isptech Posted February 3, 2004 Share Posted February 3, 2004 216.223.205.171 is a customer of mine that has been listed in bl.spamcop http://www.spamcop.net/w3m?action=checkblo...216.223.205.171 Normally, since we have all of our netblock addresses up to date we get the complaint from spamcop sent to our abuse[at]inch.com address with the offending message and we can explain to the customer why they were blocked and what they need to do to fix it. This time we received no spamcop notice and on the link above I can not find an offending message. Please advise how I can find the offending message or what their Exchange server is doing so I can correct the problem. Gerald Coon System Administrator Internet Channel Link to comment Share on other sites More sharing options...
Chris Parker Posted February 3, 2004 Share Posted February 3, 2004 Normally, since we have all of our netblock addresses up to date we get the complaint from spamcop sent to our abuse[at]inch.com address with the offending message and we can explain to the customer why they were blocked and what they need to do to fix it. This time we received no spamcop notice and on the link above I can not find an offending message. Please advise how I can find the offending message or what their Exchange server is doing so I can correct the problem. Looks like a reasonably serious issue with that IP address. Not good to be sending to spamtraps. Mail sent to spamtraps does not generate a report that is sent. No do "mole" reporters. You can send an email to deputies at spamcop dot net and should be able to get a response within 24 hours, but often failrly quick. You may want to make sure that they have no av software running that sends virus notifications. Many recent listings appear to be from av software sending to spamtraps. Link to comment Share on other sites More sharing options...
jefft Posted February 3, 2004 Share Posted February 3, 2004 216.223.205.171 is a customer of mine that has been listed in bl.spamcop http://www.spamcop.net/w3m?action=checkblo...216.223.205.171 Normally, since we have all of our netblock addresses up to date we get the complaint from spamcop sent to our abuse[at]inch.com address with the offending message and we can explain to the customer why they were blocked and what they need to do to fix it. This time we received no spamcop notice and on the link above I can not find an offending message. Gerald, The spammer on your system hit our spamtraps first, which resulted in the listing. I see that they're also hitting regular users and you have been sent several spam reports in the last couple of hours. Hopefully you guys can get this squared away. JT Link to comment Share on other sites More sharing options...
Ellen Posted February 4, 2004 Share Posted February 4, 2004 216.223.205.171 is a customer of mine that has been listed in bl.spamcop http://www.spamcop.net/w3m?action=checkblo...216.223.205.171 Normally, since we have all of our netblock addresses up to date we get the complaint from spamcop sent to our abuse[at]inch.com address with the offending message and we can explain to the customer why they were blocked and what they need to do to fix it. This time we received no spamcop notice and on the link above I can not find an offending message. Please advise how I can find the offending message or what their Exchange server is doing so I can correct the problem. Gerald Coon System Administrator Internet Channel Looks like the SMTP/AUTH exploit -- see the faq: http://news.spamcop.net/cgi-bin/fom?file=372 Partial headers as this is a public forum: Received: from pcnyem01.petrochem.local (unknown [216.223.205.171]) by <deleted> (Postfix) with ESMTP id C6CF76741F for <x>; Tue, 3 Feb 2004 20:02:18 +0000 (GMT) Received: from exactness ([200.141.92.3]) by pcnyem01.petrochem.local with Microsoft SMTPSVC(5.0.2195.5329); Tue, 3 Feb 2004 15:00:07 -0500 From: "Burgie Chaset" <andrew.brimsonandrew.brimson[at]MSN.COM> Latest spam received a few hours ago Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.