Multiple IP addresses on the BL

[prodjtech]

hostedsolutions.com' post='48090' date='Sep 20 2006, 03:33 PM']

We have a Plesk shared email and hosting server at 216.27.30.250 that has been listed 3 times in the last 5 days. We thought we had indentified the source of the spam by correlating some reports sent by AOL's white list but we were re-listed twice since the last AOL report. The server hosts several hundred customers and domains making it difficult to identify the particular customer that sent the spam. We've verified that the IP address is not an open relay and its not located on any other block lists.

We would like to identify the domain that the mail was sent from or the spamvertised site in the email so we can correct the problem or suspend the account.

We've sent three requests via the web form asking for any assistance or information that the administrators can provide and but have not received a reply yet.

We would appreciate any assistance in identifying the offending customer so we can get the IP address off the block list.

Thank you.

Simon Campbell

Hosted Solutions

spam Cop Report:

216.27.30.250 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

* System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 5.8 days, it has been listed 3 times for a total of 41 hours

I am having a similar situation. Three of my web-hosting Ensim servers has been listed multiple times recently. We are getting no reports on this--SpamCop used to provide a sampling in the RBL listing query of what got you listed. Is it really asking too much for SpamCop reps to answer their emails in a timely manner? I have sent three requests asking for help over the past 5 days, and have gotten zero responses from them. So much for their 24-hour response time.

We use SMTP authentication, we've installed mod_security to reduce the likelihood of scri_pt exploits. All I'm looking for is some manner to identify what type of exploit has occurred and possibly which domain it originated from.

Can a SpamCop rep please respond to this thread (or better yet, my emails) so that we know that you are alive and well and actually looking at this stuff? Otherwise, if these types of delays (over 5 days and still no reply) are going to be likely, then I ask that you allow us to delist immediately more than once...or reduce the amount of time it takes to delist automatically. My boss is breathing down my neck wanting to know what I'm doing about this, and all I can tell him is that I've already contacted SpamCop three times already, but haven't heard a thing back. Needless to say, he is not amused.

Please, I require a response--some sort of acknowledgment--ASAP.

Moderator Edit: I find it astounding that thie entire first post of the Topic starter on someone else's issue was quoted in full .. at the end of the Discussion that had much research, data, and answers provided ... yet this "query" offered up exactly zero details on just what was impacted in this "similar problem" .... as none of the follow-on posting to "this" query has any relationship to the specifics of the original Topic .. this post and subsequent discussion were split out into its own Topic/discussion.

[Farelf]

... Can a SpamCop rep please respond to this thread (or better yet, my emails) so that we know that you are alive and well and actually looking at this stuff? ... I've already contacted SpamCop three times already, but haven't heard a thing back. ...

We are just user-to-user here, SC staff do not necessarily see these pages at all. But if you care to provide some details (IP addresses) someone "here" may be able to help, as seen earlier in this topic. Also, how did you contact SC? - the contact form or email (address sent to?).

[prodjtech]

We are just user-to-user here, SC staff do not necessarily see these pages at all. But if you care to provide some details (IP addresses) someone "here" may be able to help, as seen earlier in this topic. Also, how did you contact SC? - the contact form or email (address sent to?).

I used the contact form, and the last time, I used two different contact forms.

Two of the IPs are no longer listed (for now), but I'm concerned they will get re-listed, so I'd still like to see what I can find out about them as well.

IPs in question are:

216.81.144.194

216.81.144.214

216.81.144.215

Thanks for your help,

[Farelf]

I used the contact form, and the last time, I used two different contact forms.

Two of the IPs are no longer listed (for now), but I'm concerned they will get re-listed, so I'd still like to see what I can find out about them as well.

