Jump to content

[Resolved] Where can I get a detailed report?


TTILLCTC

Recommended Posts

One of the Exchange server I tend is being on the list at spamcop, cbl, xbl, you get the idea. Anyway, I am looking for the details of why I am blocked. I would really like a "From:" and/or a "To:". Some kind of clue as to where to start looking. The IP address is 68.153.96.34.

I have scanned the Exchange server with all the recommended software. Checked all the reports for each site I am listed on, etc. Read the forums. You name it, I have read it, checked it or chunked it.

Thanks in advance.

Link to comment
Share on other sites

It looks all the reports on that IP address were user submitted reports. Copies would have gone to abuse[at]bellsouth.net. You should try contacting them and find out why they have not forwarded these reports on to you. You can also try contacting deputies[at]admin.spamcop.net, but you will have to have some proof that you are responsible for that IP address (using a role address helps) to get much detail. I'm sure one of the paid spamcop members will be happy to post the traffic that has been reported, however that will only contain the subject lines and dates/times sent, although this should be enough to track them down in the exchange logs.

What version of exchange are you running? I know some versions are susceptible to SMTP/AUTH attacks. You'll also want to make absolutely certain it is not an open relay. If you are using a single public IP address shared between your server and PCs, you will also need to check the PCs and make sure they have not been compromised.

Link to comment
Share on other sites

Thanks for your reply Will. I appreciate it. I have contacted Bellsouth. I can't get a human on the phone and the email I sent a request for data replied with the following

we will not respond to your message except, possibly, in cases where the abuse poses a serious threat to person or property

Gotta love that! Here's my problem. My server has been convicted and sentenced without it's attorney, that would be me, seeing the evidence or event getting to review the charges. Sorry, had to rant and rave for a second. Kinda frustrated.

I would be willing to pay to get the report but all I see is a signup for ISPs. Maybe I missed it. One site did have some times that I was reported but I couldn't correlate it to my logs.

I have a firewall and have configured it so that only the Exchange server can use port 25 outgoing. I am running 2000. Double-checked open relay. ordb.org says "Nope".

Thanks again for your help!

Link to comment
Share on other sites

Some reports look like potential phishers:

Submitted: Thursday, August 17, 2006 11:53:57 AM -0400:

You have added a new e-mail address to your account.

1880313674 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: postmaster[at]ecommerce.com

1880313644 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: abuse[at]ecommerce.com

1880313613 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1880313582 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880313548 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 11:51:27 AM -0400:

You have added a new e-mail address to your account.

1880310463 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: postmaster[at]ecommerce.com

1880310423 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: abuse[at]ecommerce.com

1880310371 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1880310325 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880310286 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 11:10:54 AM -0400:

You have added a new e-mail address to your account.

1880278871 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880278864 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 10:18:35 AM -0400:

You have added a new e-mail address to your account.

1880223963 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880223945 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 9:46:51 AM -0400:

You have added a new email address to your account.

1880226358 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880226341 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 9:50:55 PM -0400:

You have added a new email address to your account.

1879591097 ( 68.153.96.34 ) To: mole[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:43:57 PM -0400:

You have added a new email address to your account.

1879366127 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879366124 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:32:31 PM -0400:

You have added a new email address to your account.

1879348735 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1879348733 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1879348730 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1879348726 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1879348725 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1879348723 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879348721 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 1:11:35 PM -0400:

You have added a new email address to your account.

1879166377 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879166362 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 12:21:02 PM -0400:

You have added a new email address to your account.

1879110984 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879110978 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

Older Reports

----------------------------------------------

Submitted: Wednesday, August 16, 2006 12:29:04 PM -0400:

You have added a new email address to your account.

1879103448 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1879103421 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879103385 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 11:48:39 AM -0400:

You have added a new email address to your account.

1879063320 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1879063297 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1879063283 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1879063271 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1879063251 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1879063227 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879063215 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 11:33:41 AM -0400:

You have added a new email address to your account.

1879046948 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1879046927 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1879046908 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1879046900 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1879046894 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1879046878 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879046862 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 10:31:30 AM -0400:

You have added a new email address to your account.

1878982283 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1878982254 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1878982238 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1878982204 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1878982175 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1878982152 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

1878982132 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 8:15:12 AM -0400:

You have added a new email address to your account.

1878824272 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1878824241 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1878824202 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1878824173 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1878824134 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1878824100 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1878824076 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 7:48:45 AM -0400:

You have added a new email address to your account.

