girl Posted October 3, 2006 Share Posted October 3, 2006 I've been blacklisted. I have three emails on my thunderbird account, main one is love[at]daintyrose.net, another one at daintyrose.net (it has my personal name in it, so I'm not going to post it... it doesn't really get any email), and a third email address is my school's address. I don't own the server myself (like have it in my room) but I own server space for daintyrose.net. My host is really anal about keeping things clean... so I don't know how there could be a security breach... I mean, if I don't update my wordpress like a weekafter it comes out, they take it down like it's a bomb. There's another email address, but I don't check it on my computer, and it's the administrator one, daynah[at]daintyrose.net. It's filled with spam, but again, it's never looked at by a computer and it doesn't have a quota. I'm just deleteing it all right now, in case that's the problem. I have linux... so... I know my computer's not gone borg. And if I share my ip address with my roommate in my dorm... she's got a mac. We're windows-virus free. I have to look at all of these continginces because... I didn't get this phantom email I hear about in all these faqs. I've had my email around on the net for a looong time, so I have about four spam protectors/filters on my email and I don't look back to see what it's deleted. My idea, the only thing that's important, it's important enough to send again. I did though ask google what my ip is and look that up in spam cop... 70.159.7.113 and it brings up this report... 70.159.7.113 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 14 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) * DNS error: 70.159.7.113 has no reverse dns Because of the above problems, express-delisting is not available Listing History In the past 48.6 days, it has been listed 8 times for a total of 16.5 days (the no reverse dns makes sense because I'm in paranoid school where I can't even call out, the phone numbers are scrambled... yeah) So... I really have no idea if it's daintyrose.net or Berry College or... well, you know, actually, I don't know what's going on at all. But here's what I do know. A) I haven't exceeded quota. I'm still receiving emails in my college address, thus, I'm not over quota. Also, I tell thunderbird to delete it after 7 days. For my daintyrose email addresses, there is no quota. The personal ones, I also have it deleted after 7 days. The administrator one there was a problem, but there wasn't a quota associated with it so... even though there was way too many emails and I should get rid of those anyway... no quota to exceed. I just... don't have any autoresponders. I just don't. I don't even know how to set those up on this new server I moved onto. C) I don't have time to spam. Man... if I could make money off of spaming... I mean! Hey, I'm a college student, don't get mad at me for thinking of alternative ways of money. Every college student has thought of whoring themselves out once in their lives... But anyway, all of the daintyrose emails are... me and duplicates of me. And I'm on linux. And my roommate's a mac (btw, she's working fine, so I don't think we're shared). And I talked to my college's tech desk and they're not getting an overwhelming report of spamcop. D) I don't have a bad firewall because... I don't have a firewall at all. Again, linux. E) My php mailer has been taken over my criminals? Has it? I don't know. I emailed my host and menchioned spamcop. I'm sure they're having a panic attack, that's what they do at mochahost when there's a security issue. They're probably taking down my domain right now to see if there's any problems. How do I check for this? F) "the SMTP/Auth exploit of an Exchange server is in progress" I use my school's Exchange server with pop3 in thunderbird, is that okay? The tech guy at my school said it was okay to do except that sometimes it might not remember my password, and he also said other people do it. (come on everyone's doin' it!) Is using the exchange server "exploiting" it? So uh... now the game of "Figure out what I did wrong without the magical email" Here are the steps I've taken to try to do stuff about it. 1) Cleaning out my admin email address (60,000 email addresses... it's taking a few hours) 2) Contacted domain host and let them know and asked for advice 3) Contacted school tech support. They said I'm on my own, but also said that they hadn't heard anything 4) Emailed Spamcop saying dude wtf. 5) And now asking you peoples UBUNTU! Thanks Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 3, 2006 Share Posted October 3, 2006 It is quite possible this listing has nothing to do with you. It sounds like you are sharing IP space with other people. That IP is BellSouth owned (or at least that is where reports are being sent: Reporting addresses: abuse[at]bellsouth.net, thisisspam[at]bellsouth.net ) There is nothing for the paying customers to tell you about this problem as there are no publically available reports at all. If this is YOUR (and your alone) IP address, please contact the deputies[at]spamcop.net address from an administrator address and request more information about what has hit the spamtraps. Otherwise, you need to contact your ISP (likely BellSouth, or whoever uses BellSouth connectivity) to deal with the problem. Link to comment Share on other sites More sharing options...
