CJR Posted March 19, 2005 Share Posted March 19, 2005 It seems that my e-mail (cjross[at]cyberus.ca) has been blocked, and does not allow me to send e-mails to my mother's work e-mail. I clicked on the link provided in the notification e-mail (Link), and then click on Information about the reasons for listing (blocking) your mail server (209.197.145.105). I then click on Trace IP and it says my e-mail is provided by Cybersurf, and that the abuse was reported by Cybersurf. I have a Cyberus e-mail! What the fudge is going on? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2005 Share Posted March 19, 2005 Well, as you may have noticed: host 209.197.145.105 = mx02.cybersurf.com Spamcop does not care what your email address is, only what IP it is sent from. I would guess that cyberus.net and cyberus.com are affiliated with cybersurf.com, perhaps as subsidiaries. From senderbase they have a common Network Owner: 3web Corp. Domains closely associated with 3web Corp. Showing 1 - 5 out of 5 Domain Monthly Magnitude 3web.net 5.5 cybersurf.com 5.2 3web.com 4.2 eisa.com 3.9 cybersurf.net 3.2 Also your email is directed by DNS to the cybersurf.com servers, further indicating they may be the same company. > set type=mx > cyberus.ca Server: ns1.ma.charter.com Address: 66.189.0.29 Non-authoritative answer: cyberus.ca MX preference = 10, mail exchanger = mx04.cybersurf.com cyberus.ca MX preference = 10, mail exchanger = mx01.cybersurf.com cyberus.ca MX preference = 10, mail exchanger = mx02.cybersurf.com cyberus.ca MX preference = 10, mail exchanger = mx03.cybersurf.com cyberus.ca nameserver = discovery.cia.com cyberus.ca nameserver = newton.cia.com cyberus.ca nameserver = galileo.cia.com galileo.cia.com internet address = 209.197.128.5 discovery.cia.com internet address = 209.197.128.2 > Link to comment Share on other sites More sharing options...
CJR Posted March 19, 2005 Author Share Posted March 19, 2005 Okay, I understand, but how can I get unblocked? My mother is also blocked from her own work e-mail too, and she needs to send messages to it! What can I do to fix it? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2005 Share Posted March 19, 2005 The listing states: If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) So you should be OK in a little while. You should contact your ISP and check with them that something was actually done to stop the cause of this listing. Specifically, did they contact spamcop and find out what kind of message hit the spamtrap and stop that source. Otherwise, it is likely you will b listed again. There are always work arounds as well. You could use a webmail (yahoo, hotmail, etc.) when you are being blocked. You could change your ISP. You could ask your mothers work how to whitelist your addresses. You could mention to your mothers work that the spamcop list is not recommended to be used in a blocking mode because of it's aggressiveness. Please direct them here for more information. Link to comment Share on other sites More sharing options...
petzl Posted March 19, 2005 Share Posted March 19, 2005 Okay, I understand, but how can I get unblocked? My mother is also blocked from her own work e-mail too, and she needs to send messages to it! What can I do to fix it? 25772[/snapback] Someone using IP 209.197.145.105 is infected and their computer has become a Zombie The Subject of a spam going through this IP is or was It pays to go through my signature to check that it's not you and both you and your mother have a secure windows computer Link to comment Share on other sites More sharing options...
WB8TYW Posted March 19, 2005 Share Posted March 19, 2005 http://ops.mail-abuse.com/cgi-bin/nph-ops-...209.197.145.105 Shows that last November, the mail server was bouncing spam to forged addresses when the spam victim's mail box was full. Not good. Mailservers should be using SMTP rejects when they can not accept e-mail as that is the only non-abusive method of notifying a real sender that their mail was not accepted. Mail to a full mail box should be rejected with a 4xx series error. Bouncing messages instead of using SMTP rejects assists spammers and virus writers in using the bouncing mail server to conduct a denial of service attack against another spam victim's mail box. While the protocol for sending messages allow such bounces, they are an artifact from when independent third pary open relays were routinely used to route e-mail. The end point mail server would issue an SMTP reject, and the open relay would convert it to a bounce. Now open relays are blocked on sight, and mail is sent from mail server to mail server, so the use of bounce messages is effectvely obsolete. And since well over 99% of undeliverable e-mail is either spam or viruses with forged addresses, bouncing is now very abusive. Especially considering that current statistics show that for each real e-mail coming into a mail server, 3 spams or viruses are also being delivered. Anyone's whos mail server provider is bouncing instead of using SMTP rejects is going to eventually find that there are many other networks that will refuse all e-mail from them, and worse, that even more that are just silently deleting all e-mail from them. And this has nothing to do with spamcop.net, it is just a matter that those networks doing the blocking do not want to incur additional costs on their side to deal with a misconfigured mail server. While you may pay a fixed rate for your internet connection, a mid-size or larger service pays by the amount of messages times their size. A mail server abusively bouncing to forged addresses can run up a significant cost on the receiving side in a small amount of time if they try to sort the real e-mail from the forged bounces. Most mail servers only have the ability to protect themselves from spam/viruses or other DOS attacks by rejecting all e-mail from the attacking I.P. address, and that can not be easily changed. And why should the users on the receiving side pay more to compensate for a configuration problem on the sending side? -John Personal Opinion Only Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 19, 2005 Share Posted March 19, 2005 Someone using IP 209.197.145.105 is infected and their computer has become a Zombie The Subject of a spam going through this IP is or was 25775[/snapback] Petzl, while your suggestion to check for viruses and spyware is always sound, it is not likely the cause in this case as that IP is an outgoing mail server for cybersurf.com, cyberus.ca and possibly some other related ISP's. The IP is not that of the OP but of their ISP. Link to comment Share on other sites More sharing options...
petzl Posted March 20, 2005 Share Posted March 20, 2005 Petzl, while your suggestion to check for viruses and spyware is always sound, it is not likely the cause in this case as that IP is an outgoing mail server for cybersurf.com, cyberus.ca and possibly some other related ISP's. The IP is not that of the OP but of their ISP. 25779[/snapback] Yes it appears that the mail servers themselves may have an infection? On a windows machine it is a must to keep windows secure! although this virus infects linux servers Malware known as Cheese I have been doing some looking around and appears that cybersurf may have a security problem themselves and with their email servers? http://isc.sans.org/source_report.php?subnet=209.197.145 or http://www.dshield.org/ipdetails.php?ip=209.197.145.105 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.