chrzan Posted July 23, 2004 Share Posted July 23, 2004 We are getting these NDRS I checked my mail server we are not relaying . It has been over 48 hrs and we are still listed . Any help greatly appreciated You do not have permission to send to this recipient. For assistance, contact your system administrator. <somcty26.co.somerset.nj.us #5.7.1 smtp;530 5.7.1 Blocked - see http://www.spamcop.net/bl.shtml?209.92.89.26: ward[at]blank for security > 209.92.89.26 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Listing History In the past 42.6 days, it has been listed 2 times for a total of 3.9 days Link to comment Share on other sites More sharing options...
Wazoo Posted July 23, 2004 Share Posted July 23, 2004 Had you taken a few minutes and read through the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=972 you'd have found that "relaying" is not the only reason for problems. Exchange servers have known exploits, others have found that the problem wasn't at the e-mail server, it was a compromised machine somewhere else on the network that was bypassing the e-mail server by using it's own SMTP engine .... on and on .... and guidance for obtaining additional data about the spamtrap data is found within the Pinned item also ... not going to provide that data here, as it's obvious that you could use some of the knowledge gained from wading through that Pinned item .. good luck .. Link to comment Share on other sites More sharing options...
Derek T Posted July 23, 2004 Share Posted July 23, 2004 It's the spamtrap hits that are causing the listing. As it says, they are addresses that have never sent and should never receive mail. Possible causes: Trojanned mchine on your system spewing spam (Senderbase shows a 160% increase in traffic from that server.) Check your server logs. An SMTP/Auth hack: someone has logged into your system using one of the 'default' accounts that some servers so helpfully (NOT) install as standard. Again check the logs, remove default accounts, enforce strong passwords among your users. An automatic virus 'bounce' to forged From: fields (switch it OFF, they do no good and just increase the spam problem) De-listing will be automatic within 48hrs of the LAST report. No reports are sent to the abuse address from spamtrap hits but a polite email to deputies<at>spamcop<dot>net may help to discern which of these is most likely the problem. Link to comment Share on other sites More sharing options...
Merlyn Posted July 23, 2004 Share Posted July 23, 2004 I see no smtp service on this machine (209.92.89.26) so I would go along with the virus/trojan/hijack on your machine. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.