IP 201.28.110.218 IS BLOCKED in SpamCOP

[michaelmanzini]

Hi all,

First of all, some information about the host.

#######################################

srv.sensordobrasil.com.br. [201.28.110.218] [TTL=86400] [bR]

srv1.sensordobrasil.com.br. [201.28.110.219] [TTL=86400] [bR]

rDNS

host 201.28.110.218

218.110.28.201.in-addr.arpa domain name pointer mail.sensordobrasil.com.br.

host mail.sensordobrasil.com.br

mail.sensordobrasil.com.br has address 201.28.110.218

SPF Record

"v=spf1 ip4:201.28.110.218/24 a mx ptr a:mail a:srv a:srv1 a:srv2

mx:mail.sensordobrasil.com.br include:sensor24horas.com.br ~all" [TTL=86400]

Lookup by SpamCOP

201.28.110.218 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 0 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

#####################################

Whats the problem with this server ?

I configured the SPF record after the SpamCOP list the IP. Only the configuration of the SPF record resolve the problem ?

Thanks,

[Telarin]

The SPF is not something spamcop looks at. The most important part of the information you provided is:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

This indicates that spam has hit both spamtraps (which are kept secret as a matter of course), and has been reported from users inboxes. A quick trace on the ip address (201.28.110.218) you gave, shows that abuse reports would have gone to postmaster[at]telefonica.com.br; postmaster[at]cert.br; mail-abuse[at]nic.br; antispambr[at]abuse.net and mail-abuse[at]cert.br. You should contact one of these people to determine why those reports were not forwarded to you.

You may also be able to contact deputies[at]admin.spamcop.net to see if they can give you copies of those reports, or at least give you some indication of what spam is being seen from your IP.

One of the paying members here may also be willing to post the report history for that IP.

[agsteele]

This ip is not currently listed in the SCBL.

The last, and only report, I can find was as follows:

Submitted: 24 July 2006 17:11:50 +0100:
re: Big choice news1etter

	* 1849896462 ( 201.28.110.218 ) To: spamcop[at]imaphost.com
	* 1849896450 ( 201.28.110.218 ) To: postmaster[at]telefonica.com.br
	* 1849896436 ( 201.28.110.218 ) To: postmaster[at]cert.br
	* 1849896416 ( 201.28.110.218 ) To: mail-abuse[at]cert.br 

Andrew

[StevenUnderwood]

This ip is not currently listed in the SCBL.

The last, and only report, I can find was as follows:

Submitted: 24 July 2006 17:11:50 +0100:
re: Big choice news1etter

	* 1849896462 ( 201.28.110.218 ) To: spamcop[at]imaphost.com
	* 1849896450 ( 201.28.110.218 ) To: postmaster[at]telefonica.com.br
	* 1849896436 ( 201.28.110.218 ) To: postmaster[at]cert.br
	* 1849896416 ( 201.28.110.218 ) To: mail-abuse[at]cert.br 

Andrew

Well, it looks like you cleared the block. That is not a good thing to do unless you know you have solved the problem which, by your questions, you have not. The next report wil list you again, and you will not have the chance to remove yourself.

Did you read all the information on this page: http://mailsc.spamcop.net/bl.shtml?201.28.110.218

[Merlyn]

Still a big surge in email from that IP:

Last day 3.5 601%

Last 30 days 2.8 51%

[michaelmanzini]

http://mailsc.spamcop.net/bl.shtml?201.28.110.218

Whats account need to access this page ?

I tried my user and password that i register here but I can't login in this page.

[Telarin]

This link should work for you, it doesn't require being logged in:

http://www.spamcop.net/w3m?action=checkblo...=201.28.110.218

However, either the listing has aged off the list, or you have marked it as resolved, so all it shows now is

201.28.110.218 not listed in bl.spamcop.net

If you manually removed the listing, you should be aware that you can only do that one time, so if it gets listed again, you will have to wait out the listing once you have resolved the problem.

[michaelmanzini]

Well, it looks like you cleared the block. That is not a good thing to do unless you know you have solved the problem which, by your questions, you have not. The next report wil list you again, and you will not have the chance to remove yourself.

