craigjhandyside Posted April 9, 2005 Posted April 9, 2005 Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop. error message on attempting to send email. An unknown error was returned from the SMTP account . . . Server response '571 24.167.180.18 was found in bl.spamcop.net .... The only suggestion that the ISP had was to unplug the cable modem for 24 hours and let the DNS server assign a new address help
Merlyn Posted April 9, 2005 Posted April 9, 2005 That is a dynamic IP. Are you running a mail server on a dynamic IP? According to Senderbase the numbers do not look good. Last day 3.5 7241% Last 30 days 2.6 948% If you are running a mail server then every spammer in the world is using it. Most email administrators will not accept email from a dynamic IP. This ip is also listed in the following blocklists: NJABLDYNA NJABL list of dynamic ip spaces: dynablock.njabl.org -> 127.0.0.3 Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?24.167.180.18 SPAMBAG Spambags: blacklist.spambag.org -> rr.blacklist.spambag.org. -> 127.0.0.2 rr.blacklist.spambag.org. Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=rr NOMOREFUNN local bl at moensted.dk: no-more-funn.moensted.dk -> 127.0.0.3 rr.com. Dial-Up/Cable/DSL/Home IP Range - Use your providers SMTP Gateway or whitelist your server at: http://moensted.dk/spam/no-more-funn/?addr=24.167.180.18 JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.6 KROPKAALL Quite aggressive database, maintained by a few private persons: all.rbl.kropka.net -> 127.0.0.3 KROPKAIP kropka ip: ip.rbl.kropka.net -> 127.0.0.1 KROPKADUL kropka dialupy and dynamic IP: dialup.rbl.kropka.net -> 127.0.0.2 UCEPROTECTL1 UCEPROTECT®-Network Project - Level 1: dnsbl-1.uceprotect.net -> 127.0.0.2 Sorry, IP 24.167.180.18 is blacklisted at Level 1 by UCEPROTECT-Network see http://www.uceprotect.net UCEPROTECTL2 UCEPROTECT®-Network Project - Level 2: dnsbl-2.uceprotect.net -> 127.0.0.2 Sorry, Net 24.167.180.0/24 is blacklisted at Level 2 by UCEPROTECT-Network see http://www.uceprotect.net SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.10 Dynamic IP Addresses See: http://www.dnsbl.sorbs.net/lookup.shtml?24.167.180.18 SORBSDUL Dynamic IP Address ranges (NOT a Dial Up list!): dul.dnsbl.sorbs.net -> 127.0.0.10 Dynamic IP Addresses See: http://www.dnsbl.sorbs.net/lookup.shtml?24.167.180.18 DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2 PLEASE SEE http://www.uceprotect.net/ DRBL-VOTE-SANDY Distributed RBL node: sandy.ru: vote.drbl.sandy.ru -> 127.0.0.2 030628:ROAD-RUNNER-5 Direct Allocation DRBL-WORK-SANDY Distributed RBL node: sandy.ru: work.drbl.sandy.ru -> 127.0.0.2 zaraza:030628:ROAD-RUNNER-5 Direct Allocation DRBL-VOTE-GREMLIN Distributed RBL node: gremlin.ru: vote.drbl.gremlin.ru -> 127.0.0.2 Relaying denied DRBL-WORK-GREMLIN Distributed RBL node: gremlin.ru: work.drbl.gremlin.ru -> 127.0.0.2 vote.drbl.gremlin.ru[at]ns.gremlin.ru:Relaying denied
dra007 Posted April 9, 2005 Posted April 9, 2005 Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop. /snip 26395[/snapback] ...of course he didn't, they never answer reports of spam abuse.
Jeff G. Posted April 9, 2005 Posted April 9, 2005 Per the Geobytes IP Address Locator, that IP Address has a 94% probability of being in or near Greensboro, NC, USA, which per the reverse name and http://www.rr.com is within the network of "Triad - Time Warner Cable" in Greensboro. So you could also ask the local folks at "Triad - Time Warner Cable" or different folks at Road Runner's National Help Desk.
craigjhandyside Posted April 9, 2005 Author Posted April 9, 2005 Gee, I get to reply and show my ignorance. I am not running a mail server. I am using 5 computers at home, connecting through a cable modem, using a wireless router. I noticed the numbers at SenderBase -after reading through some parts of the forum at midnight last night. The only concern that I have to indicate that spamming is occuring out of my house - is one computer -used by a younger member of the family - has on occasion had viruses on it. I have used Norton a number of times to correct the problem. Is there any chance that it has been tekn over to send spam? What options do I have-I see where the ISP can request to be delisted-but with the number of blockings that show up that is not possible. Should I disconnect from the ISP for 24 hours and receive a new address dynamically? I appreciate your help-none was received from the ISP
Merlyn Posted April 9, 2005 Posted April 9, 2005 You probably have a hacked machine. Norton is not enough. You need at least to run Spybot Search & Destroy and also run Ad-Aware. Your wirelless could also be letting others attach without your knowledge. You could use a good firewall. Hope this helps
craigjhandyside Posted April 9, 2005 Author Posted April 9, 2005 good morning all My problem has been solved. The ISP had me change my outgoing mail server to the road runner server and now I can send mail. Of course this does not answer/solve the question of where the spam was coming from. The other computer did not have any viruses or spyware loaded presently. appreciate all your help thanks
trpted Posted April 9, 2005 Posted April 9, 2005 #1 Your wi-fi 802.11 (b, a, or g) could also be letting others attach without your knowledge. #2 Some else with that dynamic IP at (a) certain date(s) and time(s) set the spam(s). Now if your ip address was static then would you have a bigger problem ex: someone else, while your comuter was off, was using your IP address. Or other problems. #3 Or the blacklist owner may choose to block dynamic IP address(es).
petzl Posted April 9, 2005 Posted April 9, 2005 Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop. error message on attempting to send email. An unknown error was returned from the SMTP account . . . Server response '571 24.167.180.18 was found in bl.spamcop.net .... The only suggestion that the ISP had was to unplug the cable modem for 24 hours and let the DNS server assign a new address help 26395[/snapback] Your computer is being accesed by persons you don't want to access your computer. go through my signature and install a virus checker SpyWare checker and Firewall Also get latest updates from microsoft
Wazoo Posted April 9, 2005 Posted April 9, 2005 My problem has been solved. The ISP had me change my outgoing mail server to the road runner server and now I can send mail. Not sure I understand this at all. You stated earlier that you were not running a mail server, yet changed something to now use your ISP e-mail server ... what was being used prior to the change? Going back to the "IP is being blocked message which matches your posting IP address, the appearances are that you were in fact sending mail from your own system/network. Of course this does not answer/solve the question of where the spam was coming from. The other computer did not have any viruses or spyware loaded presently. Ealier you stated "5 computers" ... here you say "the other computer" ....???? What kind of wireless router is in use? Who set it up? How locked down is it as far as access? (MAC address table, is WEP in use ..????) Anti-virus tools don't do everything else. The phrase "I have used Norton a number of times" is also a bit on the scary side. The implication is that you are simply tossing in a CD and running the virus scan from there, which would also state that the database on virus data is only as current as the file on the CD ... as compared to updates being released monthly, weekly, at times daily ... so these checks are woefully inadequate.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.