michaelr Posted September 25, 2006 Share Posted September 25, 2006 Hi everyone, I hope someone can help me with a question. I apologise if it's been asked before - I couldn't find anything while searching the forum. We discovered our server on 212.227.77.248 was SpamCop's blacklist last Wednesday. Unfortunately it turned out we did have the server configured to act as an open relay, and it was being used to send spam. We belived we had resolved the issue and by Friday we were no longer blacklisted. Came into work today (Monday) and checked the IP on SpamCop, and we are blacklisted again. The initial ban was from user reports. The current one is user reports and 1 spamtrap. My question is, is it possible that the latest ban is still from the spam we were relaying previously, that have just taken a few days to be reported, or is it likely that we have a further problem? Thanks for reading. Michael Link to comment Share on other sites More sharing options...
agsteele Posted September 25, 2006 Share Posted September 25, 2006 My question is, is it possible that the latest ban is still from the spam we were relaying previously, that have just taken a few days to be reported, or is it likely that we have a further problem? Hi Michael! As a paying user I can see that the last items of spam submitted by other users was on 21 September. That does seem to have been part of a significant spam run. Since you confirm that you have had an open relay it is possible that there will have been reports received in regard to this junk as recently as Sunday, 24th. So it is possible that the reports you refer to relate to the problem you have since resolved. However, since some of the reports have been reaching spam traps it is not possible for a user to see details of when these reports were received (these forums are users helping users). As you will have seen, the listing is due to time out within 18 hours. So, if you can bear to wait until tomorrow, you should see whether the issue has been resolved. You can, if you wish, raise the matter with deputies[at]spamcop.net but that could take longer than the overnight wait. It also looks like you don't have admin Email addresses listed for your mail servers. If you did then you would be able to delist the servers once only confirming you had taken the necessary action to fix the problem. So updating your registrations would possibly help you inthis respect in the future. Andrew Link to comment Share on other sites More sharing options...
michaelr Posted September 25, 2006 Author Share Posted September 25, 2006 Thank-you very much for the reply, and taking the time to investigate. From our point of view a day longer on the blacklist is pretty minor compared to a still compromised server, so your reply is reassuring and I'll wait and hope that the issue is resolved. I saw the request delisting option, but the "you can only do this once" warning scared me off I don't want to try anyone's patience since the ban is not life or death as long as it's short! Thanks again for your trouble. Link to comment Share on other sites More sharing options...
agsteele Posted September 25, 2006 Share Posted September 25, 2006 I saw the request delisting option, but the "you can only do this once" warning scared me off I don't want to try anyone's patience since the ban is not life or death as long as it's short! I think that's wise. Requesting delisting can ony make matters worse since if you get it wrong the deputies may be more cautious in delisting you later if you still need help. Keep a watch on the page and check that the time delay is always decreasing. If you see it jump back up to, say 23 hours, then that's a sign you still have spam flowing in some way. Andrew Link to comment Share on other sites More sharing options...
michaelr Posted September 25, 2006 Author Share Posted September 25, 2006 Will do, and thanks! Link to comment Share on other sites More sharing options...
Miss Betsy Posted September 25, 2006 Share Posted September 25, 2006 Just a clarification. I have always understood that it is the time of when the spam was sent that determined when the 'stop' for listing was started. IOW, if someone didn't receive the spam until after you fixed the problem, it would not affect the bl even if reported. I might have misunderstood Andrew's explanation or I might be wrong. Miss Betsy Link to comment Share on other sites More sharing options...