IPs in question are:

216.81.144.194

216.81.144.214

216.81.144.215

Thanks for your help,

The contact address for SC reports in each case is abuse[at]lh.net however the listed IP - http://www.spamcop.net/w3m?action=checkblo...=216.81.144.214 says "spam trap" hits. There are no reports sent in these cases. You probably know all this, but JIC ... Recording the detail:

216.81.144.214 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 17 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Automatic delisting

If you are the administrator of linux04.prodj.com and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue.

You may only do this once per IP! So please be sure that the problem is really and truly resolved. If you delist your system and we get more spam reports about it, you will not be allowed to expedite delisting again. Delisting normally occurs 24 hours after spam reports have ceased.

You must be able to receive mail at one of the addresses below. Until you have received and confirmed your request, it will not take effect.

Looking for potential administrative email addresses for 216.81.144.214:

cannot find an mx for linux04.prodj.com

216.81.144.214 is an mx ( 10 ) for prodj.com

Listing History

In the past 6.2 days, it has been listed 4 times for a total of 2.9 days

Other hosts in this "neighborhood" with spam reports

216.81.144.194 216.81.144.215

Dispute Listing

If you are the administrator of this system and you are sure this listing is erroneous, you may request that we review the listing. Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes.

Dispute listing of 216.81.144.214

The addresses below as referred to above are in a drop-down on the form (see for yourself via the link): abuse[at]prodj.com, or postmaster, administrator, hostmaster. If you have access, do not attempt to delist without finding and fixing the cause. You could try contacting the SC staff by email at deputies[at]admin.spamcop.net for hints as to what has been hitting the traps (they won't give away much, they must preserve the anonymity of those traps) - if you don't have one of the "admin" addresses above you will need to provide sufficient detail to convince them of your credentials in this matter. Needless to say keep it concise and give them everything they will need. As you know they don't have much time.

Good luck

[StevenUnderwood]

I used the contact form, and the last time, I used two different contact forms.

Two of the IPs are no longer listed (for now), but I'm concerned they will get re-listed, so I'd still like to see what I can find out about them as well.

IPs in question are:

216.81.144.194

216.81.144.214

216.81.144.215

Thanks for your help,

As a paid reporter, I can see some of the reports against your IP addresses and have included them below. The reports seen are all misdirected undeliverable reports. We believe, though we have not been able to confirm, that the UUBE reports shown are actually spamtrap hits that are misdirected bounces.

Report History: 

Don't Display UUBE

----------------------------------------------------------------
Submitted: Wednesday, September 20, 2006 11:23:38 AM -0400: 
Returned mail: see transcript for details 
1930233233 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
----------------------------------------------------------------
Submitted: Monday, September 11, 2006 8:58:20 AM -0400: 
Returned mail: see transcript for details 
1917028528 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------------------------------------------
Submitted: Sunday, September 10, 2006 5:12:34 PM -0400: 
Returned mail: see transcript for details 
1916128135 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------------------------------------------
Submitted: Saturday, September 09, 2006 8:40:40 AM -0400: 
Returned mail: see transcript for details 
1914314079 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
--------------------------------------------------------------
Submitted: Tuesday, September 05, 2006 12:26:14 PM -0400: 
Returned mail: see transcript for details 
1908207274 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
------------------------------------------------------------
Submitted: Sunday, September 03, 2006 5:46:57 PM -0400: 
Returned mail: see transcript for details 
1905263288 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
------------------------------------------------------------------
Submitted: Saturday, September 02, 2006 5:21:36 AM -0400: 
Returned mail: see transcript for details 
1903159457 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
------------------------------------------------------------
Submitted: Tuesday, August 29, 2006 3:25:18 AM -0400: 
Returned mail: see transcript for details 
1896805604 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
------------------------------------------------------------
Submitted: Monday, August 28, 2006 2:24:34 PM -0400: 
Returned mail: see transcript for details 
1896030520 ( 216.81.144.194 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Report History: 

Don't Display UUBE
--------------------------------------------------------
Submitted: Sunday, July 23, 2006 1:02:39 PM -0400: 
Returned mail: see transcript for details 
1848512290 ( 216.81.144.214 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

[Wazoo]

I used the contact form, and the last time, I used two different contact forms.

