cummings Posted October 18, 2004 Share Posted October 18, 2004 somebody emailed us and got their emails kicked back to them stating ......... (reason: 521 Mail rejected - you are listed in Spamcop (spam) [FREE] - http://spamcop.net/bl.shtml) the rejected IP is [155.212.64.2] when i search spamcop, i get this message......... 155.212.64.2 not listed in bl.spamcop.net i don't want to have to shut off spamcop at our mail server, can anyone explain why this is happening? thank you mark IT Cummings Printing Link to comment Share on other sites More sharing options...
Merlyn Posted October 18, 2004 Share Posted October 18, 2004 The IP (155.212.64.2) is not listed. Either you did not get the complete error message that included the correct IP or the server receiving/blocking the email is improperly set up or maybe it was listed and it is no longer listed. You have not given enough evidence to see what was happening. Post the entire block message. Link to comment Share on other sites More sharing options...
Wazoo Posted October 18, 2004 Share Posted October 18, 2004 I'll agree with Merlyn. Nothing on the SpamCopBL (though noting that it hasn't been real-time in ages) ... However, the next level of checks results in absolutely zero data at http://www.senderbase.org/?searchBy=ipaddr...ng=155.212.64.2 .... (This is a first for me) A lookup comes back with; 10/18/04 15:21:16 IP block 155.212.64.2 Trying 155.212.64.2 at ARIN Trying 155.212.64 at ARIN OrgName: Conversent Communications OrgID: CONVER-100 NetType: Direct Allocation OK, then going back and re-reading .. your system allegedly did the blocking based on somebody emailed us and got their emails kicked back to them stating ......... So first of all, you should fix the error message to include the IP in question so the user can link directly to the "evidence" page. (this is also making the assumption that you've set up the DNSBL sequence correctly in whatever OS/Application you're running) If this IP was once listed and now not, there was an issue discovered that some ISPs mirroring the database were not keeping in sync, but that issue hasn't been raised in quite a while. How sure are you that the IP offered is correct? A typo might have all of us trying to research the wrong target here. As SenderBase has no knowledge of this IP/system as an e-mail server, there may be a suspicion that this belongs to some end-user with a compromised machine (the hitting spamtrap scenario) .... Are you sure of your BL checking sequence? Another flag setting for some other reason, but using the SpamCopDNSBL error as the message line? Link to comment Share on other sites More sharing options...
cummings Posted October 19, 2004 Author Share Posted October 19, 2004 let me start by posting the whole message. (see below in green) as for wazoo's suggestions, i don't know how to implement them. for example, i don't know how to change the spam filter rejection message on my mail server. and as for my bl checking sequence, i don't know how to see/edit that. not that i expect people here to explain it all to me, but i honestly didn't know i had control over those things. i run an email server software named '602 lan suite' which has a web interface configuration page that lists free spam filters (such as spamcop) and i simply check them off. i looked and can't find any further configuration options beyond checking and unchecking which spam filters you'd like to activate. /padawan suggestions and instructions appreciated -m From: "Mail Delivery Subsystem" <MAILER-DAEMON[at]mr03.conversent.net> To: <mjsweeney[at]maildatainc.com> Subject: Returned mail: see transcript for details Date: Mon, 18 Oct 2004 07:59:40 -0400 Message-ID: <200410181159.i9IBxeIN095910[at]mr03.conversent.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0046_01C4B522.67404FC0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-spam-Score: 0.421 X-spam-Level: X-spam-Tests: SARE_BOUNDARY_09 Importance: Normal This is a multi-part message in MIME format. ------=_NextPart_000_0046_01C4B522.67404FC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit The original message was received at Mon, 18 Oct 2004 07:59:35 -0400 (EDT) from host2.155.212.64.conversent.net [155.212.64.2] ----- The following addresses had permanent fatal errors ----- <kenw[at]cummingsprinting.com> (reason: 521 Mail rejected - you are listed in Spamcop (spam) [FREE] - http://spamcop.net/bl.shtml) ----- Transcript of session follows ----- ... while talking to mail.cummingsprinting.com.: >>> RCPT To:<kenw[at]cummingsprinting.com> <<< 521 Mail rejected - you are listed in Spamcop (spam) [FREE] - http://spamcop.net/bl.shtml 554 5.0.0 Service unavailable ------=_NextPart_000_0046_01C4B522.67404FC0 Content-Type: message/delivery-status; name="ATT00004.dat" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ATT00004.dat" Reporting-MTA: dns; mr03.conversent.net Received-From-MTA: DNS; host2.155.212.64.conversent.net Arrival-Date: Mon, 18 Oct 2004 07:59:35 -0400 (EDT) Final-Recipient: RFC822; kenw[at]cummingsprinting.com Action: failed Status: 5.0.0 Remote-MTA: DNS; mail.cummingsprinting.com Diagnostic-Code: SMTP; 521 Mail rejected - you are listed in Spamcop (spam) [FREE] - http://spamcop.net/bl.shtml Last-Attempt-Date: Mon, 18 Oct 2004 07:59:40 -0400 (EDT) ------=_NextPart_000_0046_01C4B522.67404FC0 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment From: "Michael Sweeney" <mjsweeney[at]maildatainc.com> To: "Kenneth J Warnock" <kenw[at]cummingsprinting.com> Subject: FW: MAILINGS 10/15/2004 Date: Mon, 18 Oct 2004 08:34:03 -0400 Message-ID: <NDBBLEIGOLPPEIOFOHLLOEICCOAA.mjsweeney[at]maildatainc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Link to comment Share on other sites More sharing options...
