JBradford Posted November 3, 2005 Share Posted November 3, 2005 Hello, We recently discovered that our newly moved (to a new IP address) mailserver was being used as an open relay to send out spams. Thousands of them. This past Friday we were alerted to the issue and immediatly closed that gaping hole. However, even though all of our logs since Friday are showing thousands of attempts at sending spam through our server - and every one of those attempts showing a 'We do not Relay' message before disconnection from the sending source - the spams are still going through. I have my server set to require POP authentication to send a message. My only relay is through the local server itself and no other IP addresses. I have the server set to reject all incoming mail that cannot provide a rDNS lookup I have the server set to reject all incoming mail from hostnames that have no MX record Every time I have checked the various 'Open Relay Checkers' online, my system passes with flying colors. None of them show me as being an open relay. So, if I'm not an open relay and I have all of the previously mentioned security procedures in place.. how is it that spam is still going out with my IP address plastered all over it as the sender? I am using Visnetic Mailserver v.5 My IP Address is 71.142.25.66 Here is a short exerpt from my recent log file: 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:03 -0700 Connected 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:03 -0700 >>> 220 mail.emrsystem.com ESMTP VisNetic.MailServer.v5.0.2.3; Wed, 02 Nov 2005 20:20:03 -0700 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:04 -0700 <<< EHLO euroseek.com 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:04 -0700 >>> 250-mail.emrsystem.com Hello euroseek.com [127.0.0.1], pleased to meet you. 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:04 -0700 <<< MAIL FROM: <fakesender[at]mail2Carolyn.com> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:04 -0700 >>> 250 2.1.0 <fakesender[at]mail2Carolyn.com>... Sender ok 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 <<< RCPT TO: <intended_recipient[at]adni.net> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 >>> 550 5.7.1 <intended_recipient[at]adni.net>... we do not relay <fakesender[at]mail2Carolyn.com> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 <<< RCPT TO: <second_recipient[at]adni.net> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 >>> 550 5.7.1 <second_recipient[at]adni.net>... we do not relay <fakesender[at]mail2Carolyn.com> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 <<< RCPT TO: <third_recipient[at]adni.net> 127.0.0.1 [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 >>> 550 5.7.1 <third_recipient[at]adni.net>... we do not relay <fakesender[at]mail2Carolyn.com> SYSTEM [0001B9B4] Wed, 02 Nov 2005 20:20:05 -0700 Disconnected I changed the actual sender and reciever email address names, but left the domain names in tact. Other than that, nothing at all was changed. I plainly see 'we do not relay' in every instance of an email attempt. Every one of the thousands of lines in my logs (that are not legitimate mails going out or coming in) have 'we do not relay'. Going back through all logs until last Friday shows the same message. Am I reading it wrong? Thanks for any help anyone can give me. I have contacted Visnetic to see if they can assist me, but haven't heard back from them for a day. J. Bradford CTO EMRSystem Inc. (frustrated mailserver admin) Link to comment Share on other sites More sharing options...
