Brim Posted May 21, 2004 Share Posted May 21, 2004 213.248.1.62 listed in bl.spamcop.net (127.0.0.2). I see this page - http://www.spamcop.net/w3m?action=blcheck&ip=213.248.1.62 : In the past week, this system has: Been reported as a source of spam less than 10 times Been detected sending mail to spam traps Been witnessed sending mail about 360 times So, it's clear to me that someone sent spam mail through 213.248.1.62 and that spam got to spam traps, but I didn't get any complaints on it to abuse[at]di-net.ru... It's also impossible to understand anything from sample mails: Received: Subject: [none] From: [ non-parseable address suppressed ] So, may you explain please what is going on? Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 21, 2004 Share Posted May 21, 2004 If only spam traps are involved, you will not get a report since spam traps are email addresses that would never get email under ordinary circumstances. There are no 'examples' either because spammers used both reports and examples to dodge getting listed on the blocklist. (I know this is a real PITA to whitehat ISP's who want to correct problems quickly, but no one has come up with a solution that keeps the spammers in the dark while notifying whitehats) The first suspect is a compromised machine on your network - SMTP/Auth exploit is the most common culprit. I am not an admin, but I understand that if the machine is compromised the email is going out thru other ports than port 25 so you need to look at your firewall logs. The other common reason is that you are sending automatic virus notifications or sending bounces after accepting the email to the forged return path. You will need to write to the deputies (deputies at spamcop.net) since no one else can see what is happening and can only guess. Miss Betsy Link to comment Share on other sites More sharing options...
Merlyn Posted May 21, 2004 Share Posted May 21, 2004 You are also listed in SPEWS see: http://spews.org/html/S834.html Link to comment Share on other sites More sharing options...
Brim Posted May 21, 2004 Author Share Posted May 21, 2004 You are also listed in SPEWS So we are blocked at SpamCop because of it? When we were blocked at spews there was no mail server on 213.248.1.62. And we are still here just because it's impossible to talk to them... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 21, 2004 Share Posted May 21, 2004 So we are blocked at SpamCop because of it (SPEWS)? No, I believe Merlyn was just pointing out that you may have worse problems than being on the spamcop bl, which automatically delists after a period of time with no reports. Also, being listed on other bl's, which are slower by their design to add addresses than spamcop is can be a sign that the spamcop bl is not a "mistake". That you know you are listed there is information we did not have originally. Link to comment Share on other sites More sharing options...
Brim Posted May 21, 2004 Author Share Posted May 21, 2004 Yep, I know that we are listed at SPEWS, but I'm sure that it's not connected with listing at SpamCop. Link to comment Share on other sites More sharing options...
sommerfeld Posted May 21, 2004 Share Posted May 21, 2004 The spews listing appears to be the result of SPEWS believing that you are providing network connectivity to a spamware vendor, massmail.ru. Link to comment Share on other sites More sharing options...
Wazoo Posted May 21, 2004 Share Posted May 21, 2004 There is no connection between SPEWS and SpamCop. As far as contacting SPEWS, you'd have to read and follow the contents of Q41 at http://www.spews.org/faq.html .. but noting that only the stopping of the spam spew carries any weight there. That there was no e-mail server at any single IP at some time in the past doesn't mean much. The SPEWS evidence file shows spammage for a long time, and it was the result of the no action taken policy that got the IP range expanded .. again, see the SPEWS FAQ on how that list works. Link to comment Share on other sites More sharing options...
Brim Posted May 21, 2004 Author Share Posted May 21, 2004 There is no connection between SPEWS and SpamCop. Great! Than let's stop talking about SPEWS. I know how it works, I know why our ip range is listed there and I know what to do to get out of there. Now I want to know why we are blocked at SpamCop and what I should do to be delisted. Ok? Link to comment Share on other sites More sharing options...
Wazoo Posted May 21, 2004 Share Posted May 21, 2004 based on the evidence file contents "Been detected sending mail to spam traps" ... Miss Betsy offered you your answer in the first response to your posting. Link to comment Share on other sites More sharing options...
Ellen Posted May 22, 2004 Share Posted May 22, 2004 213.248.1.62 listed in bl.spamcop.net (127.0.0.2). I see this page - http://www.spamcop.net/w3m?action=blcheck&ip=213.248.1.62 : In the past week, this system has: Been reported as a source of spam less than 10 times Been detected sending mail to spam traps Been witnessed sending mail about 360 times So, it's clear to me that someone sent spam mail through 213.248.1.62 and that spam got to spam traps, but I didn't get any complaints on it to abuse[at]di-net.ru... It's also impossible to understand anything from sample mails: Received: Subject: [none] From: [ non-parseable address suppressed ] So, may you explain please what is going on? Either you or someone else from di-net.ru wrote to deputies ans I believe we straightened this out? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.