fnsp_stastny Posted June 24, 2020 Share Posted June 24, 2020 Hello, Our company was listed on blacklist for 1 day I guess. After successful delist we still cannot send e-mails to some domains. Have you guys any experience with something like this? This error is showing:<<< 550 5.7.1 Remotehost is listed in the following RBL lists: SpamCop, NixSpam RBL Thanks for help. Quote Link to comment Share on other sites More sharing options...
petzl Posted June 25, 2020 Share Posted June 25, 2020 14 hours ago, fnsp_stastny said: Hello, Our company was listed on blacklist for 1 day I guess. After successful delist we still cannot send e-mails to some domains. Have you guys any experience with something like this? This error is showing:<<< 550 5.7.1 Remotehost is listed in the following RBL lists: SpamCop, NixSpam RBL Thanks for help. Need a IP to look? Quote Link to comment Share on other sites More sharing options...
fnsp_stastny Posted June 25, 2020 Author Share Posted June 25, 2020 Oh, I'm sorry I forgot to write IP. 193.87.56.3 Quote Link to comment Share on other sites More sharing options...
petzl Posted June 25, 2020 Share Posted June 25, 2020 (edited) 5 hours ago, fnsp_stastny said: Oh, I'm sorry I forgot to write IP. 193.87.56.3 Not listed now, only one member report (child porn) so must of been hitting spamtrap addresses? SpamCop was sending abuse reports to old abuse address so refreshed it to "abuse-po[AT]sanet[DOT]sk" Important for your customers to use a virus/malware program Windows Defender is a good choice, but any would do. If malware detected they need to change password. only report was Submitted: 4/22/2020, 5:36:59 PM +1000: My dream is to try with you something that I have never done before. Edited June 25, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
fnsp_stastny Posted June 25, 2020 Author Share Posted June 25, 2020 We are using on every Pc Windows Deffender. At the moment, e-mail communication should be smooth? Quote Link to comment Share on other sites More sharing options...
petzl Posted June 26, 2020 Share Posted June 26, 2020 (edited) 16 hours ago, fnsp_stastny said: We are using on every Pc Windows Deffender. At the moment, e-mail communication should be smooth? Someone had disabled windows defender or you have a spammer using your computers! To get listed by spamtraps means 1000's of emails were being sent through your email server Widows defender is very good at picking up malware. Right now your email server has dropped by 100%https://talosintelligence.com/reputation_center/lookup?search=193.87.56.3 LAST DAY LAST MONTH spam LEVEL Very High Very High EMAIL VOLUME 0.0 3.5 VOLUME CHANGE -100% see checkhttps://blog.mikrotik.com/security/winbox-vulnerability.html Edited June 26, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
fnsp_stastny Posted June 26, 2020 Author Share Posted June 26, 2020 Can you give me information which e-mail address is sending spam mails to spamtraps? Quote Link to comment Share on other sites More sharing options...
petzl Posted June 26, 2020 Share Posted June 26, 2020 (edited) 6 hours ago, fnsp_stastny said: Can you give me information which e-mail address is sending spam mails to spamtraps? Nobody has access to spamtrap spam. spamtraps are kept secret sorry But I did look at your email server which shows is slow. indicates it is accessed by a or many a spammerhttps://mxtoolbox.com/SuperTool.aspx?action=smtp%3a193.87.56.3&run=toolpage 220 mail.fnsppresov.sk ESMTP Server (Kerber Mail Server 3.0) ready at Fri, 26 Jun 2020 13:12:11 +0200 Test Result SMTP Connection Time 6.079 seconds - Warning on Connection time More Info SMTP Transaction Time 8.734 seconds - Not good! on Transaction Time More Info SMTP Reverse DNS Mismatch OK - 193.87.56.3 resolves to mail.fnsppresov.sk SMTP Valid Hostname OK - Reverse DNS is a valid Hostname SMTP Banner Check OK - Reverse DNS matches SMTP Banner SMTP TLS OK - Supports TLS. SMTP Open Relay OK - Not an open relay. https://talosintelligence.com/reputation_center/lookup?search=193.87.56.3 spam LEVEL The spam Level indicates how much spam that originated from this host, has been lately caught and archived. This statistics is not displayed for every spam sending host, because Talos Reputation Center is not storing every spam we encounter. Edited June 26, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
fnsp_stastny Posted June 26, 2020 Author Share Posted June 26, 2020 So what exactly should we do? We have like 3000 PCs in our network, it's time consuming to look for a PC in which could be some virus/spammer access. Quote Link to comment Share on other sites More sharing options...
petzl Posted June 26, 2020 Share Posted June 26, 2020 (edited) 11 hours ago, fnsp_stastny said: So what exactly should we do? We have like 3000 PCs in our network, it's time consuming to look for a PC in which could be some virus/spammer access. I right now cannot see you on any blacklist? Maybe your problems over?However some blacklists never remove one from their blacklist, until a lot of grovelling is done. Hotmail GMail don't list their black lists! But your System is set up correctly, just high usage. SpamCops blocklist only lists a maximum of 24 hours if spam stops, sooner if one delists it. on your contact webpage change email addresses to images as "spamBots" scrape email addresses yes some spamBots can read images most cannot. Many companies do not allow personal email or downloads which stops malware, and have all email electronically read, if enough "strikes" it then is actually read, with security arriving unannounced to remove offender off site! The only course to if you are satisfied that all 3000 PC's are clean and kept that way but blocking is still happening is to change to a different IP for your email server. I would suggest you ask via email and or Blog. for all your 3000 PC network to change passwords to a secure one First letter of their (Capitalized) name, first 2 numbers of their street address, followed by a = sign, followed by a lower case, upper case Alphanumeric unforgettable password. example; P77=BratiSlava (this has 14 characters there may be a limit of characters one can use on a password?) Ask all to run on their Microsoft defender offline scan. THEN change password is best, but gets problematical with naive users, get them to ask for assistance from other colleagues if needed. Up to you but I don't recommend all 3000 users do this at same time, babysteps first say 5 first?https://support.microsoft.com/en-us/help/4027710/windows-using-windows-defender-offline Screen Capture of running Windows Defender offline scan https://ibb.co/2dLcPXP Edited June 26, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted July 4, 2020 Share Posted July 4, 2020 On 6/24/2020 at 11:11 PM, fnsp_stastny said: Oh, I'm sorry I forgot to write IP. One note is that you can try is to do a local lookup and see if it is cashed in the blocklist by your local DNS. Another thing to note is that a few decades back, there were some email providers that mistakenly blamed the spamcop blacklist for blocking email when in fact, it was their own blocklist they were using. nslookup -type=any 3.56.87.193.bl.spamcop.net If the IP is not on the blocklist, but is still blocked, it is likely the email provider has setup a badly configure rbl entry in the receiving email server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.