Jump to content

Discrimination of Russian domain group?!!!


BRACK

Recommended Posts

All Russian group domains "*.ru" were bloked for sending emails from South African ISP "saix.net" I CAN receive emails from Russian domains but I CANNOT send anything using my Russian email address in "From" field. Below is the respond of telnet for the smtp.saix.net:

> 220 ctb-mesg2.saix.net ESMTP Postfix

> HELO ywammuizenberg.org

> 250 ctb-mesg2.saix.net

> MAIL FROM: <mamaafrica[at]mail.ru>

> 250 Ok

> RCPT TO: <www[at]body-builders.org>

> 554 <info[at]mail.ru>: Sender address rejected: UCE Bulk Mail SpamCop

> Ref:S01

From this I conclude that SpamCop is involved.

I also tried to simulate sending from domain yandex.ru and chat.ru with the same respond from SpamCop :angry:

Here is rspond of Outlook Express when I try to send email from domain .ru :

> "The message could not be send because one of the recipients was

> rejected by the server. The rejected e-mail address was

> 'support[at]telkomsa.net'. Subject 'test', Account: 'body-builders',

> Server 'smtp.saix.net', Protocol: SMTP, Server Response: '554

> mamaafrica[at]mail.ru: Sender address rejected: UCE Bulk Mail SpamCop

> Ref: S01', Port 25, Secure(SSL): No, Server Error 554, Error Number:

> 0x800CCC79"

Here is the reply of my ADSL provider on my complains:

Dear Yury

You where reported to spamcop that you are spamming for more information

please go to

http://www.spamcop.net/sc?id=z319565378z40...e9b06b086fab91z

http://www.spamcop.net/sc?id=z319544327z7a...af401a1c6d0579z

http://www.spamcop.net/sc?id=z319544266zd1...e64d88e710cfe5z

http://www.spamcop.net/sc?id=z319535019z36...7d836ee732c951z

http://www.spamcop.net/sc?id=z319524888zfb...cc61e02c222dffz

http://www.spamcop.net/sc?id=z319518590z0d...a091a6fbcbdb05z

Kind regards

Telkom Internet Support Desk

E Mail - support[at]telkomsa.net

Which means for me: "You will never get your emails working"

What to do to stop this discrimination? :(

Yury

Link to comment
Share on other sites

Did you go to any of those links and check the details?

Did you even attempt to read through http://forum.spamcop.net/forums/index.php?showtopic=35 ?

or maybe try another version at http://forum.spamcop.net/forums/index.php?showtopic=509

At least note that it is not a "domain" that's on the bad list, it's the IP of the server(s) involved. To get the specific IP removed from these types of lists, the spam must stop.

I see the phrase "602Pro LAN SUITE 2003" which says you are trying to run your own servers and apparently have turned on all the Proxies, but didn't bother to restrict access to your system. This particular bit of software has its own firewall, which you apparently haven't turned on. It has a mode to allow access by IP Address, which you apparently haven't set up. It has security modes to allow "user" access to only certains items, but you apparently haven't set that up.

So, in short, you've set up a wide open system that has been discovered and used by spammers. It's disturbing to see that your ADSL provider sent you those complaints but neglected to cut your net access, actually.

Link to comment
Share on other sites

At least note that it is not a "domain" that's on the bad list, it's the IP of the server(s) involved.

As i said - I RECEIVE all the emails from russia with no problems I have only problem to SEND from russian email address using local smtp server. Which IP should I look at - South African or Russian?

I see the phrase "602Pro LAN SUITE 2003" which says you are trying to run your own servers and apparently have turned on all the Proxies, but didn't bother to restrict access to your system.

I do run Mercury Mail with restriction for only local network relay "192.168.***" but for the tests I disabled all servers and just tried to send mail from router.

By the way, email addresses in the links are not familiar to me. Our emails are mamaafrica[at]mail.ru chobik[at]mail.ru yura_b[at]chat.ru neither of them is working.

I DON'T use and NEVER used "602Pro LAN SUITE 2003" I use Mercury mail, and LinkByte Comtune with it's firewall on HIGH security, as well as firewall of windows XP pro.

It's disturbing to see that your ADSL provider sent you those complaints but neglected to cut your net access, actually.

