Jump to content

OUTBOUND SERVERS HAVE NO MX RECORD


dtsmail
 Share

Recommended Posts

Our organization has separate inbound and outbound servers and our outbound servers do not have MX records and do not accept inbound SMTP email. It appears that spamcop doesn't like this and has recently flagged our OUTBOUND SMTP IP address. This is something that needs to be fixed on the spamcop side.

Link to comment
Share on other sites

It appears that spamcop doesn't like this and has recently flagged our OUTBOUND SMTP IP address.
Proof? Your post is a bit light on details. Please provide the IP address of your outbound server so that we (SC users/customers/volunteers) can take a look at what might be in the reporting database regarding your server.

DT

Link to comment
Share on other sites

It is only spam spew that gets you listed so it appears the problem needs to be corrected at your end to prevent future listing. There are hacks that can exploit your server regardless of the MX status so you need to provide some data to the contrary or give us the IP in question so we can look into the nature of the problem.

Edited by dra007
Link to comment
Share on other sites

Here you are.

205.163.176.197 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 2 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it.

Automatic delisting

If you are the administrator of HHASMTPOUT02.cahwnet.gov. and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue.

You may only do this once per IP! So please be sure that the problem is really and truly resolved. If you delist your system and we get more spam reports about it, you will not be allowed to expedite delisting again. Delisting normally occurs 24 hours after spam reports have ceased.

You must be able to receive mail at one of the addresses below. Until you have received and confirmed your request, it will not take effect.

Looking for potential administrative email addresses for 205.163.176.197:

cannot find an mx for HHASMTPOUT02.cahwnet.gov

cannot find an mx for cahwnet.gov

Since this server does not accept incoming email the problem cannot be misdirected bounces.

Edited by dtsmail
Link to comment
Share on other sites

Since this server does not accept incoming email the problem cannot be misdirected bounces.

Then please explain the following? Definitely looks like misdirected bounces to me. Perhaps your incoming email server also uses this server for it's outgoing?

Report History:

Don't Display UUBE

-----------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 6:19:43 PM -0400: 
Undeliverable: spam: V1agr[at] C1[at]l1s, Lev1tr[at] for you! 
1914928824 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 9:39:20 AM -0400: 
Delivery Status Notification (Failure) 
1914383067 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 1:32:37 AM -0400: 
Delivery Status Notification (Failure) 
1913879992 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

---------------------------------------------------------------------
Submitted: Friday, September 08, 2006 12:42:57 PM -0400: 
Delivery Status Notification (Failure) 
1913120944 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------------------
Submitted: Thursday, September 07, 2006 2:10:14 AM -0400: 
Delivery Status Notification (Failure) 
1910751474 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 6:45:49 PM -0400: 
Delivery Status Notification (Failure) 
1910301928 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 2:28:22 PM -0400: 
Undeliverable: spam: Make yourself more attractive to others 
1910031353 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 9:56:53 AM -0400: 
Undeliverable: spam: Good news for traders 
1909669492 ( 205.163.176.197 ) ( UUBE ) To: uube[at]devnull.spamcop.net

Link to comment
Share on other sites

Senderbase has observed well over 10,000 emails from that IP in a single day - ref http://www.senderbase.org/search?searchStr...205.163.176.197. Note also the statistics for other "inwards only" servers on that page. The listing is due to expire in 2 hours or less and you are not listed in any other major BL but that may just be a matter of time unless you locate the cause.

Link to comment
Share on other sites

Few more tests:

This IP, in addition to the UUBE reports above, also has 1 regular report from a user:

Report History:

Display UUBE

Submitted: Wednesday, August 23, 2006 12:02:20 PM -0400:

Delivery Status Notification (Failure)

1888930057 ( 205.163.176.197 ) To: relays[at]admin.spamcop.net

1888930043 ( 158.96.148.5 ) To: dluiz#hwdc.state.ca.us[at]devnull.spamcop.net

Also, found 1 message in sightings on this IP address, also a misdifected bounce: http://groups.google.com/groups?lnk=hpsg&a...205.163.176.197

Used the bounced domain to try my own test (below) and see that messages to that domain are NOT rejected. The resulting bounce was misdirected to the address I used as the sender, not from this IP but rather from: hhasmtpout01.cahwnet.gov (205.163.176.196) which seems to be another "outgoing only" server. Tracking URL for this one, which I cancelled: http://www.spamcop.net/sc?id=z1060704596ze...224da26702b6c3z

