support@hostedsolutions.com Posted September 20, 2006 Posted September 20, 2006 We have a Plesk shared email and hosting server at 216.27.30.250 that has been listed 3 times in the last 5 days. We thought we had indentified the source of the spam by correlating some reports sent by AOL's white list but we were re-listed twice since the last AOL report. The server hosts several hundred customers and domains making it difficult to identify the particular customer that sent the spam. We've verified that the IP address is not an open relay and its not located on any other block lists. We would like to identify the domain that the mail was sent from or the spamvertised site in the email so we can correct the problem or suspend the account. We've sent three requests via the web form asking for any assistance or information that the administrators can provide and but have not received a reply yet. We would appreciate any assistance in identifying the offending customer so we can get the IP address off the block list. Thank you. Simon Campbell Hosted Solutions spam Cop Report: 216.27.30.250 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) * System administrator has already delisted this system once Because of the above problems, express-delisting is not available Listing History In the past 5.8 days, it has been listed 3 times for a total of 41 hours
Telarin Posted September 20, 2006 Posted September 20, 2006 Well, unfortunately the webform or emailing deputies[at]admin.spamcop.net is the only way you are going to get further information on spamtrap hits. I've always gotten replies from them within 24 hours, but I'm very careful to make sure to detail exactly what I need, and provide all the necessary information at one time for them to help me. I know that from time to time their email load becomes a bit overwhelming, so I wouldn't recommend submitting again unless it has been more than 48 hours. Now on to your actual problem, most often, when we see spamtrap hits without any manual reports, it is caused by misdirected bounces. I would start there and make sure that your mailserver is rejecting undeliverable messages during the SMTP phase, and not trying to create a new NDR and sending it to the forged FROM address of the message.
support@hostedsolutions.com Posted September 20, 2006 Author Posted September 20, 2006 Now on to your actual problem, most often, when we see spamtrap hits without any manual reports, it is caused by misdirected bounces. I would start there and make sure that your mailserver is rejecting undeliverable messages during the SMTP phase, and not trying to create a new NDR and sending it to the forged FROM address of the message. It was my understanding that qmail does not allow you do this.
Telarin Posted September 20, 2006 Posted September 20, 2006 I don't think there are any current MTA's that are not capable of rejecting during the SMTP session. Some may require an add-on to work properly, but generating post-facto NDR's is considered very bad mail server practice.
turetzsr Posted September 20, 2006 Posted September 20, 2006 hostedsolutions.com' post='48102' date='Sep 20 2006, 05:24 PM']It was my understanding that qmail does not allow you do this....Please see Jank1887's reply in thread ' Stuck with "Misdirected Bounces" ' and subsequent discussion. Note: lest you think that finding this was magic, I found this by doing a "Search" (see form at top of most any SpamCop Forum page, including this one) for ' "misdirected bounces" qmail '.
support@hostedsolutions.com Posted September 20, 2006 Author Posted September 20, 2006 ...Please see Jank1887's reply in thread ' Stuck with "Misdirected Bounces" ' and subsequent discussion. Note: lest you think that finding this was magic, I found this by doing a "Search" (see form at top of most any SpamCop Forum page, including this one) for ' "misdirected bounces" qmail '. Thank you information. We'll see if that resolves the issue.
StevenUnderwood Posted September 21, 2006 Posted September 21, 2006 This information should give you some idea about when reports were received. It is available to paid reporters. There is only one report whickin not UUBE but that was a mole report (no reports sent): Report History: Display UUBE -------------------------------------------------------------------------------- Submitted: Wednesday, September 06, 2006 5:04:19 PM -0400: The Solution Center 1910210036 ( http://www.thesolutioncenter.com/meeting_reward... ) To: mole[at]devnull.spamcop.net 1910210034 ( 216.27.30.250 ) To: mole[at]devnull.spamcop.net Report History: Don't Display UUBE -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:49 AM -0400: failure notice 1918440784 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:50 AM -0400: failure notice 1918440723 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:50 AM -0400: failure notice 1918440716 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:46 AM -0400: failure notice 1918440699 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:35 AM -0400: failure notice 1918440367 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday, September 12, 2006 10:09:31 AM -0400: failure notice 1918440284 ( 216.27.30.250 ) ( UUBE ) To: uube[at]devnull.spamcop.net Older Reports
Recommended Posts
Archived
This topic is now archived and is closed to further replies.