agsteele Posted October 3, 2006 Share Posted October 3, 2006 You may want to take a look at the various FAQs which explain how the blocklist works. When you send an Email it arrives at its destination. The ISP involved at the destination takes a look at it and based on a number of blocklists may decide that it has arrived via a mail server which is currently sending out spam. On that basis the message may be rejected. So, what the error you have received says is that you Email is going out via a mail server which is or has recently been sending out unsolicited Email. Now, the IP address you give has no reverse DNS entry so that makes it harder to identify but it looks like a machine linked to Bell South. Certainly their abuse department has been told of the problem. The IP you give (70.159.7.113) is NOT mail.daintyrose.net What is the name or ip of the SMTP mail server you are using to send your Email. THat information may provide a clue. Andrew Link to comment Share on other sites More sharing options...
dra007 Posted October 3, 2006 Share Posted October 3, 2006 There are a few interesting reports for that IP that go back a while, no reports for what got you listed at present: Submitted: Thursday, September 21, 2006 10:24:57 AM -0400: Hiya 1931915515 ( http://rokgelnasu.com/youth/ ) To: abuse#rdsnet.ro[at]devnull.spamcop.net 1931915509 ( http://rokgelnasu.com/youth/ ) To: contact-tech[at]rdsnet.ro 1931915494 ( 70.159.7.113 ) To: spamcop[at]imaphost.com 1931915479 ( 70.159.7.113 ) To: thisisspam[at]bellsouth.net 1931915465 ( 70.159.7.113 ) To: abuse[at]bellsouth.net ______________________________________________ Submitted: Wednesday, August 30, 2006 10:06:48 AM -0400: Re: Notice 1898858326 ( http://www.icecrkeamnutritionfiive.com/ ) To: wyd[at]jxtvnet.com 1898858321 ( 70.159.7.113 ) To: spamcop[at]imaphost.com 1898858314 ( 70.159.7.113 ) To: thisisspam[at]bellsouth.net 1898858302 ( 70.159.7.113 ) To: abuse[at]bellsouth.net _____________________________________________________ The first one is a Romanian ISP notorious for hosting spamgangs. However the lack of serious reporting suggest that spamtraps are more likely what got you in trouble. Link to comment Share on other sites More sharing options...
girl Posted October 3, 2006 Author Share Posted October 3, 2006 Well, I talked to my tech guys at my school and did you know that if you google "what's my ip" the ip that google gives you isn't always right? so that 70. something number isn't my ip at all. So not only do I not have an email to go on, I don't even have an ip to look up on spam cop and ask it why. My ip is 10.5.255.255 Note how that isn't in the system. The tech guy said that's because my school does some weird warp on the ips. In all of his four years at the school, he hasn't gotten one of the kids here added onto spamcop. What's a spamtrap? Does this have something to do with the fact that I don't have a "real" ip? EDIT: And my friend just pinged my domain for me, 67.15.104.25 which isn't in the system. But if it's not my personal domain, why would my college be causing -just me- problems, when my whole college shares one ip? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 3, 2006 Share Posted October 3, 2006 Well, I talked to my tech guys at my school and did you know that if you google "what's my ip" the ip that google gives you isn't always right? so that 70. something number isn't my ip at all. So not only do I not have an email to go on, I don't even have an ip to look up on spam cop and ask it why. Send an email to the address in my sig with the subject Forum request. From the headers of that message, I will be able to determine how your mail is travelling, and probably where it is being held up. The Spamcop email system does not block any mail. It uses it's list the way it was designed, in a re-direction fashion. There are a few interesting reports for that IP that go back a while, no reports for what got you listed at present: When I hit the report history for that IP address, I get an empty list. Parsing input: 70.159.7.113 [report history] Link to comment Share on other sites More sharing options...
dra007 Posted October 3, 2006 Share Posted October 3, 2006 Steven, you have to go to older reports to get those. Link to comment Share on other sites More sharing options...
