jonathanz Posted February 6, 2004 Share Posted February 6, 2004 Sorry if this is simplistic question, but I'm a little confused... The IP that is listed when I get a 'blocked by Spamcop' message (see below): Is that the IP of the ISP blocking my emails or the IP of the ISP that is being blocked due to a Spamcop listing? When I used the Spamcop web based investigative methods, the owner of the IP that was listed was my internet provider. When I called them, they denied any knowledge of why I would be calling. They said only that they subscribed to Spamcop. If I understand the FAQ correctly, that IP is the one that is being blocked. So is my ISP being disingenuous or have I misunderstood the FAQ? Thanks very much Jonathan "5.3.0 spam blocked see: http://spamcop.net/bl.shtml?67.154.202.50" Link to comment Share on other sites More sharing options...
Chris Parker Posted February 6, 2004 Share Posted February 6, 2004 The IP that is listed when I get a 'blocked by Spamcop' message (see below): Is that the IP of the ISP blocking my emails or the IP of the ISP that is being blocked due to a Spamcop listing? When I used the Spamcop web based investigative methods, the owner of the IP that was listed was my internet provider. When I called them, they denied any knowledge of why I would be calling. They said only that they subscribed to Spamcop. If I understand the FAQ correctly, that IP is the one that is being blocked. So is my ISP being disingenuous or have I misunderstood the FAQ? "5.3.0 spam blocked see: http://spamcop.net/bl.shtml?67.154.202.50" If bounce message is properly configured the IP address listed will be the IP address of the machine that was blocked. In the case of someone sending mail through their ISP's mail server and getting a bounce, it would indicated that the ISP's mail server is blocked. 67.154.202.50 is ip67-154-202-50.z202-154-67.customer.algx.net I think this is an example of some poor configuration... There is a mail server that responds at that IP address as "thinkfilm-sbs.thinkfilm.local" Sounds like the person you talked to was clueless or did not understand you. Link to comment Share on other sites More sharing options...
Jeff G. Posted February 6, 2004 Share Posted February 6, 2004 In addition to the other reply, SpamCop Reports for 67.154.202.50 go to abuse[at]algx.net. It looks like the listing is due to mole reports. Link to comment Share on other sites More sharing options...
jonathanz Posted February 6, 2004 Author Share Posted February 6, 2004 Thanks for the replies and additional info. I just got off the phone with my ISP again and the guy said that he saw that I was blocked and that the IP listed was for my router/firewall on my office network, but he couldn't find any specific complaints about that IP. Jeff, is it possible for you (or someone at SpamCop) to send me a copy (or post a link) of a complaint, so that I can further investigate why I am listed? Also, what is a 'mole report"? Finally, I have confirmed that there is not an open relay. I'm not 100% clear on what that means, but I was told that it is often a problem. Either way, I don't have one. Thanks very much, Jonathan Link to comment Share on other sites More sharing options...
Jeff G. Posted February 6, 2004 Share Posted February 6, 2004 When there is no evidence listed and also no indication of sending mail to spamtraps, the only conclusion is that all of the reports are mole reports. The best thing for you to do in this case is to contact a Blocklist Administrator at "bl at admin.spamcop.net". Please see What is "mole" reporting? and Register as a "mole"? What's this? for details. Link to comment Share on other sites More sharing options...
jefft Posted February 6, 2004 Share Posted February 6, 2004 Thanks for the replies and additional info. I just got off the phone with my ISP again and the guy said that he saw that I was blocked and that the IP listed was for my router/firewall on my office network, but he couldn't find any specific complaints about that IP. Jeff, is it possible for you (or someone at SpamCop) to send me a copy (or post a link) of a complaint, so that I can further investigate why I am listed? Also, what is a 'mole report"? Finally, I have confirmed that there is not an open relay. I'm not 100% clear on what that means, but I was told that it is often a problem. Either way, I don't have one. Thanks very much, Jonathan Jonathan, You're listed because spammers are connecting to your computer and sending spam. It appears it's going through your Exchange server. There's definitely spam being relayed through your machine there. Take a look at this FAQ: http://www.spamcop.net/fom-serve/cache/372.html It might be exactly what you need. If you have the tools, you might want to do some packet tracing of your IP and see the spam coming in and back out. JT Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 7, 2004 Share Posted February 7, 2004 I can not post to the new web forum during the day easily, but there is a person looking for assistance on their I.P. address 67.154.202.50 Title is deceptive: "Spamcop FAQ help". Looks like it may be the SMTP Auth or other Exchange hack. The poster want's some spam samples, and here they are: http://www3.mail-abuse.org/cgi-bin/nph-ops...w?67.154.202.50 -John posted by Miss Betsy for John Link to comment Share on other sites More sharing options...
jonathanz Posted February 7, 2004 Author Share Posted February 7, 2004 To all: thanks very much for the responses and info. This has been very informative. And very frustrating to see that my server has been compromised. I think that we have shut the open doors. Thanks again jonathan Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.