Jump to content

Blocked by SpamCop but given no reason!


rdassow
 Share

Recommended Posts

My e-mail server IP Address is being listed by spamcop, 65.88.34.229 but I am given no reasons! My IP has been listed by 4 other spam block lists, and they all say they're listing me because Spamcop is listing me! Ugh!

Can someone give me any ideas why spamcop listed me but won't tell me the reason? I have nothing to go on here.

Help!

Link to comment
Share on other sites

My e-mail server IP Address is being listed by spamcop, 65.88.34.229  but I am given no reasons! My IP has been listed by 4 other spam block lists, and they all say they're listing me because Spamcop is listing me!

18970[/snapback]

Your server appears to have been sending to spam traps either directly or by bouncing, autoresponding, etc.

See: CBL

based on Senderbase report of mailing increasing by 5600% in the last 24 hours I'd guess that your server has been compromised. Maybe an SMTP AUTH hack. Check your logs.

SpamCop's stats are not real-time because spammers abused the listing details. You may want to send an email to deputies <at> spamcop <dot> net.

Edited by Chris Parker
Link to comment
Share on other sites

Out of the ones that might mean anything none of them are because of your Spamcop listing. They are from the spew coming from your server.

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=65.88.34.229

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?65.88.34.229

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.30

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=65.88.34.229

Link to comment
Share on other sites

But of course our percentage is going to go up.

Our company has two diverse ISP's with two diverse T1's to the internet. We have redundant MX records to support this (stsconsultants.com) .

However, if our primary ISP goes down, our e-mail is re-directed out our backup connection which is the IP that has been BL'd (65.88.34.229). Of course we are going to have a huge percentage increase in e-mail! That IP doesn't see ANY email unless we are in a failover state which happened recently.

Why should we be punished for having a redundant connection?

Ryan

Link to comment
Share on other sites

Out of the ones that might mean anything none of them are because of your Spamcop listing.  They are from the spew coming from your server.

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=65.88.34.229

Merlyn, I'm not listed here

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?65.88.34.229

I am listed here with no cause

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.30

I am listed here still trying to find out why.

DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=65.88.34.229

I am not listed here either.

18976[/snapback]

Link to comment
Share on other sites

Why should we be punished for having a redundant connection?

Well, this is new information, not made public before. It is not caused because of your redundant connection directly, but spamcop has used (not sure if it is currently used) different stats to list "new" servers it finds sending spam. Basically, a new IP will be listed much quicker because spammers were turning on IP's, spamming until they got listed and then going onto the next one.

You will need to contact the deputies for 2 reasons then:

  • Find out why you are listed.
  • Ask that your redundant IP address be unmarked as "new"

The fact that spam (or spamtrap hit) came from your IP so quick after turning on the server is NOT a good sign, however.

Link to comment
Share on other sites

It was previously listed, but was removed at 2004-10-19 15:13 GMT

You had yourself removed? It will be added back if it happens again. I give it a few hours. After you remove yourself more than a couple times and it keeps showing up it will be flagged permanent. If your server has problems you should fix it before you have many more problems.

Link to comment
Share on other sites

Your description of "no cause" for a SpamCopDNSbl listing has now changed. The current "Evidence" page shows;

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There is no "punishment for redundancy" .... the SpamCopDNSbl is based on a complicated mathematical formula, with spamtrap hits carrying a large scaling factor. Have you been through the "Why am I blocked" FAQ or Pinned item yet?

Link to comment
Share on other sites

All email coming and going from this IP address is scanned by Symantec for SMTP and symantec for exchange and both are the most recent versions with most recent DAT files.

Is is possible if I block at the firewall all outbound requests for port 25 except for mail servers to determine if we have an inside host with a trojan?

Your description of "no cause" for a SpamCopDNSbl listing has now changed.  The current "Evidence" page shows;

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There is no "punishment for redundancy" .... the SpamCopDNSbl is based on a complicated mathematical formula, with spamtrap hits carrying a large scaling factor.  Have you been through the "Why am I blocked" FAQ or Pinned item yet?

18991[/snapback]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...