Wazoo Posted October 3, 2006 Share Posted October 3, 2006 For as much data as you're supplied and the attempts at doing your own reseach (which is to be applauded) .. the problem is that there's nothing but confusion at this point. Initial statement: I am blocked Problem: three e-mail addresses from two sources mentioned. Hwever, no data on exactly "what" got blocked by "whom" ... the rejection notice for instance (if configured properly) should have had the data needed. Location: Sitting behind a router somewhere .. not stated whether this router is in the room or part of the college network. Confusing is the statement "sharing the IP address with my roommate" ...???? More confusing is that this IP address matches your posting IP address here. So if we 'pretend' to guess at things .. you are sitting in your room, banging on the keyboard that is currently assigned a non-routable IP address of 10.5.255.255 (which actually look suspiciously wrong also) ... this 'internal' network is connected to an apparently proxified server/gateway sotting at the IP address of 70.159.7.113 ... http://www.senderbase.org/?searchBy=ipaddr...ng=70.159.7.113 Date of first message seen from this address 2006-08-14 (note the 'recent' date) Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.6 .. 2133% Last 30 days .. 3.7 ... 186% Average ........ 3.3 Traffic numbers do not look good for a "non-email" server .... Note also that SpamCop.net is not the only BL listing this IP address Telnet to that system does not bring up a responding e-mail server ... http://www.senderbase.org/search?searchString=berry.edu Addresses in berry.edu used to send email address hostname 66.20.28.21 berfw.berry.edu 66.20.28.52 fsmail1.ad.berry.edu 66.20.28.53 lokimail1.ad.berry.edu Note that the IP address in question is not showing as an 'authorized' server. Lack of rDNS doesn't help in tracking down the actual owner of that system beyond BellSouth ... so moving over to your web-site; ns10.mochahost.com reports the following MX records: Preference Host Name IP Address TTL 10 mail.daintyrose.net 67.15.104.25 so the incoming MX is in yet another IP range, managed by the famous Everyones Internet folks ... Addresses in mochahost.com used to send email View others in mochahost.com or address block: /28 /27 /26 /25 /24 /23 /22 /21 /20 /19 /18 /17 /16 address hostname 67.15.104.25 web3.mochahost.com 67.15.226.37 ns10.mochahost.com 67.15.4.25 mochahost.com 67.15.56.48 ns6.mochahost.com (not going to dif any firther on this path) http://www.senderbase.org/search?searchString=daintyrose.net shows nothing of value as far as outgoing e-mail ... Your zeal in being "virus free" becasue you are using a distribution of Linux is admirable. However, you apparently have not run across the word "exploit" yet ...???? The comment "I don't need a firewall because I run Linux" is extremely odd, especially when not followed by "I set up my firewall under Linux" ...??? Pretty much the same issue with your roommate's Mac ... sure, there aren't that many virus issue, but .. exploits galore .... What is needed at this point ... the identification of the actual e-mail being "blocked" by someone else, specifically the IP address of that outgoing e-mail server. If it's the 'college' address, the next question would be why your out-going e-mail isn't leaving via those servers identifed above. If 'we' go with the flow of your provided information thus far, then the 'owner' of the system actually sitting at 70.159.7.113 needs to be identified and contacted .. information like the above noted traffic provided so they can look at what is actually running on that server (and explaining why your e-mail would be leaving that server in addition to providing your 'net' connection) Or, back to configuration .. how do you actually have your out-going e-mail application setup? There is an instance 'here' of a case 'solved' by having the system owner turn off his computer and wireless modem for a day, watching the numbers on the SenderBase listing dwindle down, offering the 'proof' needed that the spew was in fact coming from that user's system/network .... Link to comment Share on other sites More sharing options...
turetzsr Posted October 3, 2006 Share Posted October 3, 2006 <snip> http://www.senderbase.org/?searchBy=ipaddr...ng=70.159.7.113 Date of first message seen from this address 2006-08-14 (note the 'recent' date) <snip> ...Entirely consistent with the arrival of students for the beginning of a college fall semester.... Link to comment Share on other sites More sharing options...