Jeff G. Posted November 3, 2005 Share Posted November 3, 2005 Report History shows the following: Submitted: Wednesday, November 02, 2005 23:34:27 -0500: -- spam -- Pre-approved Application #lmypL87350 * 1546277776 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Wednesday, November 02, 2005 21:50:08 -0500: jacobean some sugar the perky see borderland not * 1546225808 ( http:/ /edkrqh.net.rlmpyxtpzvegvj.vitamingood.com ) To: mole[at]devnull.spamcop.net * 1546225807 ( 71.142.25.66 ) To: mole[at]devnull.spamcop.net Submitted: Wednesday, November 02, 2005 20:47:28 -0500: spam: olin it rod a lessor a claude or * 1546190579 ( 71.142.25.66 ) To: spamcop[at]imaphost.com * 1546190575 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Wednesday, November 02, 2005 18:44:03 -0500: RE: MAINTAIN your weight loss * 1546125984 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Wednesday, November 02, 2005 10:02:58 -0500: Hoodia - Reduce 1,000 Calories a Day * 1545790956 ( http:/ /www.go2zl.info/r ) To: abuse[at]hkabc.net * 1545790955 ( http:/ /www.go2zl.info ) To: abuse[at]hkabc.net * 1545790951 ( 71.142.25.66 ) To: spamcop[at]imaphost.com * 1545790944 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Tuesday, November 01, 2005 16:21:42 -0500: Forget wilma * 1545227178 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Tuesday, November 01, 2005 05:31:32 -0500: Account has been created * 1544799683 ( 71.142.25.66 ) To: spamcop[at]imaphost.com * 1544799681 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Tuesday, November 01, 2005 01:29:24 -0500: [spam] FW: Shed extra pounds with Hoodia * 1544674788 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Tuesday, November 01, 2005 00:46:53 -0500: Re: Shopping and Survey Cash 10.31.2005 * 1544695885 ( 71.142.25.66 ) To: spamcop[at]imaphost.com * 1544695884 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Sunday, October 30, 2005 01:12:41 -0400: [JunkMail] Remember the old days? * 1543060775 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Friday, October 28, 2005 22:10:09 -0400: x * 1542215601 ( 71.142.25.66 ) To: spamcop[at]imaphost.com * 1542215600 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net Submitted: Friday, October 28, 2005 16:43:54 -0400: You have been prequalfied * 1542060113 ( 71.142.25.66 ) To: abuse[at]sbcglobal.net One of those Reports (1543060775) was for an email that ended up in my Held Mail mailbox/Folder. Its Tracking URL http://www.spamcop.net/sc?id=z821225592z6e...448af9804a2d89z does not reveal any plausible source but your server's IP Address 71.142.25.66. Please check your firewall logs and scour that server (and any other systems on your network that could send mail using that IP Address) for proxies, adware, spyware, viruses, and worms. Thanks! Link to comment Share on other sites More sharing options...
Jeff G. Posted November 3, 2005 Share Posted November 3, 2005 Please also ask postmaster[at]pbi.net to give your server (host) rdns ("Add the reverse IN-ADDR entry for each host address in the appropriate zone files for each network the host in on."), as required by the "Adding a host" instructions on Page 11 of RFC 1033 DOMAIN ADMINISTRATORS OPERATIONS GUIDE. Thanks! Link to comment Share on other sites More sharing options...
JBradford Posted November 3, 2005 Author Share Posted November 3, 2005 Thanks for the assistance. Here's another tidbit of information that I thought of.. dont know if it means anything or not, but I dont want to leave any stone unturned.. When our system was showing up as an 'open relay', it was obviously being abused by some type of spamming entity or software. When we appeared on the blocked lists (AOL was the first one to actually show up in our log files that even hinted about being blocked) our 'outgoing message queue' exploded with messages awaiting transmission to AOL.. then there were a lot of them from Yahoo listed on the queue. Then I changed our server settings and stopped our open relay. I deleted all of the messages in the outgoing queue.. and have never seen another one in there since. So.. if being on a blocked list keeps those mails from being sent.. thus they get held up in our outgoing list.. and we are still on those blocked list but the messages never make it to the queue.. Why does that NOT tell me that the messages are not going through our server any more? Additionally, I still need to know what kind of stupid I am. Apparantly I am misreading our log files. As I see it now, since every single email that has attempted to be sent through our system gets nothing but a 'we do not relay' message - that's telling me that my server is not sending them. I even checked some of the reported spams that I can actually read online.. the one's that are being blamed on my server for their transmission. When I cross reference those emails, based on time/sender/reciever, my logs tell me that the mail was not sent. They say 'we do not relay'. So.. am I misreading the 'we do not relay' part of my logs? Does that not mean what I think it means? I think it means the message came knocking, my server did it's validation on the sender, found out that the sender address was not listed among my authorized