Wazoo Posted December 9, 2005 Share Posted December 9, 2005 Brought here from a PM Hello, We've been blocked for some time now and we can't figure out why, we get no alerts, reports or any indication, only from oru clients that we're being blocked. In the FAQ's, it states to turn off auto-responders and bounce, we can't do either of these as we are a shared hosting company. we also have a zero tolerance for spam and have been regular users of SpamCop for several years. We need to get to the bottom of this and get off of the list. Please advise as to the best and quickest way to accomplish this. Thanx! PM responded to with a pointer to "here" ... Link to comment Share on other sites More sharing options...
Wazoo Posted December 9, 2005 Author Share Posted December 9, 2005 ns2.chicagowebs.com reports the following MX records: Preference Host Name IP Address TTL 10 mail4.chicagowebs.com 64.37.122.4 3600 50 mail.chicagowebs.com 64.37.122.2 3600 100 mail2.chicagowebs.com 64.37.122.8 3600 500 mail3.chicagowebs.com 64.37.122.199 3600 64.37.122.4 not listed in bl.spamcop.net 64.37.122.8 not listed in bl.spamcop.net 64.37.122.199 not listed in bl.spamcop.net http://www.spamcop.net/w3m?action=checkblock&ip=64.37.122.2 64.37.122.2 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) http://www.senderbase.org/?searchBy=ipaddr...ing=64.37.122.2 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 3.8 .. -59% Last 30 days .. 4.2 .... -8% Average ........ 4.2 Spamtraps do not generate reports. Asking for some specific "may" get some answers from deputies[at]admin.spamcop.net, but .... I don't recall much data available in the (various) SpamCop FAQs on the toolset I see advertised on your web-site, but in today's climate, auto-responders and returning "delayed" bounces just isn't the way to handle things these days. There are other FAQ entries available in the SpamCop FAQ found "here" and much dialog from others in this Forum section that deal with this spammer abuse of a once-trusted way of e-mail handling. Link to comment Share on other sites More sharing options...
Chiwebs Posted December 9, 2005 Share Posted December 9, 2005 Brought here from a PM PM responded to with a pointer to "here" ... 37481[/snapback] Thanx for the info. We're huge fans of SpamCop, and have been for years, even use thee RBL in our filtering in house with 7 mail servers. We're a shared hosting company so we'll occasionally get the noob who wants to abuse the system and they're soon removed from our network. We have a zero tolerance for spam, but Imail doesn't have a lot of tools nor does it do a "real" good job with filtering. We really can't disable auto-responders, and we pretty much have to enable "bounce" Does anyone have any suggestions on how to configure the system so we're not blocked again? I'm certainly all ears here as when we get listed, it's a HUGE inconvenience to thousands of clients. Thanx again! CW Link to comment Share on other sites More sharing options...
Merlyn Posted December 9, 2005 Share Posted December 9, 2005 We really can't disable auto-responders, and we pretty much have to enable "bounce"Â 37488[/snapback] First of all for an unknown user IMail's SMTP service responds with a 550 unknown user error and does not accept the message unless you have it configured diferently. There is no need to bounce messages to the "From" address for any mail system. Link to comment Share on other sites More sharing options...
turetzsr Posted December 9, 2005 Share Posted December 9, 2005 <snip> We really can't disable auto-responders, and we pretty much have to enable "bounce" <snip> 37488[/snapback] ...Can you explain a bit more? My initial reaction to this was to reply with a rude retort but first I thought I'd give you a chance to explain. <g> Thanks. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 9, 2005 Share Posted December 9, 2005 We really can't disable auto-responders, and we pretty much have to enable "bounce"Â Does anyone have any suggestions on how to configure the system so we're not blocked again? I'm certainly all ears here as when we get listed, it's a HUGE inconvenience to thousands of clients. 37488[/snapback] Those two statements are mutually exclusive. If you do not turn off auto-responders, it is likely your system will continue to send messages to innocent email addresses forged as the sender of those messages (spam and viruses), including spam trap addresses. However, a quick test of the mailserver we think is on the list seems to show you are NOT bouncing messages for fake addresses, instead using the better "error code rejection". 220 mail.chicagowebs.com (IMail 8.15 639151-15) NT-ESMTP Server X1 250 hello mail.chicagowebs.com 250 ok 550 not local host chicagowebs.com, not a gateway 221 Goodbye Link to comment Share on other sites More sharing options...
Chiwebs Posted December 9, 2005 Share Posted December 9, 2005 If you do not turn off auto-responders, it is likely your system will continue to send messages to innocent email addresses forged as the sender of those messages (spam and viruses), including spam trap addresses. So then we will need to disable the auto-responders for all accounts? What other steps can be taken to ensure our mail servers don't end up on the blacklist again? Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 9, 2005 Share Posted December 9, 2005 As people have suggested, auto-responders and after acceptance bounces mean that you will be listed. The reason is that both go to the forged return-path and to innocent recipients - who are sometimes overwhelmed by the after acceptance replies to the forged From or return path. There is another topic discussing possible strategies for getting your clients to accept no auto-responders and no 'bounces' - I don't know if it applies to your situation or not. Post #10 But since you seem willing to shut them down, maybe you won't have to go to those lengths. Server admins here may have some other suggestions about how to avoid blocklists in your situation. Glad that you are working hard to be 'part of the solution'! Miss Betsy Link to comment Share on other sites More sharing options...