Merlyn Posted October 19, 2004 Share Posted October 19, 2004 I believe it is/was your server having the problem. A 521 error refers to the "Machine does not accept mail". Your server is not explaining it good enough. The machine issued a 521 error and the problem with a 521 error is it does not stop/close the SMTP transaction and it keeps going so it finished it's testing and spewed out the Spamcop error by mistake. Just a thought. Link to comment Share on other sites More sharing options...
louisd Posted October 19, 2004 Share Posted October 19, 2004 Strange... From what I can find the MX records for conversant.net shows two mail servers: spool.conversant.net at 155.212.2.24 and filter.conversant.net at 155.212.2.33 and 155.212.2.34 These do show up in SenderBase 155.212.2.33 shows a 475% increase in mail in the last 24 hours 155.212.2.34 shows a 113% increase .24 shows a -100% None show up in the spamcop list or any other list for that matter. My uneducated guess would be that the mail program is returning an incorrect error message. Link to comment Share on other sites More sharing options...
Merlyn Posted October 19, 2004 Share Posted October 19, 2004 Yes but if you follow the flow. The 521 error was issued first and it blamed Spamcop but a 521 error is issued in the SMTP transaction stream before the host checks any blocklists. Most likely an error in how your mail host handles a 521. I am sure others will check it out also <g> Link to comment Share on other sites More sharing options...
Wazoo Posted October 19, 2004 Share Posted October 19, 2004 602 LanSuite - are you using the free 5-user version or are you able to hit them for support because you bought a bigger package? (if this is for the corporate staff/e-mail, I see that you must be out of the "free" status <g>) Have you hit their support forums at all yet? Is this server stand-alone or is it using your ISP for data transfer? It's been a while, but I think you are correct in that all you can do is check/uncheck the various BLs offered .. am thinking that you were limited to what they had programmed in, but again, it's been a while. While doing some other research, out of curiosity, are your web pages also being hosted on this same 602 package? (looking at the strange place a trace-route died) Link to comment Share on other sites More sharing options...
cummings Posted October 19, 2004 Author Share Posted October 19, 2004 i'm not using the free version. i haven't hit their support forums yet. if that's where i should be, i'll try there too. i came here first because the reject said "you are in spamcop's bl" and then i checked and they weren't. when merlyn talks about 521's and SPTP (i need SPTP for my bunghole! are you threatening me?..... sorry), that's where i get lost. dont get me wrong, i'm glad the discussion is happening, even if it's over my head. i'm getting the idea that the consensus is that i need to dig into 602 and get them looking at the problem, so i'm having the person who installed 602 come look at these posts in this thread and let me know what he thinks about it all. i'm sure he understands these posts and can help me understand them too. he also has an "in" with 602 and can rattle some cages if their software is handling things incorrectly. thank you everyone for the help so far. if anyone has anything else to pitch in, please let me know. i'll pull out my webopedia.com and try to follow along best i can. /newb Link to comment Share on other sites More sharing options...
Wazoo Posted October 19, 2004 Share Posted October 19, 2004 Strange .. your sample shows an e-mail coming from a Domain of maildatainc.com, which offer contact points at erols/RCN ... (once?) home of the legendary AfterBurner and his Dominion of anti-spam zealots with big mallets ... still trying to work on the conversent.net tie-in (the IP address of the e-mail sample source) ..... Also strange in that SenderBase is still showing no traffic seen from the specified IP address ... wondering if you might also get your customer in here also, there may be something he/she/they can offer as to how their e-mail configuration is actually setup that might offer a clue or two ..???? SpamCopDNSbl is still showing the IP as not listed. Link to comment Share on other sites More sharing options...
Merlyn Posted October 19, 2004 Share Posted October 19, 2004 Sorry mistyped I meant SMTP Link to comment Share on other sites More sharing options...
