatelecom.net> Sent: Friday, May 14, 2004 9:31 AM Subject: Returned mail: see transcript for details > The original message was received at Fri, 14 May 2004 09:31:55 -0500 > from hrln-00-097.dsl.iowatelecom.net [69.66.107.225] > >  ----- The following addresses had permanent fatal errors ----- > <gjernst[at]harlannet.com> > (reason: 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11) > >  ----- Transcript of session follows ----- > ... while talking to email.harlannet.com.: > <<< 559 Blocked - see http://www.spamcop.net/bl.shtml?69.66.0.11 > 554 5.0.0 Service unavailable > It looks as if you are sharing an email server with others who have been spamming. You should contact your ISP and have them look into the situation. This IP will be removed automatically 48 hours after the last spam report. Spammers spoil email for everyone. Link to comment Share on other sites More sharing options...
Wazoo Posted May 14, 2004 Share Posted May 14, 2004 The business I work for has also been blocked, and like you, I, too, do not know what to do. As rjgs did, identification of the IP address in question is the only way to start .. do you have a rejection/bounce message that would show the IP in question? I have contacted my ISP provider first, but of course, they had to issue a "ticket". Which will mean I will not hear back from them until Monday, Without knowing the particular situation (and IP) it's hard to judge what's going on, other then to suggest that your ISP should have already received reports .. but again, maybe not ... in the mean, we cannot email our customers. The lifeline of our business. Dangerous ground to be in these days. Back-up systems for everything is a mandatory, especially if your lifeline is concerned. And as far as this point goes, the impact is seen only when you're listed IP/e-mail server sends e-mail out to a customer that is using an ISP that has chosen to use the SpamCopDNSbl, and further chosen to configure that e-mail server to reject e-mail based on the results of a DNSbl look-up. So in reality, there's probably only a percentage of outgoing e-mails being impacted. And unless your ISP is also using the SpamCopDNSbl and rejecting incoming e-mail, you should still be receiving any and all incoming e-mail. We are currently running Norton Internet Security which I thought would give us pretty decent protection, but apparently it has not. Prior to Norton, we were running McAfee Virus Scan. Different tools to do different things. And even then, configuration and usage is involved. On top of that, updates ... Did you catch the headlines yesterday of the massive holes in the 2004 versions of the NIS package? And did you do the updates and patches? I think someone has gotten around one of the firewalls. and no one there to actually take a look and see if this is true? We have had situations were salespeople have gotten spam to themselves from themselves! Of course they didn;t send it, it was as if someone was using their email address. ANy suggestions would be appreciated, just keep in mind I am "so" not qualified to handle this! Yes, these forgeries are all too common these days, but have nothing to do directly with your "listing" in a BL. Link to comment Share on other sites More sharing options...
WB8TYW Posted May 15, 2004 Share Posted May 15, 2004 No spam samples from spamcop.net. spam samples are available at: http://www3.mail-abuse.org/cgi-bin/nph-ops-sview?69.66.0.11 It appears to be a multi-hop exploit with the spam being injected at 69.66.123.255 It appears that the ISP has been previously notified that they have a spam problem on their network from that I.P. address. The MAPS-OPS submission looks like it a preceeded the spamcop.net listing by about 24 hours. Looking up how long it has been known on publicly accessable records on the internet shows: http://dsbl.org/listing?ip=69.66.123.255 2004/Mar/28 16:49:48 UTC Listed in Unconfirmed (view message) 2004/Mar/28 16:49:48 UTC Listed in Singlehop (view message) Spamcop.net also shows spam reports on 69.66.124.213. http://dsbl.org/listing?ip=69.66.124.213 2004/May/13 20:21:36 UTC Listed in Unconfirmed (view message) 2004/May/13 20:21:36 UTC Listed in Singlehop (view message) Presumably who ever did the test on the dsbl.net database received a spam and reported that spam to the desginated abuse address, and that others also reported the spam emitting from those addresses. The original poster should ask their ISP about how a machine that was known to be compromised in march was allowed to still send spam in May, and can point them to the evidence records available on the internet. I did not check to see if anyone reported spam in news.admin.net-abuse.sightings from any of those addresses. Only a deputy can determine if these two compromised machines are what caused the mail server to be listed or not. It is also possible that there is a security problem with the mailserver it self. -John Personal Opinion Only Link to comment Share on other sites More sharing options...
Wazoo Posted May 15, 2004 Share Posted May 15, 2004 Iowatelecom has been contacted ... spent about 45 minutes on the phone with the NOC guy this morning. The 0.11 server is their main e-mail server, so they've had numerous complaints about the SpamCopBL listing. However, it turns out that their research into the issue stumbled over the phrase "experimental" so they were just going with SpamCop was a hosed tool. This guy understands now what's really going on and is passing additional data and SpamCop contact points up to their Tier3 folks. Link to comment Share on other sites More sharing options...
Wazoo Posted May 16, 2004 Share Posted May 16, 2004 And just a bit of further update; 69.66.0.11 not listed in bl.spamcop.net Since SpamCop started counting, this system has been reported about 40 times by about 10 users. It has been sending mail consistently for at least 95.1 days. In the past 42 hours, it has been listed once for a total of 35 hours In the past week, this system has: Been detected sending mail to spam traps Been witnessed sending mail about 1190 times Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.