There is only one contact form for contacting the Parsing & Reporting staff .. that one dumps into the queue of three people, already self-admitting at trying to handle 800-1800 e-mails a day ..... the use of "two" forms suggest that you are dumping your request data on someone not involved with that side of the SpamCop.net tool-set. If your original notification/query was anything like your opening post here, what exactly did you expect for an answer?

Two of the IPs are no longer listed (for now), but I'm concerned they will get re-listed, so I'd still like to see what I can find out about them as well.

IPs in question are:

216.81.144.194

216.81.144.214

216.81.144.215

Thanks for getting around to identifying this data ... just curious as to just how many more places I need to point out that this is necessary data for any response at all .... the big, black, bold titled items seemed to have escaped your notice, the contents of the thousands of previous discussions, to include the one you originally posted into, all have this small issue repeated over and over .. lack of details results in lack of (good) answers ...

[prodjtech]

There is only one contact form for contacting the Parsing & Reporting staff .. that one dumps into the queue of three people, already self-admitting at trying to handle 800-1800 e-mails a day ..... the use of "two" forms suggest that you are dumping your request data on someone not involved with that side of the SpamCop.net tool-set. If your original notification/query was anything like your opening post here, what exactly did you expect for an answer?

Thanks for getting around to identifying this data ... just curious as to just how many more places I need to point out that this is necessary data for any response at all .... the big, black, bold titled items seemed to have escaped your notice, the contents of the thousands of previous discussions, to include the one you originally posted into, all have this small issue repeated over and over .. lack of details results in lack of (good) answers ...

First off, my sincere thanks for the assistance. If I understand what has been said to this point, the most we are guilty of is sending out erroneous mailer-daemon crap responses, right? (Sorry, but I'm working on very minimal sleep right now, and adrenaline is in short supply, as is caffeine.)

Secondly, each email message I sent was extremely detailed...and cordial. However, I get a little frustrated when I spend my precious time banging out a lengthy, detailed message and get nothing in return. With all due respect, I'm here because I give a damn, and want to do the right thing. It would have been nice if they could have posted a notice on the website that said "We are experiencing a high volume of email at this time, and will be unable to meet the 24-hour response time until further notice." Something to that effect would at least tell me it's going to be a while. In other words, don't give me the expectation, if you aren't able to meet it. I can be extremely patient when I am dealt with in an honest and forthright manner, and given honest and realistic expectations.

In fact, I didn't fly off the handle when I was met with silence the first time; I can understand that everyone is overworked--hell, I'm one of them. However, when I submit multiple subsequent requests for assistance, have a bunch of customers hounding me because they cannot send email, and my boss is getting ticked at me because I cannot make someone respond to my inquiries, I admit that I tend to get a little cranky. :wink:

So, why didn't I include my details in my original post? Well, since four emails of details didn't get me any results, I thought I'd wait until it became obvious that I would get the assistance I was requesting.

That said, I would like to offer my apologies for my earlier rant. Like I said, to essentially waste a couple of precious hours on detailed messages while there are other fires to put out and tens of projects to accomplish, had me frustrated to no end. I truly appreciate everyone's assistance heretofore despite my failure to put my best foot forward. If I offended anyone, I am truly sorry.

[agsteele]

So, why didn't I include my details in my original post? Well, since four emails of details didn't get me any results, I thought I'd wait until it became obvious that I would get the assistance I was requesting.

Part of the problem is that your initial detailed Emails went to one place and your postings here in the forum to an entirely different set of people. In the second place to other users.

I'm not sure that more can be done to clarify the fact that posting in the forum is a new process and that you are talking with other end-users. If you can offer some ideas of how that could be made easier or more explicit then I'm sure that the moderators and admins will be very pleased.

Personally, I've seen far more grumpy postings than yours.

Andrew