AGAIN NOONE from our organization has EVER send those emails, and I'm sure that our Mercury mail smtp server is loced for the outsiders as it has all bunch of relay rules setup. I didn't use "602Pro LAN SUITE 2003" and decision to block Russian IPs was made by mistake. What do I suppose to do now?

Yury

Link to comment
Share on other sites

AGAIN NOONE from our organization has EVER send those emails, and I'm sure that our Mercury mail smtp server is loced for the outsiders as it has all bunch of relay rules setup. I didn't use "602Pro LAN SUITE 2003" and decision to block Russian IPs was made by mistake. What do I suppose to do now?

Yury

You are probably correct "NOONE from your organization has EVER sent those emails" but every spammer in the world is using "your" services to send their spam. Thus, if the spam comes through your server then you are responsible.

Get some professional help in securing your server and the listing will automatically go away 48 hours after the last spam report.

Before you start getting upset just remember what brought you here. Your email was blocked, not by Spamcop but the ISP of the person you were sending your email to. Spamcop has no control over what they do with their servers.

I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes.

If you have any more questions please post them here, there are many people willing to assist. And remember most people in this group are here to help you and they did not block your email so do not take your wrath out on them.

Link to comment
Share on other sites

Which IP should I look at

the IP that your e-mail is being sent from. Use of Mercury could mean you are either trying to send it from "your IP" or you could be using your ISP's e-mail server, which would mean that IP is in question.

you signed your first post as E Mail - support[at]telkomsa.net

All the sample spams start with a locally-hosted 602 Lansuite source, picked up by (tbnb-110-184.telkomadsl.co.za [165.165.110.184]), which then had it's output picked up by ctb-mesg6.saix.net ([196.25.240.78]), then delivered on the system at mail.sosdg.org with esmtp (Exim 4.30)

http://www.spamcop.net/w3m?action=checkblo...p=196.25.240.78 points to "you" as passing all kinds of bad stuff and it's this IP that's being blocked by other ISPs .. not "ru" domains, not Russian IPs, it's this IP being blocked by others to stop the spew coming from this IP.

So if you aren't using 602 Lansuite, you have a user that is, or you have a pretty strange spammer that's tapping directly into your Mercury server ... again, you are not secure, that's the bottom line.

Link to comment
Share on other sites

> "The message could not be send because one of the recipients was

> rejected by the server. The rejected e-mail address was

> 'support[at]telkomsa.net'. Subject 'test', Account: 'body-builders',

> Server 'smtp.saix.net', Protocol: SMTP, Server Response: '554

> mamaafrica[at]mail.ru: Sender address rejected: UCE Bulk Mail SpamCop

> Ref: S01', Port 25, Secure(SSL): No, Server Error 554, Error Number:

> 0x800CCC79"

That looks like the key to me. Your own mail server is refusing to accept the mail from your mail client.

196.25.240.78 = ctb-mesg6.saix.net is NOT on our blocking list.

- Don -

Link to comment
Share on other sites

That's pretty strange, it was sure there and listed when I copied the link to point the original poster there ...

What are you talking about?

Well I just received the reply from SpamCop admin:

> > 554 <info[at]mail.ru>: Sender address rejected: UCE Bulk Mail SpamCop

It looks like those folks are maintaining their own blocking list and

blaming it on us.

Our focus is entirely on mail server IP addresses.  We do not list email

addresses or domains.  I can't find any servers related to you that are on

our list.

You can read about the list here:  http://www.spamcop.net/bl.shtml

- Don -

But my provider still say that it's all thing from SpamCop.net... I'm confused but still alive :blink:

You say:

Your own mail server is refusing to accept the mail from your mail client

with quting error that I get in my OE but this error appeares with ANY email in TO field if I have russian email in FROM field.

The important part is the second part of this error:

> Server 'smtp.saix.net', Protocol: SMTP, Server Response: '554

> mamaafrica[at]mail.ru: Sender address rejected: UCE Bulk Mail SpamCop

> Ref: S01', Port 25, Secure(SSL): No, Server Error 554, Error Number:

> 0x800CCC79"

Another thing:

So if you aren't using 602 Lansuite, you have a user that is, or you have a pretty strange spammer that's tapping directly into your Mercury server ... again, you are not secure, that's the bottom line.

I have only 11 PCs in my network and neither of them ever had 602 LANsuit.