Fix this problem or you will continue to be listed by spamcop and likely other lists in the future as well.

telnet smtp.dts.cahwnet.gov 25
220 HHASMTPIN02.cahwnet.gov ** Sat, 09 Sep 2006 18:49:41 -0700
helo underwood.spamcop.net
250 HHASMTPIN02.cahwnet.gov Hello [66.168.115.246]
mail from: <underwood[at]spamcop.net>
250 <underwood[at]spamcop.net>: Sender Ok
rcpt to: <12345tester67890[at]isaws.cahwnet.gov>
250 <12345tester67890[at]isaws.cahwnet.gov>: Recipient Ok
data
354 HHASMTPIN02.cahwnet.gov: Send data now.  Terminate with "."
This is a test message.  I should not have seen a 250 to that address.
.
250 HHASMTPIN02.cahwnet.gov: Message accepted for delivery
quit
221 HHASMTPIN02.cahwnet.gov closing connection. Goodbye!

Connection to host lost.

THAT IP address also has numerous UUBE reports and one non UUBE report:

Report History:

Display UUBE

--------------------------------------------------------------------
Submitted: Wednesday, July 05, 2006 12:42:02 PM -0400: 
Delivery Status Notification (Failure) 
1826978865 ( 205.163.176.196 ) To: mmilliga#hw1.cahwnet.gov[at]devnull.spamcop.net 

Report History: 
Don't Display UUBE
-----------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 1:44:08 PM -0400: 
Undeliverable: spam: Achieve picture perfect weight and enjoy lif e 
1914681844 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

------------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 10:43:50 AM -0400: 
Undeliverable: spam: High-quality meds at low prices is not a dre am with us! 
1914463882 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

------------------------------------------------------------------------
Submitted: Saturday, September 09, 2006 10:13:30 AM -0400: 
Delivery Status Notification (Failure) 
1914428425 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-------------------------------------------------------------------
Submitted: Friday, September 08, 2006 4:09:07 PM -0400: 
Undeliverable: spam: Shed weight now and enjoy the process 
1913374120 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-------------------------------------------------------------------
Submitted: Friday, September 08, 2006 8:27:49 AM -0400: 
Delivery Status Notification (Failure) 
1912759612 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-----------------------------------------------------------------------
Submitted: Thursday, September 07, 2006 1:34:32 PM -0400: 
Delivery Status Notification (Failure) 
1911610328 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 7:22:12 PM -0400: 
Undeliverable: Dynamics Sign 
1910338984 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 9:55:43 AM -0400: 
Undeliverable: spam: Financial news 
1909667830 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

--------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 9:55:08 AM -0400: 
Undeliverable: ALVN news 
1909666907 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

-------------------------------------------------------------------------
Submitted: Wednesday, September 06, 2006 9:55:01 AM -0400: 
Undeliverable: this going to expolad 
1909666722 ( 205.163.176.196 ) ( UUBE ) To: uube[at]devnull.spamcop.net

Link to comment
Share on other sites

Since this server does not accept incoming email the problem cannot be misdirected bounces.
That's what you'd *like* to think, and yet the reporting database evidence posted here clearly shows otherwise. Those are all bounce messages coming from the IP you gave us. Perhaps it's relaying them outwards on behalf of your "inbound" server? In any case, you've got to stop those messages from going out if you want that server to stay "clean" as far as staying off the SCBL goes.

As noted in another response, your IP also shows up in a report in the email abuse "sightings" group:

http://groups.google.com/groups?sourceid=m...sa=N&tab=wg

that report is a bit old (Dec. 2005) but it's for the same behavior...the Subject on that reported item was "Delivery Status Notification (Failure)."

The issue you reported in your original post (no MX record for the server) has to do with the SC blcheck page not being able to find a responsible party to communicate with regarding this IP. That is something that you can rectify by contacting the SC Deputies at:

deputies (at) admin.spamcop.net

Give them the details of who you are and point them to this forum topic for details. You will probably also want to try the "Dispute resolution" option described here:

http://mailsc.spamcop.net/fom-serve/cache/298.html

where you'll find a link to a contact form for ISP personnel:

http://mailsc.spamcop.net/fom-serve/cache/91.html

and also this "How can I contact..." page:

http://mailsc.spamcop.net/fom-serve/cache/401.html

Your server is most certainly transmitting those reported items and you need to find a way to stop them.

DT

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...