girl Posted October 3, 2006 Author Share Posted October 3, 2006 "For as much data as you're supplied and the attempts at doing your own reseach (which is to be applauded) .. the problem is that there's nothing but confusion at this point." I think it's cause I only half way know what's going on. I feel like that for as many websites on spamcop that I've read, I've become none the wiser. In fact, I feel like I know LESS about how ips and domains and emails work. Right now, I am now confused as to what my IP address is. My network administrator says "It should start with 10.something" and my computer says 10.5.255.255 but when I ask Google, I get 70.159.7.113. And that's from more than one website, I rechecked it. Which scares the crap outta me with you guys saying the 70.159.7.113 is some bad guy. "Hwever, no data on exactly "what" got blocked by "whom" ... the rejection notice for instance (if configured properly) should have had the data needed." Like I said, I didn't get a rejection notice, if that's that email you got. All I get is an error message saying... "An error occured while sending mail. The mail server responged: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again." I haven't changed my email address since it worked so.. it's correct. "Who" got blocked is me. Both my personal email account, love[at]daintyrose.net and my school email account. And blocked while sending to my school. I test sending it to myself (personal to personal) and it gets blocked). I just get blocked. "Location: Sitting behind a router somewhere .. not stated whether this router is in the room or part of the college network. Confusing is the statement "sharing the IP address with my roommate" ...???? More confusing is that this IP address matches your posting IP address here." The router is not in my room, I have never seen this router, I don't know how many routers there are. All that I've heard of this router is, "Berry College all has the same IP." so I guess there's only one router and I'm on it. I had been told earlier in the year that my bandwidth was split with my roommate "so don't hog it" but I suppose that's a myth. Right now, Bellsouth is having problems. Bellsouth is the only provider here. That's all I really know at this point. A lot of the questions people have been asking me about this (domain host, tech support, here) have been really technical and I'm not totally sure how to answer them. I believe you asked what my outgoing mail config is and I don't know how else to answer it but this... I have a smtp (just one) with mail.daintyrose.net love[at]daintyrose.net being the username, 0 being the port and no authentication. EDIT: >< whatever is doing it, just did it again. my "wait time" or whatever it is just went from 12 hours to 19. Moderator Edit: placed "quote" brackets in to show the flow of questions, answers .... Link to comment Share on other sites More sharing options...
turetzsr Posted October 3, 2006 Share Posted October 3, 2006 <snip> Like I said, I didn't get a rejection notice, if that's that email you got. All I get is an error message saying... "An error occured while sending mail. The mail server responged: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again." ...Who or what sent you this message? Your answer here may be instructive. In addition, you may want to try to let them/it know that this message is meaningless without the IP address they found on the SpamCop blacklist which caused them to block you. SpamCop recommends that the message be something like "spam blocked see: http://spamcop.net/bl.shtml?<IPAddress><snip> I test sending it to myself (personal to personal) and it gets blocked). I just get blocked. <snip> ...This suggests that your outgoing mail is being blocked either by Berry College or by the ISP (BellSouth?), which probably is the answer to my first question. Methinks it's time to go back to Berry College Tech Support. "You're on your own" don't cut it when it is apparently they or their ISP that is causing your problem. ...Disclaimer: I am not a tech, so I may not have the story exactly right. I'm hoping someone more knowledgeable will pick up what I've said and either support it or contradict it.... ...Good luck! Link to comment Share on other sites More sharing options...
