Deaton Posted June 2, 2004 Share Posted June 2, 2004 To Whom it May Concern, Please remove our global IP address (63.162.227.68) from your blacklist. I believe you have blacklisted this address in error. We are NOT spammers. We do not use this address for email at all and have tested all of our public addresses for open relay sources. There are none. I've also checked the network for any viruses that may be using an SMTP engine and there are none. This address has no Pointer record because it is not used for email. I use 63.162.227.66 for email and, if you check, you will see that it does have a pointer record. I thank you for the valuable service you provide (we use your blacklist ourselves) but I feel that this listing was made in error. Regards, David Eaton Link to comment Share on other sites More sharing options...
Bumpkin Posted June 2, 2004 Share Posted June 2, 2004 63.162.227.68 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) DNS error: 63.162.227.68 has no reverse dns Listing History It has been listed for 26 hours Link to comment Share on other sites More sharing options...
Merlyn Posted June 2, 2004 Share Posted June 2, 2004 Doesn't look like an error. No one called you a spammer, you are listed for sending mail to spamtraps. These spamtraps have not requested anything from your server. Either your machine is compromised or you are rejecting mail to the from address which you should not be doing. Are you sending virus notifications to the from address? Link to comment Share on other sites More sharing options...
Deaton Posted June 2, 2004 Author Share Posted June 2, 2004 Thanks. I've seen this information already. That's why I feel spamcop listed me in error. I couldn't have sent mail from 63.162.227.68 as this address doesn't even accept connections on port 25. I have no plans to add pointer records to this address. It's just a global address. Link to comment Share on other sites More sharing options...
Deaton Posted June 2, 2004 Author Share Posted June 2, 2004 Merlyn, Thank you for the info. I don't send rejection messages or virus notifications. I'll check again for a compromised computer. Thanks! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 2, 2004 Share Posted June 2, 2004 Also, if you contact deputies<at>spamcop.net, they may be able to tell you more about what is hitting the spamtraps, but if that IP is not a server, it would lead to either a virus or a security breach. Do you have firewall logs to see if any SMTP traffic left that machine? Link to comment Share on other sites More sharing options...
Chris Parker Posted June 2, 2004 Share Posted June 2, 2004 I couldn't have sent mail from 63.162.227.68 as this address doesn't even accept connections on port 25. I have no plans to add pointer records to this address. It's just a global address. Do you mean that it's the IP address for a bunch of computers behind a firewall? If so it sounds like you've got a compromised box on your network somewhere. Link to comment Share on other sites More sharing options...
Deaton Posted June 2, 2004 Author Share Posted June 2, 2004 Thanks Steven, That IP is not a server, it's just a firewall address for a private network. I will start checking my firewall logs now and send an email to deputies for more information. Chris, it does sound like a compromised box. Thanks. Can anyone recommend good network monitor software that can scan for smtp traffic? Thanks all! Link to comment Share on other sites More sharing options...
Chris Parker Posted June 2, 2004 Share Posted June 2, 2004 Can anyone recommend good network monitor software that can scan for smtp traffic? On your firewall you might want to block outbound traffic on port 25 from all machines except your mail server. You'll want to run windows updates on all your machines as well as the latest virus software. If you find a machine that cannot download the most recent definitions then you've likely found the compromised box. I believe there is a demo packet sniffer from sustworks that will run on a Windows box. Also a nice demo package is available from solarwinds. Link to comment Share on other sites More sharing options...
Ellen Posted June 3, 2004 Share Posted June 3, 2004 To Whom it May Concern, Please remove our global IP address (63.162.227.68) from your blacklist. I believe you have blacklisted this address in error. We are NOT spammers. We do not use this address for email at all and have tested all of our public addresses for open relay sources. There are none. I've also checked the network for any viruses that may be using an SMTP engine and there are none. This address has no Pointer record because it is not used for email. I use 63.162.227.66 for email and, if you check, you will see that it does have a pointer record. I thank you for the valuable service you provide (we use your blacklist ourselves) but I feel that this listing was made in error. Regards, David Eaton Delisted -- you can write to me at the address below for more details if you wish ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.