accounts list, and the message was turned away.. it was never sent. If that's not what it means, then I need to know what I DO need to look for in my logs. If I think 'we do not relay' means what it says, then obviously I need to set my goal at some other message in my log file. From what I can see in my logs - my server is not doing the sending. I suppose there is one way to test that theory.. shut it off for a day and see if it's still happening. I'm doubting that's going to work, because I'm not debating whether or not my server is actually sending these.. I just need to know how I can know for sure that I finally got it fixed. When every tester system on the internet tells me that my system is not allowing unauthorized emails through it's gates.. having a spam list tell me otherwise is just confusing. A bit more help and I can probably figure this out. I'll be doing virus scans and trojan scans out the wazoo tommorrow (nearly midnight here now and I've been at this since 7am). I'll also see about getting that rDNS problem fixed. Also.. what's with the spamcop addresses getting spammed by my server? I dont run lists of any kind. We've got 3 guys who work here with 6 email addresses between them.. and we mostly just email between ourselves? We dont 'bulk email' anything because we have no need for it. Our server is just for our own personal use. One thing I find intereresting.. and then I'll sit back and hope for a reply.. I changed ISP's about a week and a half ago. The only thing that I thought I'd have to do is swap the IP addresses on the server NIC and be done with it. Same server I've had up for 2 years now... with no spam problems at all. Within 20 minutes of me onlining the server with the new IP address.. all this spam started. No new programs were added. No modifications to any program. No operating system updates. No patches for any software. Just a new IP address. Kind of makes me wonder how anyone could have found my mailserver so quick, when it had just barely managed to propogate the net to it's new IP address that same day.. and the mailserver was off for most of that day. 20 minutes, I kid you not.. that's all it took for this thing to start flinging spam like it was candy to kids on halloween. Any theories on that one? Or do I just have lousey luck? Thanks again for the advice.. I'll be hittin that first thing. Until then, I'm going to manually shut down my mailserver for the evening to test a theory Kudos, JB Link to comment Share on other sites More sharing options...
dbiel Posted November 3, 2005 Share Posted November 3, 2005 I think it means the message came knocking, my server did it's validation on the sender, found out that the sender address was not listed among my authorized accounts list, and the message was turned away.. it was never sent. The key is how are you rejecting this messages and where are these reject notices being sent? If they are going back to the "reply to" address then you are in trouble. Those addresses are almost always forgered when dealing with spam. If you are returning the to the IP address you received them from then you are OK. What firewall do you have in place to stop email from going out using your IP address but not going through you email server. These would never show up on your server logs. Link to comment Share on other sites More sharing options...
dbiel Posted November 3, 2005 Share Posted November 3, 2005 Kind of makes me wonder how anyone could have found my mailserver so quick, when it had just barely managed to propogate the net to it's new IP address that same day.. and the mailserver was off for most of that day. 20 minutes, I kid you not.. that's all it took for this thing to start flinging spam like it was candy to kids on halloween. Any theories on that one? Or do I just have lousey luck? The most likely cause is a virus on the server or on one of the computers connected to the server network. It only takes clicking on one virus laden email to destroy an entire network. Link to comment Share on other sites More sharing options...
JBradford Posted November 3, 2005 Author Share Posted November 3, 2005 The key is how are you rejecting this messages and where are these reject notices being sent? If they are going back to the "reply to" address then you are in trouble. Those addresses are almost always forgered when dealing with spam. If you are returning the to the IP address you received them from then you are OK. There seems to be nothing in the Visnetic Mailserver program to allow me to determine whether the reject notices go to the address or the IP. I cant find any answers online at the Visnetic site (deerfield.com), nor do I get any answers from my forum requests for assistance there. I've shut the server down for the evening.. gonna have a few ticked off people callin me tommorrow morning.. early.. so I've unplugged the phones And I still have no clue if I am interpreting the log file correctly or not.. since that's really the only 'instant' information I can get out of my server as to what's going on, I'm hoping someone can explain to me why 'we do not relay' is a bad thing. Link to comment Share on other sites More sharing options...