Did you read all the information on this page: http://mailsc.spamcop.net/bl.shtml?201.28.110.218

Ok I work in a company and we provide service how smtp servers.

A two weeks ago some costumers report us about problem with e-mail and when a researched i found the spamcop blocked.

Is There a spamcop block that is more often ? About CBL, almost 100% of incidents are infected workstation. I send a e-mail for them and they return me a name of infected workstation. And I fix the problem.

But in SpamCop I don't know why The IP has been listed.

Please help me.

This link should work for you, it doesn't require being logged in:

http://www.spamcop.net/w3m?action=checkblo...=201.28.110.218

However, either the listing has aged off the list, or you have marked it as resolved, so all it shows now is

If you manually removed the listing, you should be aware that you can only do that one time, so if it gets listed again, you will have to wait out the listing once you have resolved the problem.

The admin of the sensorsdobrasil.com.br deslisting it. I work in the company that provide services for them. And i'm responsable for this server.

I known that is isn't a good pratic, but I don't do it !

I have knowlegment about blacklists, I 'm communic with CBL, SORBS but I never found a block by SpamCop blacklist.

Its the first contact with this backlist.

thanks for attention.

[StevenUnderwood]

http://mailsc.spamcop.net/bl.shtml?201.28.110.218

Whats account need to access this page ?

I tried my user and password that i register here but I can't login in this page.

Yes, Sorry about that. I should have replaced the mailsc with www as:

http://www.spamcop.net/bl.shtml?201.28.110.218

The other link provided is one step under this page, but this was the info I wanted you to see.

To see parts what was sent to a spamtrap address, you will need to email deputies[at]spamcop.net and ask nicely. They are extremely busy, dealing with ~1800 messages per day so if they can not answer your question without more data, it is likely to be put on the back of the todo list, which may be quite a while. Keep trying and let us know what you found.

[Derek T]

Ok I work in a company and we provide service how smtp servers.

A two weeks ago some costumers report us about problem with e-mail and when a researched i found the spamcop blocked.

Is There a spamcop block that is more often ? About CBL, almost 100% of incidents are infected workstation. I send a e-mail for them and they return me a name of infected workstation. And I fix the problem.

But in SpamCop I don't know why The IP has been listed.

thanks for attention.

SpamCop is entirely automatic and very proactive. SpamCop does NOT recommend using it to block mail outright, it should be used only for quarantining mail. SOME admins choose to use to block - their call. The good news is that de-listing is also entirely automatic - once the spew stops an IP de-lists in 24hrs or even less. Check your logs to find the trojanned machine.

[turetzsr]

<snip>

About CBL, almost 100% of incidents are infected workstation. I send a e-mail for them and they return me a name of infected workstation. And I fix the problem.

But in SpamCop I don't know why The IP has been listed.

Bom dia!

...If infected workstations are sending spam, then there is a very good chance that is what is causing the listings in the SpamCop blacklist.

...If infected workstations are being addressed only after incidents, and if the infected workstations sending spam are causing your server to be listed on the SpamCop blacklist, then your problem is going to continue. I would suggest you (and your customers) work to avoid any workstations becoming infected at all. Workstation firewalls and anti-virus software should be running on all workstations and servers at all times!

Please help me.

...Help appears in many of the replies from other members here. The two most likely ways to get answers are:

• As Telarin suggested, contact the owners of postmaster[at]telefonica.com.br; postmaster[at]cert.br; mail-abuse[at]nic.br; antispambr[at]abuse.net and/or mail-abuse[at]cert.br and ask that reports regarding your servers be sent to you.
  
• As StevenUnderwood suggested, contact the SpamCop deputies at deputies[at]spamcop.net to ask for any available evidence of spam Trap hits. To repeat and extend what Steven mentioned, you will have to provide enough information for the Deputies to be able to handle your request without coming back to you for more information and to convince them that you are an authorized administrator of the server 201.28.110.218. Otherwise, it may take them quite a long time to reply to you.
  

...Good luck!