Jeff G. Posted July 31, 2005 Share Posted July 31, 2005 Upon further review (on the basis of cummings's similar new post at http://forum.spamcop.net/forums/index.php?showtopic=4630 and the hostname of the server that sent the bounce above), the rejected server appears to have been mr03.conversent.net, which currently has IP Address 155.212.2.42, is not currently listed by the SCBL, and has the following recent Report History: Submitted: Thursday, June 23, 2005 09:45:28 -0400: cut your monthly mortgage payment in half * 1452606320 ( 155.212.2.42 ) To: mole[at]devnull.spamcop.net Submitted: Wednesday, June 15, 2005 21:00:59 -0400: You best friends and family deserve the BEST internet photo album!i * 1447919030 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1447919025 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Wednesday, June 15, 2005 12:53:06 -0400: Understanding OEM softwareC * 1447691476 ( http:// gamesquality.info/?bw2408f541da7fa92dc74... ) To: postmaster#cnc-noc.net[at]devnull.spamcop.net * 1447691449 ( http:// gamesquality.info/?bw2408f541da7fa92dc74... ) To: abuse[at]chinanet.cn.net * 1447691307 ( 155.212.2.42 ) To: spamcop[at]imaphost.com * 1447691289 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1447691236 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Wednesday, June 08, 2005 14:42:18 -0400: Get your meds inexpensivelyXSPOFELHAZ * 1443435588 ( 155.212.2.42 ) To: spamcop[at]imaphost.com * 1443435587 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1443435586 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Saturday, June 04, 2005 12:29:34 -0400: Fw: Its all about L?EVITRA nowMYKOYG * 1440287077 ( http:// bgq.getsearchhealthfind.com ) To: mole[at]devnull.spamcop.net * 1440287073 ( 155.212.2.42 ) To: mole[at]devnull.spamcop.net Submitted: Saturday, June 04, 2005 12:28:36 -0400: full service pharmac|y featuring over one thousand different d|rugsN * 1440286352 ( http:// hfu.getsearchhealthfind.com ) To: mole[at]devnull.spamcop.net * 1440286351 ( 155.212.2.42 ) To: mole[at]devnull.spamcop.net Submitted: Friday, June 03, 2005 03:58:16 -0400: 0rder your dr%ugs here and get toll-free customer supportKLLU * 1439356175 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1439356160 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Friday, June 03, 2005 03:55:57 -0400: 0rder your dr%ugs here and get toll-free customer supportKLLU * 1439349771 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1439349755 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Friday, June 03, 2005 03:54:51 -0400: 0rder your dr%ugs here and get toll-free customer supportKLLU * 1439350672 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1439350664 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Wednesday, June 01, 2005 10:11:51 -0400: 24/7 pharmac&yF * 1438008035 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1438008006 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Tuesday, May 31, 2005 16:33:35 -0400: Your order has been confirmedPNBZQOLEM * 1437423322 ( http:// leq.e-searchhealthfind.com ) To: mole[at]devnull.spamcop.net * 1437423268 ( 155.212.2.42 ) To: mole[at]devnull.spamcop.net Submitted: Tuesday, May 31, 2005 02:59:01 -0400: Top 1000 popular pharmac{y dr]ugsMR * 1436927162 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1436927141 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Monday, May 30, 2005 06:46:08 -0400: Online pharma{cy skin care rx online: re[at]tin-a & r$enovaPHDZ * 1436283876 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1436283875 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Sunday, May 29, 2005 06:10:33 -0400: Fw: Its all about LE.VITRA nowFCTRSJV * 1435617694 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1435617693 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Friday, May 27, 2005 18:58:22 -0400: Top 1000 popular pha%rmacy dru*gsKI * 1434687708 ( 155.212.2.42 ) To: abuse[at]conversent.com * 1434687695 ( 155.212.2.42 ) To: postmaster[at]conversent.com Submitted: Thursday, May 26, 2005 10:33:46 -0400: Re your Pres-cription order #8754IZTZD * 1433617633 ( http:// lju.coolsearchhealthfind.com ) To: mail-abuse[at]nic.br * 1433617626 ( http:// lju.coolsearchhealthfind.com ) To: spambr[at]admin.spamcop.net * 1433617614 ( 155.212.2.42 ) To: spamcop[at]imaphost.com * 1433617605 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1433617583 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Wednesday, May 25, 2005 23:04:06 -0400: spam: full service )pharmacy featuring over one thousand different dr$ugsBQUR * 1433303683 ( http:// rxt.coolsearchhealthfind.com ) To: abuse[at]coralwave.com * 1433303681 ( http:// rxt.coolsearchhealthfind.com ) To: abuse[at]cablebahamas.com * 1433303671 ( http:// rxt.coolsearchhealthfind.com ) To: hostmaster[at]cablebahamas.com * 1433303663 ( 155.212.2.42 ) To: spamcop[at]imaphost.com * 1433303659 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1433303644 ( 155.212.2.42 ) To: abuse[at]conversent.com Submitted: Wednesday, May 25, 2005 05:47:03 -0400: No more }pharmacy waiting linesGKQWH * 1432739712 ( http:// fnq.coolsearchhealthfind.com ) To: mail-abuse[at]nic.br * 1432739709 ( http:// fnq.coolsearchhealthfind.com ) To: spambr[at]admin.spamcop.net * 1432739705 ( 155.212.2.42 ) To: postmaster[at]conversent.com * 1432739687 ( 155.212.2.42 ) To: abuse[at]conversent.com Link to comment Share on other sites More sharing options...
Jeff G. Posted July 31, 2005 Share Posted July 31, 2005 I added some explanation to my previous Reply above. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.