Jump to content

pop.freeparking.co.uk (207.35.205.45) blocked?


mikemars

Recommended Posts

Hi, much of my mail is routed through FreeParking.co.uk, but I noticed that some of it was being blocked ... (by pure co-incidence when I was re-training my mailhosts entries - the blocked mails were the spamcop robot ones!).

I had a look at the header, and I think 207.35.205.45 is the problem.

Could it be possible that someone has accidently reported this address due to not having a fully trained mailhost setting? (I just hope that 'someone' isn't me!).

-Yours, Mike

Parsing input: 207.35.205.45

host 207.35.205.45 = pop.freeparking.co.uk (cached)

[report history]

Routing details for 207.35.205.45

[refresh/show] Cached whois for 207.35.205.45 : noc[at]in.bell.ca

Using abuse net on noc[at]in.bell.ca

abuse net in.bell.ca = abuse[at]bellnexia.net, abuse[at]sympatico.ca

Using best contacts abuse[at]bellnexia.net abuse[at]sympatico.ca

Statistics:

207.35.205.45 listed in bl.spamcop.net (127.0.0.2)

More Information..

207.35.205.45 not listed in dnsbl.njabl.org

207.35.205.45 not listed in dnsbl.njabl.org

207.35.205.45 not listed in cbl.abuseat.org

207.35.205.45 not listed in dnsbl.sorbs.net

207.35.205.45 not listed in relays.ordb.org.

Reporting addresses:

abuse[at]bellnexia.net

abuse[at]sympatico.ca

--- Munged mail header ---

Return-Path: <service[at]admin.spamcop.net>

Delivered-To: spamcop-net-xxxxxxxxxx[at]spamcop.net

Received: (qmail 20753 invoked from network); 11 Jun 2004 22:45:40 -0000

Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)

by blade6.cesmail.net with SMTP; 11 Jun 2004 22:45:40 -0000

Received: from mailgate.cesmail.net (216.154.195.36)

by c60.cesmail.net with SMTP; 11 Jun 2004 18:45:37 -0400

X-Ironport-AV: i="xxxxxxxxxxxx";

d="scan'208"; a="xxxxxxxxxxxxxxxxxx"

Received: (qmail 22677 invoked from network); 11 Jun 2004 22:45:36 -0000

Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)

by mailgate.cesmail.net with SMTP; 11 Jun 2004 22:45:36 -0000

Received: from pop3.mail.demon.net [194.217.242.253]

by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)

for xxxxxxxx[at]spamcop.net (single-drop); Fri, 11 Jun 2004 18:45:36 -0400 (EDT)

Received: from punt-3.mail.demon.net by mailstore

for xxxxxxxxxxx[at]xxxxx.demon.co.uk id 1BYubE-0007ZD-Rd;

Fri, 11 Jun 2004 22:34:12 +0000

Received: from [194.217.242.210] (helo=lon1-hub.mail.demon.net)

by punt-3.mail.demon.net with esmtp id 1BYubE-0007ZD-Rd

for xxxxxxxx[at]xxxxx.demon.co.uk; Fri, 11 Jun 2004 22:34:12 +0000

Received: from [207.61.90.203] (helo=MailRunner.FreeParking.Com)

by lon1-hub.mail.demon.net with esmtp id 1BYubE-0001Gt-7a

for xxxxxxxxx[at]xxxxx.demon.co.uk; Fri, 11 Jun 2004 22:34:12 +0000

Received: from [207.35.205.45] (helo=freeparking.com)

by MailRunner.FreeParking.Com with esmtp (Exim 4.24 #1 (Debian))

id 1BYul7-00019j-2Z

for <xxxxxxxxxxxx[at]xxxxx.demon.co.uk>; Fri, 11 Jun 2004 18:44:25 -0400

Received: with MailEnable Postoffice Connector; Fri, 11 Jun 2004 18:34:26 -0400

Received: from spamcop.net ([206.14.107.102]) by freeparking.com with MailEnable ESMTP; Fri, 11 Jun 2004 18:34:23 -0400

X-SpamCop-Conf: xxxxxxxxxxxxxxx

X-SpamCop-Test1: 1 2 3 4 5 6 7 8 9 0 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Received: from [80.176.xxx.xxx (my static IP)] by spamcop.net

with HTTP; Fri, 11 Jun 2004 22:33:29 GMT

From: SpamCop robot <mhconf.xxxxxxxxxxxxxxx[at]cmds.spamcop.net>

To: xxxxx[at]xxxxxxxxx.co.uk

Subject: SpamCop account configuration email

Precedence: list

Message-ID: <xxxxxxxxxxxxxxxx[at]msgid.spamcop.net>

Date: Fri, 11 Jun 2004 22:33:29 GMT

X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; .NET CLR 1.1.4322)

via http://www.spamcop.net/ v1.331

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: ***

X-spam-Status: hits=3.0 tests=FORGED_MUA_MOZILLA,FROM_HAS_MIXED_NUMS

version=2.63

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 194.217.242.253 194.217.242.210 207.61.90.203 207.35.205.45

X-SpamCop-Disposition: Blocked bl.spamcop.net

Link to comment
Share on other sites

Unfortunately, the "evidence"pages are next to useless these days, but currently http://www.spamcop.net/w3m?action=checkblo...p=207.35.205.45 says that it is listed at present, as it was when the spam was parsed. If we go that Robert Slade checked and it wasn't listed ... then this IP is still being reported by someone, getting it listed once again after timing out to a de-listing.

Link to comment
Share on other sites

I thought that it took two reporters to get a listing? or one spamtrap report.

Or since mailhosts, has that stopped?

No, that hasn't changed. But if you look at the evidence page, the critical line would be;

Listing History

In the past 179.7 days, it has been listed 8 times for a total of 9.3 days

So that the baseline requirement of reports from different sources appears to have been met in the past .. noting that the first line of "less than 10 reporters" is time-constrained to "the last week" .... Spamtrap data is not identified as an issue, so all that's left now for "listing" is meeting the 2% treshold of spam reports vice "traffic seen" ...

Link to comment
Share on other sites

So that the baseline requirement of reports from different sources appears to have been met in the past .. noting that the first line of "less than 10 reporters" is time-constrained to "the last week" .... Spamtrap data is not identified as an issue, so all that's left now for "listing" is meeting the 2% treshold of spam reports vice "traffic seen" ...

The reason I asked the question is that you said 'someone' has reported it.

What I understand you are saying in reply to my question is that once there are two (or more) reports from different sources, the listing can continue (or be relisted) on one report.

I can understand that the listing would continue on one report, but if it is delisted, wouldn't the algorithym start again counting sources?

Miss Betsy

Link to comment
Share on other sites

good question, I might be wrong, but I believe that the multiple reports is only needed to get listed the first time ... once that IP has been recognized, I believe it's the 2% threshold that drives it from then on. I wll note, I don't think this question has ever been asked before <g> ... and I'd suspect that if I'm wrong, the only was to come up with the real answer is to hit Julian up for the actual code he's got in place for this ....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...