Wazoo Posted October 3, 2006 Share Posted October 3, 2006 I think it's cause I only half way know what's going on. I feel like that for as many websites on spamcop that I've read, I've become none the wiser. In fact, I feel like I know LESS about how ips and domains and emails work. Not sure what you might be including in the "websites on spamcop" .... There is the single-page-access point provided 'here' via the SpamCop FAQ links at the top of the page ... One entry has been posted as a Pinned item in this section so as to stand-alone .. the "Why am I Blocked?" Right now, I am now confused as to what my IP address is. My network administrator says "It should start with 10.something" and my computer says 10.5.255.255 but when I ask Google, I get 70.159.7.113. And that's from more than one website, I rechecked it. http://www.grc.com/nat/nat.htm .... your 10.x.x.x address is on the "Intranet (LAN)" side of the pictures .. he 70.x.x.x is on the "Internet (WAN)" side of those pictures. I still feel that the 10.5.255.255 address you're listing is actually the "mask" field, but that's just me ... Which scares the crap outta me with you guys saying the 70.159.7.113 is some bad guy. The numbers showing on SenderBase are indicative of an infected/compromised system that a spammer or two is abusing. There are other possible reasons, but ..... Like I said, I didn't get a rejection notice, if that's that email you got. All I get is an error message saying... "An error occured while sending mail. The mail server responged: 5.3.0 Rejected - see http://www.spamcop.net. Please verify that your email address is correct in your mail preferences and try again." That would have been the 'rejection notice' ... however, it hasn't been configured per SpamCop.net recommendations. I'll also note that the additional commentary of "check your e-mail address" doesn't tie in with a SpamCopDNSBL listing, suggesting that there may be more issues involved. (Note that "we" wouldn't receive anything .... all volunteers on this bus.) I haven't changed my email address since it worked so.. it's correct. "Who" got blocked is me. Both my personal email account, love[at]daintyrose.net and my school email account. And blocked while sending to my school. I test sending it to myself (personal to personal) and it gets blocked). I just get blocked. OK, allegedly the SpamCopDNSBL is used by the berry.edu incoming e-mail servers. However. now you're suggesting that you are using multiple (output) e-mail servers that are both/all blocked. (Back to needing to see the IP addresses actually involved in your out-going e-mail(s) The router is not in my room, I have never seen this router, I don't know how many routers there are. All that I've heard of this router is, "Berry College all has the same IP." so I guess there's only one router and I'm on it. I had been told earlier in the year that my bandwidth was split with my roommate "so don't hog it" but I suppose that's a myth. Right now, Bellsouth is having problems. Bellsouth is the only provider here. There are probably 'many' routers .. but you are agreeing with my "proxified server" description .... That's all I really know at this point. A lot of the questions people have been asking me about this (domain host, tech support, here) have been really technical and I'm not totally sure how to answer them. I believe you asked what my outgoing mail config is and I don't know how else to answer it but this... I have a smtp (just one) with mail.daintyrose.net love[at]daintyrose.net being the username, 0 being the port and no authentication. Now you're stating that you only use "one" output e-mail server ...???? The "port = 0" is not a 'normal' set-up configuration. Port 25 is the 'normal' connection, other ports becoming involved due to access modes of that e-mail server and/or the 'local' ISP blocking of Port 25 ..... StevenUnderwood asked for an e-mail .. have you sent him one yet? Link to comment Share on other sites More sharing options...
girl Posted October 3, 2006 Author Share Posted October 3, 2006 they[/b] or their ISP that is causing your problem. ...Disclaimer: I am not a tech, so I may not have the story exactly right. I'm hoping someone more knowledgeable will pick up what I've said and either support it or contradict it.... Thanks for being so patient! I just went around and started googling ips on random people's computers and all of us get the 70.something blah blah ip! Berry's tech support is students, so you often get a "You're on your own." Especially when you run linux... I had to go through two people to get someone who would recognize that it wasn't a linux problem. I'll stop by there in person. I don't know yet, though, if my laptop works on other ports around campus. Eh, I guess we'll see! (both my laptop and desktop don't email out) Thanks for the luck! I'm going to try to push this out of my mind, get Moes comfort food, and finish my lab report. "Now you're stating that you only use "one" output e-mail server ...???? The "port = 0" is not a 'normal' set-up configuration. Port 25 is the 'normal' connection, other ports becoming involved due to access modes of that e-mail server and/or the 'local' ISP blocking of Port 25 ....." (sorry, don't know how to do quotes, and I posted the original post around the same time you did) Yeah, I use one smtp. In thunderbird, it says that setting up two SMTP is only recommended for advanced users, which I'm definately not. I only had one, also, when I used to use a combination of daintyrose+gmailpop (I don't use gmail anymore). So though I use two different emails to send out, I use one smtp server for it. Don't ask me how it works, I just did what thunderbird said to do if I'm dumb, made sure that if I was sending from a certain address, the receiver actually only SAW it from that address (they do) and went on my merry little way. Moes. Work. Pretend that it actually will go away in 19 hours and that whatever is happening will not happen agian. Pretend the world actually is just. And no, I haven't sent him one yet, "f this is YOUR (and your alone) IP address, please contact the deputies[at]spamcop.net address from an administrator address and request more information about what has hit the spamtraps. Otherwise, you need to contact your ISP (likely BellSouth, or whoever uses BellSouth connectivity) to deal with the problem." I'm not the sole owner of the IP address... it's Berry's. Or Mochahost's. Should I still contact them? Link to comment Share on other sites More sharing options...