Merlyn Posted December 9, 2005 Share Posted December 9, 2005 So then we will need to disable the auto-responders for all accounts? What other steps can be taken to ensure our mail servers don't end up on the blacklist again? 37516[/snapback] Yes, and not for that reason alone but in todays spam filled internet it will stop you from abusing the internet also. People who never sent you anything surely do not want to receive junk from you that you pass on because their address was forged in the "From". Many spammers use autoresponders to send their crap. HTH HAND. Link to comment Share on other sites More sharing options...
Cyberglobe Posted December 12, 2005 Share Posted December 12, 2005 Yes, and not for that reason alone but in todays spam filled internet it will stop you from abusing the internet also. People who never sent you anything surely do not want to receive junk from you that you pass on because their address was forged in the "From". Many spammers use autoresponders to send their crap. HTH HAND. 37523[/snapback] They may be using forged addresses, however, maintaining a well functional Friend's system makes the reduction of junk mail 100% reduced. However, Spamcop is not this solution... SPF is. Therefore, to fix that problem, SPF should be more widely used. Link to comment Share on other sites More sharing options...
dra007 Posted December 12, 2005 Share Posted December 12, 2005 Spamcop is certainly the best solution for those of us who use spamcop to filter junkmail. Its use was never intended and is not recommended as a block but merely a means to tag and filter spam. Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 12, 2005 Share Posted December 12, 2005 I don't know what you mean by 'functional Friends' system' If that means whitelisting, my vote is against it. IMHO, the receiver of email should have to do nothing to sort spam and any messages that the server admin filters for him should be returned at the server level to the sender to deal with. The only whitelisting I would permit is for bulk email when all bulk email is blocked except for what has been whitelisted. Miss Betsy Link to comment Share on other sites More sharing options...
turetzsr Posted December 12, 2005 Share Posted December 12, 2005 Spamcop is certainly the best solution for those of us who use spamcop to filter junkmail.37620[/snapback] ...And also for those responsible server admins whose network is, unbeknownst to them, being used to send spam.Its use was never intended and is not recommended as a block but merely a means to tag and filter spam.37620[/snapback] ...Which is not to say that only tagging and filtering is a valid approach. Were I an e-mail admin I might (assuming my agreements with my customers permitted) want to not have to deal with the spam at all. Were I a paying subscriber to an ISP or MSP (e-mail service provider), I would want the admins of my system to block suspected spam rather than having to pay for its storage and having to deal with a "suspected spam" folder. Link to comment Share on other sites More sharing options...
Chiwebs Posted December 12, 2005 Share Posted December 12, 2005 It appears that our mail server was listed again today. Is anyone familiar with IMail and if there's a way to disable auto-responders? Also, can anyone suggest other options or products to help keep these servers off the blacklists? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 12, 2005 Share Posted December 12, 2005 It appears that our mail server was listed again today. Is anyone familiar with IMail and if there's a way to disable auto-responders? Also, can anyone suggest other options or products to help keep these servers off the blacklists? 37673[/snapback] This time it appears to be: http://mailsc.spamcop.net/w3m?action=blche...p=64.37.122.199 And again: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) The good news: If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 3 hours. Is IMail a list-serv server? I notice one of the reports against the .2 address is:Submitted: Thursday, September 15, 2005 4:00:25 AM -0400: Illegal IMail List Server Command! If so, you may not be able to disable the auto-responder for the list serv. I almost hate to suggest this (rater having you fix the problem) but you may want to have that server output on only one IP address with normal traffic using the other addresses? Link to comment Share on other sites More sharing options...
agsteele Posted December 13, 2005 Share Posted December 13, 2005 Is IMail a list-serv server? I notice one of the reports against the .2 address is:Submitted: Thursday, September 15, 2005 4:00:25 AM -0400: Illegal IMail List Server Command! 37674[/snapback] Imail has a list-server within its functions as well as the standard POP/SMTP/IMAIL functions. We ran Imail for awhile and I remember that we managed to disable bounces and auto-responses but as I don't have access to Imail any longer and I can't remember which combination of settings we used. I do recall that Ipswitch were exceedingly helpful in supporting us when we had issues and their online knowledge base was pretty good too. Chiwebs may want to pop on over to http://www.Ipswitch.com Andrew Link to comment Share on other sites More sharing options...