Wazoo Posted November 3, 2005 Share Posted November 3, 2005 http://www.spamcop.net/w3m?action=checkblock&ip=71.142.25.66 71.142.25.66 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) DNS error: 71.142.25.66 has no reverse dns Because of the above problems, express-delisting is not available Listing History System has been listed for less than 24 hours. http://www.senderbase.org/?searchBy=ipaddr...ng=71.142.25.66 Date of first message seen from this address 2005-10-23 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 5.0 .. 5081% Last 30 days .. 4.3 ... 766% Average ....... 3.3 Real-time blacklists list.dsbl.org Boycotted - http://dsbl.org/listing?71.142.25.66 bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=71.142.25.66 http://www.visneticmailserver.com/ includes the 'bad' listing of Challenge Response Setup Guide http://www.deerfield.com/products/visnetic-mailserver/ states The current version of VisNetic MailServer is 8.0.3.1. with Version 8.3 Coming Soon If you shut the server down, that SenderBase must have been a lot higher a few hours ago? Datapoint set now for a future comparison. That they only offered up the docs in Word or PDF format didn't open the door far enough for me to get all that involved, but that all these docs were for a version over three revisions higher than what you said was in use, figured that they probably weren't all that applicable anyway. You're focusing on the "open relay" scenario, which though it may be true, there are lots of other ways spew could be getting out. I don't see that you answered at least one query about firewall traffic .. which would hopefully address traffic not actually using your e-mail soerver/software, thus it wouldn't show up in those logs. 3 Nov 2005 0921 -6 GMT 71.142.25.66 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 5.0 .. 4907% Last 30 days .. 4.3 ... 766% Average ........ 3.3 3 Nov 2005 1324 -6 GMT 71.142.25.66 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 21 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week SpamCop users have reported system as a source of spam about 10 times in the past week Apparently, reports are still coming in ... Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 5.0 .. 4872% Last 30 days .. 4.3 ... 766% Average ........ 3.3 Not going down very quickly. And another BL has been added; Real-time blacklists list.dsbl.org Boycotted - http://dsbl.org/listing?71.142.25.66 bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=71.142.25.66 cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=71.142.25.66 4 Nov 2005 1006 -6 GMT If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 5.0 .. 3711% Last 30 days .. 4.3 ... 766% Average ........ 3.4 4 Niv 2005 1930 -6GMT If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.9 .. 3346% Last 30 days .. 4.3 ... 766% Average ........ 3.4 6 Nov 20015 0818 -6GMT If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.9 .. 2773% Last 30 days .. 4.4 ... 762% Average ........ 3.4 10 Nov 2005 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ....... 4.8 .. 1771% Last 30 days . 4.5 ... 772% Average ....... 3.5 Appears that someone needs to be hired to come in and clean up this mess. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 3, 2005 Share Posted November 3, 2005 So.. if being on a blocked list keeps those mails from being sent.. thus they get held up in our outgoing list.. and we are still on those blocked list but the messages never make it to the queue.. Why does that NOT tell me that the messages are not going through our server any more? It tells you that messages are not being sent "legitimately" through your server any longer. It does not tell you there is not a virus or similar at work sending messages using it's own SMTP engine. Also, the same applies to other machines on your network if they are all sitting behind a shared public IP address. Link to comment Share on other sites More sharing options...
Merlyn Posted November 3, 2005 Share Posted November 3, 2005 Hope this helps I would guess the server has been trojanned, this one was not a bounce ------------------------------------------------------------------- http://www.spamcop.net/sc?id=z822992761ze5...e6a1bdf1ed94eaz Edit: 2005/11/03 22:25 EST -0500 Jeff G. converted the spam to a Tracking URL - Merlyn has been here long enough to know better. Link to comment Share on other sites More sharing options...
