rols Posted June 15, 2004 Share Posted June 15, 2004 One of our own users sent a bunch of mails to spamcop and got us blocked. The mail arrived at our server and was then forwarded out to the user, who then reported it. Having looked at the original email and the Logic report I don't understand why this resulted in a block for us. Perhaps someone can explain. Here is the url for the particular block. These are the relevant lines from the header Received: from qs384.pair.com (qs384.pair.com [188.8.131.52]) by radonc.ccf.org (SGI-8.12.5/8.12.5) with SMTP id i5ENBbZo989570 for <x>; Mon, 14 Jun 2004 19:11:37 -0400 (EDT) Received: (qmail 42589 invoked by uid 3002); 14 Jun 2004 23:21:14 -0000 Delivered-To: copa-cirruspilots:org-x Received: (qmail 42582 invoked from network); 14 Jun 2004 23:21:13 -0000 Received: from d216-232-37-17.bchsia.telus.net (184.108.40.206) by qs384.pair.com with SMTP; 14 Jun 2004 23:21:13 -0000 X-Message-Info: GJVBK+nj94+yx+YUW+048/4173407544589 Received: (qmail 99606 invoked by uid 37); Mon, 14 Jun 2004 23:24:16 -0100 Date: Mon, 14 Jun 2004 17:17:16 -0700 So the mail was delivered to qs384.pair.com, then sent back out again to the final recipient. The originating address was something in telus.net. I looked at the Logic report and have picked out a few lines from it 220.127.116.11 is an MX for qs384.pair.com 18.104.22.168 is mx Received line accepted Relay trusted (pair.com) .. Possible spammer: 22.214.171.124 Possible relay: 126.96.36.199 188.8.131.52 not listed in relays.ordb.org. 184.108.40.206 has already been sent to relay tester Firstly - is it correct that our server is even identified as a possible relay in this circumstance? It shows the mail as delivered so is there any other possibility than a local .forward (which is what this was)? Secondly, further up, it already says that pair.com is a 'trusted relay'. Thirdly, I didn't think you listed relays anyway. I already talked to the user and asked him NOT to report spam which is forwarded through this account. I still don't understand however why our address was deemed to be the culprit here. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.