Jeff G. Posted December 13, 2005 Share Posted December 13, 2005 I do recall that Ipswitch were exceedingly helpful in supporting us when we had issues and their online knowledge base was pretty good too. Chiwebs may want to pop on over to http://www.Ipswitch.com37752[/snapback] Please note, however, that Ipswitch's own email advertising machinery has ignored years of bounces. Link to comment Share on other sites More sharing options...
Chiwebs Posted January 30, 2006 Share Posted January 30, 2006 Hey guys, One of our servers is listed again, and it's really becoming a PITA... We're a legit company, we use Imail 8.x and we're being reported because of bounces and/or mail sent to spamtraps. Now, my question, how can we secure Imail to not send bounces or turn off auto-responders? We can't find it and Ipswitch is absolutely useless and no responses via their forums, etc. We have a couple hundred thousand users and switching mail server software is just not an option for us, not right now anyway. I need a way to secure this so we can stay off the SCBL... Thanx in advance for your help CW Sorry, the mail server in question is: 64.37.122.199 ( mail3.chicagowebs.com ) Moderator Edit: Merged this "new" Topic into the existing one ...same subject, same issues .... Link to comment Share on other sites More sharing options...
Telarin Posted January 30, 2006 Share Posted January 30, 2006 ipswitch has a pretty good user forum accessible from the "Support" option on their website (www.ipswitch.com). You might try posting a request there and see if anyone else has figured out how to bounce during SMTP instead of sending misdirected NDRs. Link to comment Share on other sites More sharing options...
agsteele Posted January 30, 2006 Share Posted January 30, 2006 Now, my question, how can we secure Imail to not send bounces or turn off auto-responders? We can't find it and Ipswitch is absolutely useless and no responses via their forums, etc.39837[/snapback] My response isn't going to be very practical other than to say that when we ran Imail for our Email servers I'm sure that we did manage to turn off bounce messages. Sadly, we no longer use Imail so don't have access to the server to check the settings and share them with you. But I encourage you to keep on searching for the answer to your questions. Someone must know what to do I do recall that Imail offers the option of creating vacation messages by each user and this can cause the listings that you refer to. I seem to recall that vacation messages are always enabled if you allow web messaging. So you cannot prevent vacation messages if you give your users access to web messaging. So anyone receiving spam from forged Email addresses will bounce back a vacation message (if using the option) and thus risk getting your IP re-listed. You can enable a range of DNSbls in Imail and we found this to be effective in stopping the forged messages from getting into the system in the first place. Checking an old manual I've found I see that there is a bounce messages option in the Domain Administration section of Imail relating to sub-mailboxes. Worth switching that off I guess. We also refused messages which arrived with a null sender and that seemed to reduce the messages arriving. I see that the online manual offers a few entries that might be pertinent. I searched for 'bounce' at: http://www.ipswitch.com/support/imail/guid...r_wh/iadmin.htm Andrew Link to comment Share on other sites More sharing options...
Merlyn Posted January 30, 2006 Share Posted January 30, 2006 It could be just clueless users being hosted there. Yes I know it's old but it is a good example: Submitted: Wednesday, January 04, 2006 9:36:20 PM -0500: Thank you for contacting <x>. You have reached an email address that... This is not an IMail message that was reported, it was an autoreply from <x> who's mail is on that same server. They accepted the mail and auto replied to the invalid "From" address. I believe the complete subject was: Thank you for contacting <x>. You have reached an email address that is no longer active. Link to comment Share on other sites More sharing options...
Chiwebs Posted January 30, 2006 Share Posted January 30, 2006 It could be just clueless users being hosted there. Yes I know it's old but it is a good example: Submitted: Wednesday, January 04, 2006 9:36:20 PM -0500: Thank you for contacting <x> You have reached an email address that... This is not an IMail message that was reported, it was an autoreply from SitesDynamic who's mail is on that same server. They accepted the mail and auto replied to the invalid "From" address. I believe the complete subject was: Thank you for contacting <x>. You have reached an email address that is no longer active. 39843[/snapback] Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option. CW Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 30, 2006 Share Posted January 30, 2006 Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option. CW 39845[/snapback] How would a warning and explanation to your users about the dangers of using Out of Office replies in this age of spam? Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2006 Share Posted January 30, 2006 We also refused messages which arrived with a null sender and that seemed to reduce the messages arriving.39842[/snapback] Please don't do that. Those messages don't cause misdirected bounces, most of them probably ARE bounces. Domains whose mailservers refuse those messages in violation of RFCs 821, 2821, 2505, and 1123 are subject to listing by dsn.rfc-ignorant.org - see Listing policy for dsn.rfc-ignorant.org zone for details. Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 30, 2006 Share Posted January 30, 2006 Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option. CW 39845[/snapback] You could insist that users use a 'whitelist' for OOO messages. That helped someone I think. If you handle your PR correctly, by telling your users that the OOO messages are sending spam to innocent people, you might be able to get them to actually do it. I don't know whether this is a good idea or not - I can't remember - but filtering for spam on /outgoing/ messages could also reduce OOOs responding to spam. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.