I also just tried to telnet the smtp.saix.net and here is the result:

220 ctb-mesg2.saix.net ESMTP Postfix

HELO ywammuizenberg.org

250 ctb-mesg2.saix.net

MAIL FROM: <mamaafrica[at]mail.ru>

250 Ok

RCPT TO: <www[at]body-builders.org>

554 <mamaafrica[at]mail.ru>: Sender address rejected: UCE Bulk Mail SpamCop Ref:S01

Take a special look at the last line. What is a UCE Bulk Mail SpamCop Ref:S01 and how can I see what is behind that Ref:S01?

If my provider really just uses your name to cover their own misconfiguration shouldn't you write to them a "nice" message? They do not hesitate to point on you in this issue. They formally forwarded me to your site.

I never received any returned message from saix or SpamCop and I've got to know about problem with sending emails only when my emails stopped being sent. All message just stayed in OUTBOX of my OE.

you signed your first post as E Mail - support[at]telkomsa.net

What do you mean by that? I never signed myself with my ISP.

By the way - I have this problem already two weeks, it looks strange to me as I looked at all links that my ISP sent to me from your site and all of them are expired in February. In my understanding I shouldn't have any problems by now. My recent IP (it changes almost every day) is 165.165.226.116 if it's any help.

Thank you for a lot of encouragement though. I can clearly see that my ISP is experimenting on my patience.

Link to comment
Share on other sites

Which IP should I look at

<snip>

you signed your first post as E Mail - support[at]telkomsa.net

<snip>

...Confusing, but that wasn't BRACK's signature, that was the signature of her/his "ADSL provider" in the e-mail sent to her/him. :)

Link to comment
Share on other sites

What is a UCE Bulk Mail SpamCop Ref:S01 and how can I see what is behind that Ref:S01?

no idea, sorry. That's due to the configuration used by the ISP doing the blocking, which is also not in a format suggested by the SpamCop DNSbl info page.

All message just stayed in OUTBOX of my OE

which follows the other suggested mde that your ISP is not accepting your e-mail for distribution.

I never signed myself with my ISP.

OK, I admit that mistake. Having so many windows opened up, tryin gto compare all your referenced complaint links, three of these Forum Windows to look at different posts, yep, I blew that .. apologies ...

But, that you said that this info letter was a response to you, from your ISP, about your e-mail situation, takes me back to my previous 602 Lansuite issues.

Going to http://www.spamcop.net/sc?id=z319535019z36...7d836ee732c951z

Although SpamCop's parser works from the top down, I'm going to try again, working from the bottom up, with some shortened lines;

>Received: from [165.165.110.184] by 90.3.54.50 with HTTP

This line is total garbage

>Received: from 127.0.0.2 ([127.0.0.2]) by Server (602Pro LAN SUITE 2003)

If there is any credence here, this is where the "one of your Local users is using .. came from .. Normally, I'd say it was crap, but Lan Suite can be misconfigured ..

<Received: from Server (tbnb-110-184.telkomadsl.co.za [165.165.110.184])

by ctb-mesg6.saix.net (Postfix) with SMTP

This line suggests some credence to the previous line, because of the "Server" designation of the system at IP 165.165.110.184 ... which you now suggest isn't necessarily your IP, as it changes all the time ... the telkom.co.za address that matches where you said the letter came from, so appearances are that they are also your connectivity.

>Received: from ctb-mesg6.saix.net ([196.25.240.78])

by mail.sosdg.org with esmtp

You've not mentioned who this might be, but I still say, that when I looked it up and offered the link of http://www.spamcop.net/w3m?action=checkblo...p=196.25.240.78 , that IP address "was" listed, which would have suggested that sosdg.org may have been using the SamCop DNSbl to block, but at this point, it's all a mess. Your offered up rejection notices all say that telkomsa.net is doing the blocking.

My recent IP (it changes almost every day)

And that's a possible issue, especially as you've not answered how Mercury is handling SMTP ... as its own server or simply passing it up to your ISP ... though it seems obvious that it's the second mode, based on failure of your outgoing to go anywhere. But, if so, then we're back to your ISP doing the blocking.

Link to comment
Share on other sites

Looked through my last install of Mercury (version 3.31) .. the places I see that could be critial would be the Mercury "S" and "D" modules .... S being SMTP server, D being a user configuration for the POP3 client.

The "S" module would seem the most crucial to look at, especially under the Relay / Connection Control Tab.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...