cmacdona Posted March 13, 2006 Share Posted March 13, 2006 Hi. I am really stuck here. I have been trying to find out why my ip address/es have been blocked. I have been searching for the last nine hours so at least I can say that I have tried before asking. From what I understand I should of received (or the postmaster ) a message from the person who filed the complaint??? See the below text from a SPAMCOP webpage How do I get in touch with the person who filed the complaint? Just reply to it. At one time, SpamCop would anonymize spam reports, but that has changed. All reports that pass through this server have verified, valid return addresses. Of course, I can't make the person read or respond, but your mail should not bounce. I do not have a message to reply to to help me determine what the cause was. When my users try to send to certain domains they receive the following Sent <<< RCPT TO:abc[at]emailaddress.com Received >>> 554 service unavailable; [203.0.37.147] blocked using bl.spamcop.net, reason: blocked - see http://www.spamcop.net/bl.shtml?203.0.37.147 Is there anything else I can do to find out what address is causing this. Please don't paste: is using auto-responses that are replying to spam with forged spamtrap email addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'bounces' created after accepting the email); has a computer with a virus that sends spam without the owner's knowledge; has a computer that has been compromised and spammers are remotely controlling it to transmit their spew; is sending unsolicited emails and your internet service provider is allowing it; or because, as in all systems, there may have been a mistake. (very rare) I have check for these and can we block any out of offices/read receipts etcs Thanks in advance Link to comment Share on other sites More sharing options...
petzl Posted March 13, 2006 Share Posted March 13, 2006 I have check for these and can we block any out of offices/read receipts etcs Thanks in advance 41302[/snapback] Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) You or that IP [203.0.37.147] is/are bouncing email http://www.spamcop.net/fom-serve/cache/329.html#bounceexplain A spamtrap address has around 17 random keyboard characters meaning it is above bank 128 bit security to crack or guess. These email addresses are gathered by spam spiders from newgroups and websites, often from Zombie/trojan infected computers, that unknowingly gather email addresses for their spamming masters. (from incoming email and websites visited) So aside from spamtraps you are Joe Jobbing a lot of annoyed people STOP IT Link to comment Share on other sites More sharing options...
Derek T Posted March 13, 2006 Share Posted March 13, 2006 I am really stuck here. I have been trying to find out why my ip address/es have been blocked. I have been searching for the last nine hours so at least I can say that I have tried before asking. From what I understand I should of received (or the postmaster ) a message from the person who filed the complaint??? See the below text from a SPAMCOP webpage 41302[/snapback] Hello, welcome, and thanks for reading the FAQ! many don't. In your case NO human being filed any complaint. You are listed for SpamTrap hits only. No reports are sent as a result of spamtrap hits because the addresses are secret and have never sent or requested mail. The most common reasons for this are (i) post-facto 'bounces' to the (forged) return envelopes of undeliverable mail and (ii) out-of-office auto-replies. These are both potentially abusive and should be disabled. If you email deputies[at]spamcop.net they may be able to give you more info about the type of backscatter that is hitting the spamtraps. Edit: If you wish to receive abuse reports in the event of future human complaints it would be a very good idea to register an abuse address with abuse.net. Presently no abuse record exists for your system. Link to comment Share on other sites More sharing options...
agsteele Posted March 13, 2006 Share Posted March 13, 2006 How do I get in touch with the person who filed the complaint? [snip] ...can we block any out of offices/read receipts etcs 41302[/snapback] You should have come across the following information if you had followed the link provided in the Email rejection message: 203.0.37.147 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Because the messages cauing you to be listed have gone to spam traps you can only obtain further information be contacting deputies[at]spamcop.net However, there are broadly four reasons why this situation may arise. 1. You have a compromised PC which is spewing out junk unbeknown to yourself 2. You are bouncing undeliverable messages back to the sender or replying with out-of-office auto-responses. Since most spam comes from forged addresses this can get you listed (but is normally identified by the SpamCop parser and this is not the case here) 3. You are actually sending unsolcited Emails and being reported 4. You share your outgoing mail server with someone affected by 1 - 3 above and you are suffering colateral damage. The deputies should be able to assist you in identifying the most likely cause since they can view the relevant messages. Andrew [Edit] As so often the case. Others came along at the same time with similar explanations. Sorry for the duplication here... Link to comment Share on other sites More sharing options...
Jeff G. Posted March 14, 2006 Share Posted March 14, 2006 Parsing input: 203.0.37.147 host 203.0.37.147 = aunssyd01im0001.hhgroup.com.au (cached)... Routing details for 203.0.37.147... Cached whois for 203.0.37.147 : its-ap-dnsadmins[at]hudson.com Using abuse net on its-ap-dnsadmins[at]hudson.com No abuse net record for hudson.com Using default postmaster contacts postmaster[at]hudson.com While talking to hhmail1.hhgroup.com:RCPT TO:<abuse[at]hudson.com> 550 5.1.1 <abuse[at]hudson.com>... User unknown RCPT TO:<its-ap-dnsadmins[at]hudson.com> 550 5.1.1 <its-ap-dnsadmins[at]hudson.com>... User unknown Link to comment Share on other sites More sharing options...
cmacdona Posted March 14, 2006 Author Share Posted March 14, 2006 While talking to hhmail1.hhgroup.com: 41323[/snapback] Sorry JeffG, abuse[at]hudson.com has been setup but the changes hadn't replicated to out gateway yet.. Should be good soon. Link to comment Share on other sites More sharing options...
Jeff G. Posted March 14, 2006 Share Posted March 14, 2006 Sorry JeffG, abuse[at]hudson.com has been setup but the changes hadn't replicated to out gateway yet.. Should be good soon.41328[/snapback] Thanks, what about its-ap-dnsadmins[at]hudson.com?03/13/06 23:20:16 whois 203.0.37.147[at]whois.apnic.net whois -h whois.apnic.net 203.0.37.147 ... % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: 203.0.37.0 - 203.0.37.255 netname: Hudson-au descr: Hudson Global Resources descr: L19, 45 Clarence Street descr: Sydney descr: NSW 2000 country: AU admin-c: MM629-AP tech-c: MM629-AP mnt-by: APNIC-HM status: ASSIGNED PORTABLE changed: hm-changed[at]apnic.net 20040906 changed: hm-changed[at]apnic.net 20041214 changed: hm-changed[at]apnic.net 20060116 source: APNIC person: Mike Mallos address: L19 45 Clarence St address: Sydney NSW 2000 country: AU phone: +61 2 8233 2233 fax-no: +61 2 8233 4906 e-mail: its-ap-dnsadmins[at]hudson.com nic-hdl: MM629-AP mnt-by: MAINT-NEW changed: hm-changed[at]apnic.net 20060116 source: APNIC Link to comment Share on other sites More sharing options...
cmacdona Posted March 14, 2006 Author Share Posted March 14, 2006 Thanks, what about its-ap-dnsadmins[at]hudson.com? 41332[/snapback] Thanks Jeff Just moving that smtp address to my account as well. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.