Merlyn Posted November 5, 2005 Share Posted November 5, 2005 Hope this helps Edit: 2005/11/03 22:25 EST -0500 Jeff G. converted the spam to a Tracking URL - Merlyn has been here long enough to know better. 35451[/snapback] My Bad! You are absolutely right! Thank you my friend :-) Looks like this machine is still spewing garbage to the world! This is not a responsible way to run a server 71.142.25.66 Now Showing at all the local theaters: ----------------------------------------------------------- CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=71.142.25.66 -------------------------------------------------------------------------------- SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?71.142.25.66 -------------------------------------------------------------------------------- DSBLLIST Distributed Sender Boycott List: single-stage relays tested by trusted users: list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?71.142.25.66 -------------------------------------------------------------------------------- DSBLUNCONFIRMED Distributed Sender Boycott List: single-stage relays, multihop relays and listings by anonymous users: unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?71.142.25.66 -------------------------------------------------------------------------------- PSBL Passive spam Block List: psbl.surriel.com -> 127.0.0.2 Listed in PSBL, see http://psbl.surriel.com/listing?ip=71.142.25.66 -------------------------------------------------------------------------------- CSMA McFadden Associates, IPs of mailservers that send spam twice in a short timefram: bl.csma.biz -> 127.0.0.2 http://bl.csma.biz/cgi-bin/listing.cgi?ip=71.142.25.66 -------------------------------------------------------------------------------- CSMA-SBL McFadden Associates, IPs of mailservers that send spam once in a short timefram: sbl.csma.biz -> 127.0.0.2 http://bl.csma.biz/cgi-bin/listing.cgi?ip=71.142.25.66 -------------------------------------------------------------------------------- UCEPROTECTL1 UCEPROTECT®-Network Project - Level 1: dnsbl-1.uceprotect.net -> 127.0.0.2 Sorry, IP 71.142.25.66 is blacklisted at Level 1 by UCEPROTECT-Network see http://www.uceprotect.net -------------------------------------------------------------------------------- DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?71.142.25.66 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=71.142.25.66 -------------------------------------------------------------------------------- DNSBLAUDSBL Distributed Server Boycott List: dsbl.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?71.142.25.66 -------------------------------------------------------------------------------- DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2 PLEASE SEE http://www.uceprotect.net/ -------------------------------------------------------------------------------- DNSBLAUPROBES Servers currently probing other networks: probes.dnsbl.net.au -> 127.0.0.2 71.142.25.66 see http://www.dnsbl.net.au/probes/ Link to comment Share on other sites More sharing options...
Derek T Posted November 6, 2005 Share Posted November 6, 2005 Looks like this machine is still spewing garbage to the world! This is not a responsible way to run a server And 3 days since we last heard from him, still spewing spam, picking up more block-list entries, and the OP is nowhere to be seen! His upstream provider should have pulled the plug by now, but then it is sbcglobal Link to comment Share on other sites More sharing options...
Wazoo Posted November 10, 2005 Share Posted November 10, 2005 Per my updated post #8, yes, it appears that outside help must be needed to clear up this spew source. One would think that a week would be sufficient for something to happen, yet .... Link to comment Share on other sites More sharing options...
Jeff G. Posted November 10, 2005 Share Posted November 10, 2005 See also http://groups.google.com/group/news.admin....gc9tVndW1oxL0g5 per http://groups.google.com/group/news.admin....Ui79PuQuJVTQtwQ. Link to comment Share on other sites More sharing options...
Derek T Posted November 11, 2005 Share Posted November 11, 2005 As of 1820 GMT 11/11/05: Blacklist Name Status Reason TTL Response Time (ms) CBL Listed LISTED Blocked - see Detail Return codes were: 127.0.0.2 3595 31 CSMA Listed LISTED Detail Return codes were: 127.0.0.2 295 31 CSMA-SBL Listed LISTED Detail Return codes were: 127.0.0.2 295 16 DNSBLNETAUT1 Listed LISTED Detail Return codes were: 127.0.0.2 2043 16 DSBL Listed LISTED Detail Return codes were: 127.0.0.2 2043 16 DSBLALL Listed LISTED Detail Return codes were: 127.0.0.2 2043 31 LASHBACK Listed LISTED Sender has sent to LashBack Unsubscribe Probe accounts Return codes were: 127.0.0.2 3595 16 PSBL Listed LISTED Listed in PSBL, see Detail Return codes were: 127.0.0.2 2095 16 SBL-XBL Listed LISTED Detail Return codes were: 127.0.0.4 3595 16 SORBS-BLOCK Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 16 SORBS-DUHL Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 31 SORBS-HTTP Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 16 SORBS-MISC Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 31 SORBS-SMTP Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 47 SORBS-SOCKS Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 47 SORBS-spam Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 47 SORBS-WEB Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3596 31 SORBS-ZOMBIE Listed LISTED spam Received See: Detail Return codes were: 127.0.0.6 3595 31 SPAMCOP Listed LISTED Blocked - see Detail Return codes were: 127.0.0.2 2095 16 Spamhaus-XBL Listed LISTED Detail Return codes were: 127.0.0.4 3594 16 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.