can not send email - blacklisted

[craigjhandyside]

Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop.

error message on attempting to send email.

An unknown error was returned from the SMTP account . . .

Server response '571 24.167.180.18 was found in bl.spamcop.net ....

The only suggestion that the ISP had was to unplug the cable modem for 24 hours

and let the DNS server assign a new address

help

[Merlyn]

That is a dynamic IP. Are you running a mail server on a dynamic IP?

According to Senderbase the numbers do not look good.

Last day 3.5 7241%

Last 30 days 2.6 948%

If you are running a mail server then every spammer in the world is using it.

Most email administrators will not accept email from a dynamic IP.

This ip is also listed in the following blocklists:

NJABLDYNA NJABL list of dynamic ip spaces: dynablock.njabl.org -> 127.0.0.3

Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?24.167.180.18

SPAMBAG Spambags: blacklist.spambag.org -> rr.blacklist.spambag.org. -> 127.0.0.2

rr.blacklist.spambag.org.

Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=rr

NOMOREFUNN local bl at moensted.dk: no-more-funn.moensted.dk -> 127.0.0.3

rr.com. Dial-Up/Cable/DSL/Home IP Range - Use your providers SMTP Gateway or whitelist your server at: http://moensted.dk/spam/no-more-funn/?addr=24.167.180.18

JAMDSBL local bl at JAMMConsulting.com: dnsbl.jammconsulting.com -> 127.0.0.6

KROPKAALL Quite aggressive database, maintained by a few private persons: all.rbl.kropka.net -> 127.0.0.3

KROPKAIP kropka ip: ip.rbl.kropka.net -> 127.0.0.1

KROPKADUL kropka dialupy and dynamic IP: dialup.rbl.kropka.net -> 127.0.0.2

UCEPROTECTL1 UCEPROTECT®-Network Project - Level 1: dnsbl-1.uceprotect.net -> 127.0.0.2

Sorry, IP 24.167.180.18 is blacklisted at Level 1 by UCEPROTECT-Network see http://www.uceprotect.net

UCEPROTECTL2 UCEPROTECT®-Network Project - Level 2: dnsbl-2.uceprotect.net -> 127.0.0.2

Sorry, Net 24.167.180.0/24 is blacklisted at Level 2 by UCEPROTECT-Network see http://www.uceprotect.net

SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Addresses See: http://www.dnsbl.sorbs.net/lookup.shtml?24.167.180.18

SORBSDUL Dynamic IP Address ranges (NOT a Dial Up list!): dul.dnsbl.sorbs.net -> 127.0.0.10

Dynamic IP Addresses See: http://www.dnsbl.sorbs.net/lookup.shtml?24.167.180.18

DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2

PLEASE SEE http://www.uceprotect.net/

DRBL-VOTE-SANDY Distributed RBL node: sandy.ru: vote.drbl.sandy.ru -> 127.0.0.2

030628:ROAD-RUNNER-5 Direct Allocation

DRBL-WORK-SANDY Distributed RBL node: sandy.ru: work.drbl.sandy.ru -> 127.0.0.2

zaraza:030628:ROAD-RUNNER-5 Direct Allocation

DRBL-VOTE-GREMLIN Distributed RBL node: gremlin.ru: vote.drbl.gremlin.ru -> 127.0.0.2

Relaying denied

DRBL-WORK-GREMLIN Distributed RBL node: gremlin.ru: work.drbl.gremlin.ru -> 127.0.0.2

vote.drbl.gremlin.ru[at]ns.gremlin.ru:Relaying denied

[dra007]

Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop.

/snip

26395[/snapback]

...of course he didn't, they never answer reports of spam abuse.

[Jeff G.]

Per the Geobytes IP Address Locator, that IP Address has a 94% probability of being in or near Greensboro, NC, USA, which per the reverse name and http://www.rr.com is within the network of "Triad - Time Warner Cable" in Greensboro. So you could also ask the local folks at "Triad - Time Warner Cable" or different folks at Road Runner's National Help Desk.

[craigjhandyside]

Gee, I get to reply and show my ignorance. I am not running a mail server. I am using 5 computers at home, connecting through a cable modem, using a wireless router.

I noticed the numbers at SenderBase -after reading through some parts of the forum at midnight last night. The only concern that I have to indicate that spamming is occuring out of my house - is one computer -used by a younger member of the family - has on occasion had viruses on it. I have used Norton a number of times to correct the problem. Is there any chance that it has been tekn over to send spam?

What options do I have-I see where the ISP can request to be delisted-but with the number of blockings that show up that is not possible. Should I disconnect from the ISP for 24 hours and receive a new address dynamically?

I appreciate your help-none was received from the ISP

[Merlyn]

You probably have a hacked machine.

Norton is not enough.

You need at least to run Spybot Search & Destroy and also run Ad-Aware.

Your wirelless could also be letting others attach without your knowledge.

You could use a good firewall.

Hope this helps

[craigjhandyside]

good morning all

My problem has been solved. The ISP had me change my outgoing mail server to the road runner server and now I can send mail. Of course this does not answer/solve the question of where the spam was coming from. The other computer did not have any viruses or spyware loaded presently.

appreciate all your help

thanks

[trpted]

#1 Your wi-fi 802.11 (b, a, or g) could also be letting others attach without your knowledge.

#2 Some else with that dynamic IP at (a) certain date(s) and time(s) set the spam(s). Now if your ip address was static then would you have a bigger problem ex: someone else, while your comuter was off, was using your IP address. Or other problems.

#3 Or the blacklist owner may choose to block dynamic IP address(es).

[petzl]

Yesterday (thursday) could not send email. Spoke with ISP - Road Runner. One of the techs had not heard of spamcop.

error message on attempting to send email.

An unknown error was returned from the SMTP account . . .

Server response '571 24.167.180.18 was found in bl.spamcop.net ....

The only suggestion that the ISP had was to unplug the cable modem for 24 hours

and let the DNS server assign a new address

help

26395[/snapback]

Your computer is being accesed by persons you don't want to access your computer. go through my signature and install a virus checker SpyWare checker and Firewall Also get latest updates from microsoft

[Wazoo]

My problem has been solved. The ISP had me change my outgoing mail server to the road runner server and now I can send mail.

Not sure I understand this at all. You stated earlier that you were not running a mail server, yet changed something to now use your ISP e-mail server ... what was being used prior to the change? Going back to the "IP is being blocked message which matches your posting IP address, the appearances are that you were in fact sending mail from your own system/network.

Of course this does not answer/solve the question of where the spam was coming from. The other computer did not have any viruses or spyware loaded presently.

Ealier you stated "5 computers" ... here you say "the other computer" ....????

What kind of wireless router is in use? Who set it up? How locked down is it as far as access? (MAC address table, is WEP in use ..????)

Anti-virus tools don't do everything else. The phrase "I have used Norton a number of times" is also a bit on the scary side. The implication is that you are simply tossing in a CD and running the virus scan from there, which would also state that the database on virus data is only as current as the file on the CD ... as compared to updates being released monthly, weekly, at times daily ... so these checks are woefully inadequate.