Jump to content

Being blocked no notification message to trace


cmacdona
 Share

Recommended Posts

Hi.

I am really stuck here. I have been trying to find out why my ip address/es have been blocked. I have been searching for the last nine hours so at least I can say that I have tried before asking.

From what I understand I should of received (or the postmaster ) a message from the person who filed the complaint??? See the below text from a SPAMCOP webpage

How do I get in touch with the person who filed the complaint?

Just reply to it. At one time, SpamCop would anonymize spam reports, but that has changed. All reports that pass through this server have verified, valid return addresses. Of course, I can't make the person read or respond, but your mail should not bounce.

I do not have a message to reply to to help me determine what the cause was.

When my users try to send to certain domains they receive the following

Sent <<< RCPT TO:abc[at]emailaddress.com

Received >>> 554 service unavailable; [203.0.37.147] blocked using bl.spamcop.net, reason: blocked - see http://www.spamcop.net/bl.shtml?203.0.37.147

Is there anything else I can do to find out what address is causing this.

Please don't paste:

is using auto-responses that are replying to spam with forged spamtrap email

addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'bounces' created after accepting the email);

has a computer with a virus that sends spam without the owner's knowledge;

has a computer that has been compromised and spammers are remotely controlling it to transmit their spew;

is sending unsolicited emails and your internet service provider is allowing it;

or because, as in all systems, there may have been a mistake. (very rare)

I have check for these and can we block any out of offices/read receipts etcs

Thanks in advance

Link to comment
Share on other sites

I have check for these and can we block any out of offices/read receipts etcs

Thanks in advance

41302[/snapback]

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

You or that IP [203.0.37.147] is/are bouncing email

http://www.spamcop.net/fom-serve/cache/329.html#bounceexplain

A spamtrap address has around 17 random keyboard characters meaning it is above bank 128 bit security to crack or guess. These email addresses are gathered by spam spiders from newgroups and websites, often from Zombie/trojan infected computers, that unknowingly gather email addresses for their spamming masters. (from incoming email and websites visited)

So aside from spamtraps you are Joe Jobbing a lot of annoyed people STOP IT

Edited by petzl
Link to comment
Share on other sites

I am really stuck here. I have been trying to find out why my ip address/es have been blocked. I have been searching for the last nine hours so at least I can say that I have tried before asking. 

From what I understand I should of received (or the postmaster ) a message from the person who filed the complaint??? See the below text from a SPAMCOP webpage

41302[/snapback]

Hello, welcome, and thanks for reading the FAQ! many don't. :)

In your case NO human being filed any complaint. You are listed for SpamTrap hits only. No reports are sent as a result of spamtrap hits because the addresses are secret and have never sent or requested mail.

The most common reasons for this are (i) post-facto 'bounces' to the (forged) return envelopes of undeliverable mail and (ii) out-of-office auto-replies. These are both potentially abusive and should be disabled.

If you email deputies[at]spamcop.net they may be able to give you more info about the type of backscatter that is hitting the spamtraps.

Edit: If you wish to receive abuse reports in the event of future human complaints it would be a very good idea to register an abuse address with abuse.net. Presently no abuse record exists for your system.

Link to comment
Share on other sites

How do I get in touch with the person who filed the complaint?

[snip]

...can we block any out of offices/read receipts etcs

41302[/snapback]

You should have come across the following information if you had followed the link provided in the Email rejection message:

203.0.37.147 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Because the messages cauing you to be listed have gone to spam traps you can only obtain further information be contacting deputies[at]spamcop.net

However, there are broadly four reasons why this situation may arise.

1. You have a compromised PC which is spewing out junk unbeknown to yourself

2. You are bouncing undeliverable messages back to the sender or replying with out-of-office auto-responses. Since most spam comes from forged addresses this can get you listed (but is normally identified by the SpamCop parser and this is not the case here)

3. You are actually sending unsolcited Emails and being reported

4. You share your outgoing mail server with someone affected by 1 - 3 above and you are suffering colateral damage.

The deputies should be able to assist you in identifying the most likely cause since they can view the relevant messages.

Andrew

[Edit] As so often the case. Others came along at the same time with similar explanations. Sorry for the duplication here...

Edited by agsteele
Link to comment
Share on other sites

Parsing input: 203.0.37.147

host 203.0.37.147 = aunssyd01im0001.hhgroup.com.au (cached)...

Routing details for 203.0.37.147...

Cached whois for 203.0.37.147 : its-ap-dnsadmins[at]hudson.com

Using abuse net on its-ap-dnsadmins[at]hudson.com

No abuse net record for hudson.com

Using default postmaster contacts postmaster[at]hudson.com

While talking to hhmail1.hhgroup.com:
RCPT TO:<abuse[at]hudson.com>

550 5.1.1 <abuse[at]hudson.com>... User unknown

RCPT TO:<its-ap-dnsadmins[at]hudson.com>

550 5.1.1 <its-ap-dnsadmins[at]hudson.com>... User unknown

Link to comment
Share on other sites

Sorry JeffG, abuse[at]hudson.com has been setup but the changes hadn't replicated to out gateway yet.. Should be good soon.

41328[/snapback]

Thanks, what about its-ap-dnsadmins[at]hudson.com?
03/13/06 23:20:16 whois 203.0.37.147[at]whois.apnic.net

whois -h whois.apnic.net 203.0.37.147 ...

% [whois.apnic.net node-1]

% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      203.0.37.0 - 203.0.37.255

netname:      Hudson-au

descr:        Hudson Global Resources

descr:        L19, 45 Clarence Street

descr:        Sydney

descr:        NSW 2000

country:      AU

admin-c:      MM629-AP

tech-c:      MM629-AP

mnt-by:      APNIC-HM

status:      ASSIGNED PORTABLE

changed:      hm-changed[at]apnic.net 20040906

changed:      hm-changed[at]apnic.net 20041214

changed:      hm-changed[at]apnic.net 20060116

source:      APNIC

person:      Mike Mallos

address:      L19 45 Clarence St

address:      Sydney NSW 2000

country:      AU

phone:        +61 2 8233 2233

fax-no:      +61 2 8233 4906

e-mail:      its-ap-dnsadmins[at]hudson.com

nic-hdl:      MM629-AP

mnt-by:      MAINT-NEW

changed:      hm-changed[at]apnic.net 20060116

source:      APNIC

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...