Farelf Posted September 25, 2006 Share Posted September 25, 2006 ... I have always understood that it is the time of when the spam was sent that determined when the 'stop' for listing was started. ....That's my understanding too - listing time is reduced by the parser's take on the age of the spam when reported (= how long ago it was sent before being reported). When the Deputies have delisted and an attempt is made to report spam which nominally issued before the fix, the parse throws up that (now rare) message ISP has indicated spam will cease; ISP resolved this issue sometime after ..... Or am I getting confused about what is confusing? Link to comment Share on other sites More sharing options...
michaelr Posted September 25, 2006 Author Share Posted September 25, 2006 Thanks everyone, your posts made me double check everything. There was a misunderstanding between me and a collegue over whether qmail had had it's queue cleared. It hadn't and I assume it has been happily sending the rest of the spam in it's queue even though it was no longer relaying new mail - my qmail knowledge is poor I'm afraid so any comments on that would be welcome. The queue is now clear and is being watched *very* carefully so I think the situation is resolved. Thank-you to everyone who has helped us to resolve this issue. If anyone has any thoughts on anything we might have overlooked they will be read closely, we don't want to be sending spam any more than you want us to! Link to comment Share on other sites More sharing options...
agsteele Posted September 25, 2006 Share Posted September 25, 2006 I might have misunderstood Andrew's explanation or I might be wrong. I was probably being far less precise - just noting that a report could be submiited somewhat later than the date sent and that this could still affect the listing time. Andrew Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 25, 2006 Share Posted September 25, 2006 Thank-you to everyone who has helped us to resolve this issue. If anyone has any thoughts on anything we might have overlooked they will be read closely, we don't want to be sending spam any more than you want us to! Thank you for the update and for your attitude. It is refreshing to have someone not blame us for all their problems. Link to comment Share on other sites More sharing options...
Jeff G. Posted October 8, 2006 Share Posted October 8, 2006 Unfortunately, it looks like you might not be getting any email whatsoever because server mail.macupgrades.co.uk.macupgrades.co.uk doesn't exist - see the following for details: 10/08/06 14:13:40 dig macupgrades.co.uk ... Dig macupgrades.co.uk[at]ns.iomart.co.uk (84.22.161.11) ... Authoritative Answer Recursive queries supported by this server Query for macupgrades.co.uk type=255 class=1 macupgrades.co.uk SOA (Zone of Authority) Primary NS: ns.iomart.co.uk Responsible person: dns[at]iomart.com serial:2005060904 refresh:10800s (3 hours) retry:3600s (60 minutes) expire:604800s (7 days) minimum-ttl:86400s (24 hours) macupgrades.co.uk NS (Nameserver) ns2.iomart.co.uk macupgrades.co.uk NS (Nameserver) ns.iomart.co.uk macupgrades.co.uk MX (Mail Exchanger) Priority: 10 mail.macupgrades.co.uk.macupgrades.co.uk macupgrades.co.uk MX (Mail Exchanger) Priority: 15 mail.macupgrades.co.uk.macupgrades.co.uk macupgrades.co.uk A (Address) 212.227.77.248 ns.iomart.co.uk A (Address) 84.22.161.11 ns2.iomart.co.uk A (Address) 62.128.193.201 Dig macupgrades.co.uk[at]ns2.iomart.co.uk (62.128.193.201) ... Authoritative Answer Recursive queries supported by this server Query for macupgrades.co.uk type=255 class=1 macupgrades.co.uk SOA (Zone of Authority) Primary NS: ns.iomart.co.uk Responsible person: dns[at]iomart.com serial:2005060904 refresh:10800s (3 hours) retry:3600s (60 minutes) expire:604800s (7 days) minimum-ttl:86400s (24 hours) macupgrades.co.uk NS (Nameserver) ns2.iomart.co.uk macupgrades.co.uk NS (Nameserver) ns.iomart.co.uk macupgrades.co.uk MX (Mail Exchanger) Priority: 10 mail.macupgrades.co.uk.macupgrades.co.uk macupgrades.co.uk MX (Mail Exchanger) Priority: 15 mail.macupgrades.co.uk.macupgrades.co.uk macupgrades.co.uk A (Address) 212.227.77.248 ns.iomart.co.uk A (Address) 84.22.161.11 ns2.iomart.co.uk A (Address) 62.128.193.201 ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.