Dialogica Posted October 19, 2004 Share Posted October 19, 2004 Could you please unblock our server with ip 81.10.224.220 from your blacklist! We do not know why we are blacklisted - a virus-check on our system showed no infection! We are a academical institution and are really dependent on our mailserver! Thank you! Link to comment Share on other sites More sharing options...
Ellen Posted October 19, 2004 Share Posted October 19, 2004 Could you please unblock our server with ip 81.10.224.220 from your blacklist! We do not know why we are blacklisted - a virus-check on our system showed no infection! We are a academical institution and are really dependent on our mailserver! Thank you! 18956[/snapback] Your exchange server is being abused by spammers using the SMTP/AUTH exploit: http://news.spamcop.net/cgi-bin/fom?file=372 http://www.winnetmag.com/article/articleid/40507/40507.html http://www.winnetmag.com/article/articleid/42406/42406.html http://support.microsoft.com/default.aspx?...;EN-US;324958#4 http://www.slipstick.com/exs/relay.htm http://www.msexchange.org/tutorials/Preven..._Server_55.html Link to comment Share on other sites More sharing options...
dra007 Posted October 19, 2004 Share Posted October 19, 2004 It also seems to be a recurring problem that might have never been fixed properly: 81.10.224.220 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) Listing History In the past 60.6 days, it has been listed 6 times for a total of 17.2 days Also note that there is a history of SPAMTRAP HITS that goes back to August listed elsewhere! Here is a recent example: From messiermerits[at]cablespeed.com Sun Oct 17 09:06:33 2004 Delivery-date: Sun, 17 Oct 2004 09:06:33 -0400 Received: from [81.10.224.220] (helo=diaserver.dialogica.dom) by mail.victim.example with esmtp (Exim 4.41) id 1CJAk4-0001Jm-9r for psbltrap[at]kernelnewbies.nl; Sun, 17 Oct 2004 09:06:33 -0400 Received: from teaspoonfuls ([219.140.229.252]) by diaserver.dialogica.dom with Microsoft SMTPSVC(5.0.2195.6713); Sun, 17 Oct 2004 15:08:53 +0200 From: "Sepideh Lam"<messiermerits[at]cablespeed.com> To: psbltrap[at]kernelnewbies.nl Subject: ENlI|ARGE Y0UR PEN |S AND 1MPR0VE YOUR SEX lI|FE! Mime-Version: 1.0 Date: 17 Oct 2004 15:08:56 +0200 http://[MUNGED] http://[MUNGED] http://[MUNGED] P1EASE CllCK HERE http://[MUNGED]/as#$RANDOMIZ Link to comment Share on other sites More sharing options...
Dialogica Posted October 20, 2004 Author Share Posted October 20, 2004 So, the problem should be fixed! The abused server hat a weak security level because it was intentionally used only for internal mailing. The security problems should be fixed now, nobody will receive spam via the server! Will the server be removed from the black list automatically after 48 spam-free-hours? If not, where should we write an email to? Thanks for your help! Link to comment Share on other sites More sharing options...
Wazoo Posted October 20, 2004 Share Posted October 20, 2004 You could start by looking at the FAQ or the duplicate Pinned entry "Why am I Blocked" .... you could take the time to read the other (seemingly endless) Topics started in the last couple of days alone with the similar Topic Title of "Unblock Me ...." Link to comment Share on other sites More sharing options...
Merlyn Posted October 20, 2004 Share Posted October 20, 2004 If you are an academic institute then why are your IP's tagged ad dynamic? Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html According to Senderbase it looks like you still have a problem. you volume is up 302% on that server. Link to comment Share on other sites More sharing options...
Derek T Posted October 20, 2004 Share Posted October 20, 2004 So, the problem should be fixed! 19020[/snapback] Amen. When's it going to happen? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.