Jump to content

How long should it take for reports to stop


michaelr

Recommended Posts

Hi everyone, I hope someone can help me with a question. I apologise if it's been asked before - I couldn't find anything while searching the forum.

We discovered our server on 212.227.77.248 was SpamCop's blacklist last Wednesday. Unfortunately it turned out we did have the server configured to act as an open relay, and it was being used to send spam.

We belived we had resolved the issue and by Friday we were no longer blacklisted.

Came into work today (Monday) and checked the IP on SpamCop, and we are blacklisted again.

The initial ban was from user reports. The current one is user reports and 1 spamtrap.

My question is, is it possible that the latest ban is still from the spam we were relaying previously, that have just taken a few days to be reported, or is it likely that we have a further problem?

Thanks for reading.

Michael

Link to comment
Share on other sites

My question is, is it possible that the latest ban is still from the spam we were relaying previously, that have just taken a few days to be reported, or is it likely that we have a further problem?

Hi Michael!

As a paying user I can see that the last items of spam submitted by other users was on 21 September. That does seem to have been part of a significant spam run. Since you confirm that you have had an open relay it is possible that there will have been reports received in regard to this junk as recently as Sunday, 24th. So it is possible that the reports you refer to relate to the problem you have since resolved.

However, since some of the reports have been reaching spam traps it is not possible for a user to see details of when these reports were received (these forums are users helping users).

As you will have seen, the listing is due to time out within 18 hours. So, if you can bear to wait until tomorrow, you should see whether the issue has been resolved.

You can, if you wish, raise the matter with deputies[at]spamcop.net but that could take longer than the overnight wait.

It also looks like you don't have admin Email addresses listed for your mail servers. If you did then you would be able to delist the servers once only confirming you had taken the necessary action to fix the problem. So updating your registrations would possibly help you inthis respect in the future.

Andrew

Link to comment
Share on other sites

Thank-you very much for the reply, and taking the time to investigate.

From our point of view a day longer on the blacklist is pretty minor compared to a still compromised server, so your reply is reassuring and I'll wait and hope that the issue is resolved.

I saw the request delisting option, but the "you can only do this once" warning scared me off ;) I don't want to try anyone's patience since the ban is not life or death as long as it's short!

Thanks again for your trouble.

Link to comment
Share on other sites

I saw the request delisting option, but the "you can only do this once" warning scared me off ;) I don't want to try anyone's patience since the ban is not life or death as long as it's short!

I think that's wise. Requesting delisting can ony make matters worse since if you get it wrong the deputies may be more cautious in delisting you later if you still need help.

Keep a watch on the page and check that the time delay is always decreasing. If you see it jump back up to, say 23 hours, then that's a sign you still have spam flowing in some way.

Andrew

Link to comment
Share on other sites

Just a clarification. I have always understood that it is the time of when the spam was sent that determined when the 'stop' for listing was started. IOW, if someone didn't receive the spam until after you fixed the problem, it would not affect the bl even if reported.

I might have misunderstood Andrew's explanation or I might be wrong.

Miss Betsy

Link to comment
Share on other sites

... I have always understood that it is the time of when the spam was sent that determined when the 'stop' for listing was started. ....
That's my understanding too - listing time is reduced by the parser's take on the age of the spam when reported (= how long ago it was sent before being reported). When the Deputies have delisted and an attempt is made to report spam which nominally issued before the fix, the parse throws up that (now rare) message ISP has indicated spam will cease; ISP resolved this issue sometime after ..... Or am I getting confused about what is confusing?
Link to comment
Share on other sites

Thanks everyone, your posts made me double check everything. There was a misunderstanding between me and a collegue over whether qmail had had it's queue cleared. It hadn't and I assume it has been happily sending the rest of the spam in it's queue even though it was no longer relaying new mail - my qmail knowledge is poor I'm afraid so any comments on that would be welcome.

The queue is now clear and is being watched *very* carefully so I think the situation is resolved.

Thank-you to everyone who has helped us to resolve this issue. If anyone has any thoughts on anything we might have overlooked they will be read closely, we don't want to be sending spam any more than you want us to!

Link to comment
Share on other sites

Thank-you to everyone who has helped us to resolve this issue. If anyone has any thoughts on anything we might have overlooked they will be read closely, we don't want to be sending spam any more than you want us to!

Thank you for the update and for your attitude. It is refreshing to have someone not blame us for all their problems. ;)

Link to comment
Share on other sites

  • 2 weeks later...

Unfortunately, it looks like you might not be getting any email whatsoever because server mail.macupgrades.co.uk.macupgrades.co.uk doesn't exist - see the following for details:

10/08/06 14:13:40 dig macupgrades.co.uk ...

Dig macupgrades.co.uk[at]ns.iomart.co.uk (84.22.161.11) ...

Authoritative Answer

Recursive queries supported by this server

Query for macupgrades.co.uk type=255 class=1

macupgrades.co.uk SOA (Zone of Authority)

Primary NS: ns.iomart.co.uk

Responsible person: dns[at]iomart.com

serial:2005060904

refresh:10800s (3 hours)

retry:3600s (60 minutes)

expire:604800s (7 days)

minimum-ttl:86400s (24 hours)

macupgrades.co.uk NS (Nameserver) ns2.iomart.co.uk

macupgrades.co.uk NS (Nameserver) ns.iomart.co.uk

macupgrades.co.uk MX (Mail Exchanger) Priority: 10 mail.macupgrades.co.uk.macupgrades.co.uk

macupgrades.co.uk MX (Mail Exchanger) Priority: 15 mail.macupgrades.co.uk.macupgrades.co.uk

macupgrades.co.uk A (Address) 212.227.77.248

ns.iomart.co.uk A (Address) 84.22.161.11

ns2.iomart.co.uk A (Address) 62.128.193.201

Dig macupgrades.co.uk[at]ns2.iomart.co.uk (62.128.193.201) ...

Authoritative Answer

Recursive queries supported by this server

Query for macupgrades.co.uk type=255 class=1

macupgrades.co.uk SOA (Zone of Authority)

Primary NS: ns.iomart.co.uk

Responsible person: dns[at]iomart.com

serial:2005060904

refresh:10800s (3 hours)

retry:3600s (60 minutes)

expire:604800s (7 days)

minimum-ttl:86400s (24 hours)

macupgrades.co.uk NS (Nameserver) ns2.iomart.co.uk

macupgrades.co.uk NS (Nameserver) ns.iomart.co.uk

macupgrades.co.uk MX (Mail Exchanger) Priority: 10 mail.macupgrades.co.uk.macupgrades.co.uk

macupgrades.co.uk MX (Mail Exchanger) Priority: 15 mail.macupgrades.co.uk.macupgrades.co.uk

macupgrades.co.uk A (Address) 212.227.77.248

ns.iomart.co.uk A (Address) 84.22.161.11

ns2.iomart.co.uk A (Address) 62.128.193.201

...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...