1878806929 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1878806906 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1878806888 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1878806869 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1878806851 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1878806828 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1878806808 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 15, 2006 7:01:52 PM -0400:

You have added a new email address to your account.

1878148449 ( http://sbs.adp.com/index.asp?brnd=p&dest=201.10... ) To: abuse#nac.net[at]devnull.spamcop.net

1878148444 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1878148439 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1878148435 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 15, 2006 3:47:55 PM -0400:

You have added a new email address to your account.

1877990464 ( http://sbs.adp.com/index.asp?brnd=p&dest=201.10... ) To: abuse#nac.net[at]devnull.spamcop.net

1877990463 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1877990462 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1877990460 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 15, 2006 3:01:54 PM -0400:

You have added a new email address to your account.

1877949204 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1877949193 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 10, 2006 2:07:11 PM -0400:

Your account is limited

1871675054 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

Older Reports

Link to comment
Share on other sites

Looks like you have a small problem I hope this info helps..........

Your server is sending way to much junk. Looks pretty spammy to me!

in the last day you are up more than 1000 percent!

Last day 4.5 1351%

Last 30 days 3.5 26%

Reports:

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 11:53:57 AM -0400:

You have added a new e-mail address to your account.

1880313674 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: postmaster[at]ecommerce.com

1880313644 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: abuse[at]ecommerce.com

1880313613 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1880313582 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880313548 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 11:51:27 AM -0400:

You have added a new e-mail address to your account.

1880310463 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: postmaster[at]ecommerce.com

1880310423 ( http://www.nbpc.tv/redirect.php?url=http://201.... ) To: abuse[at]ecommerce.com

1880310371 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1880310325 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880310286 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 11:10:54 AM -0400:

You have added a new e-mail address to your account.

1880278871 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880278864 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 10:18:35 AM -0400:

You have added a new e-mail address to your account.

1880223963 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880223945 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Thursday, August 17, 2006 9:46:51 AM -0400:

You have added a new email address to your account.

1880226358 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1880226341 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 9:50:55 PM -0400:

You have added a new email address to your account.

1879591097 ( 68.153.96.34 ) To: mole[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:43:57 PM -0400:

You have added a new email address to your account.

1879366127 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879366124 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:32:31 PM -0400:

You have added a new email address to your account.

1879348735 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: ssradmin[at]telmex.com

1879348733 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: postmaster[at]uninet.net.mx

1879348730 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: dominios[at]telmex.com

1879348726 ( http://201.100.4.74/.www.paypal.com/bin-cgi/web... ) To: abuse[at]uninet.net.mx

1879348725 ( 68.153.96.34 ) To: spamcop[at]imaphost.com

1879348723 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879348721 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 1:11:35 PM -0400:

You have added a new email address to your account.

1879166377 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879166362 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 12:21:02 PM -0400:

You have added a new email address to your account.

1879110984 ( 68.153.96.34 ) To: thisisspam[at]bellsouth.net

1879110978 ( 68.153.96.34 ) To: abuse[at]bellsouth.net

Older Reports

Link to comment
Share on other sites

Please excuse my ignorance but what is this report saying? Does this show who reported this and who sent it somewhere?

These are messages received by spamcop users. These users are saying I did not request this message, it is spam. They submit it to spamcop, a tool used to determine the source of the message and that is showing your IP address.

It does not show who the report went to or from, but those entries are easily forged. What can not be forged is the IP address the messages are coming from.

Does your server generally send out emails with the subject: You have added a new email address to your account.

Link to comment
Share on other sites

As I stated before, that subject line and the reference to paypal suggest that these reported e-mails may in fact be phishers attempting to scam the recipients of information and money.

With those subject lines and reporting dates you can certainly check your logs, reporting is done within hours of reciept in most cases, and less than 48h in the more extreme submissions.

Link to comment
Share on other sites

Thanks everyone for your help. I got some information from one of the deputies this morning that cleared everything up for me. It is a phishing expedition originating from inside my house. Saturday will be spent cleaning and delousing all the PCs. Thanks again for all the help provide.

Link to comment
Share on other sites

Thanks for coming here with a good attitude and wanting to take care of the problem! You'd be surprised how many people just want to rant and not actually fix anything, its nice to see people that do want to fix things ocassionally. Let us know how your delousing goes :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...