Wazoo Posted October 3, 2006 Share Posted October 3, 2006 (sorry, don't know how to do quotes, Start by using the "Reply" button ..... Yeah, I use one smtp. In thunderbird, it says that setting up two SMTP is only recommended for advanced users, which I'm definately not. I only had one, also, when I used to use a combination of daintyrose+gmailpop (I don't use gmail anymore). So though I use two different emails to send out, I use one smtp server for it. Don't ask me how it works, I just did what thunderbird said to do if I'm dumb, made sure that if I was sending from a certain address, the receiver actually only SAW it from that address (they do) and went on my merry little way. So, basically, I'll admit to not having any idea at this point how you are actually "sending" e-mail ... I can assume, but ... And no, I haven't sent him one yet, "f this is YOUR (and your alone) IP address, please contact the deputies[at]spamcop.net address from an administrator address and request more information about what has hit the spamtraps. Otherwise, you need to contact your ISP (likely BellSouth, or whoever uses BellSouth connectivity) to deal with the problem." I'm not the sole owner of the IP address... it's Berry's. Or Mochahost's. Should I still contact them? As you are not the owner, you probably won't get much of a response. Sending an e-mail to Steven would have allowed him to analyze the headers of that e-mail, he woud have posted some data, and then "we all" could be dealing with some specifics ...... Link to comment Share on other sites More sharing options...
girl Posted October 3, 2006 Author Share Posted October 3, 2006 As you are not the owner, you probably won't get much of a response. Sending an e-mail to Steven would have allowed him to analyze the headers of that e-mail, he woud have posted some data, and then "we all" could be dealing with some specifics ...... so you just said I wont get a reply cause I'm not the owner but it would be incredibly helpful if I emailed him. Should I email or not? Link to comment Share on other sites More sharing options...
dra007 Posted October 3, 2006 Share Posted October 3, 2006 Girl, we are all end users here, not support staff...and volunteers. But there are enough knowledgeable people among us to help you if you provide the data we need. An e-mail to Steven would show the IP of injection in the header and that IP can be further analyzed for potential issues that got it listed in the first place. Link to comment Share on other sites More sharing options...
turetzsr Posted October 3, 2006 Share Posted October 3, 2006 so you just said I wont get a reply cause I'm not the owner but it would be incredibly helpful if I emailed him. Should I email or not?...Wazoo meant that if you e-mail the SpamCop Deputies, you probably won't get a reply because you aren't the owner. StevenUnderwood is not a Deputy; his request to send him an e-mail was not related to his suggestion to send the Deputies an e-mail. So, yes, you should send an e-mail to StevenUnderwood, as he requested, above. Link to comment Share on other sites More sharing options...
girl Posted October 3, 2006 Author Share Posted October 3, 2006 Yes, I know you guys are just peeps. I'm familar with the system... I give people help at the ubuntu IRC channel. I emailed Steven both with my broken email (still doesn't work of course) and with my working web mail. Thanks so much guys! Link to comment Share on other sites More sharing options...
Wazoo Posted October 3, 2006 Share Posted October 3, 2006 I emailed Steven both with my broken email (still doesn't work of course) and with my working web mail. Thanks so much guys! Now you've invoked a third e-mail source .... perhaps not meaning to, but "web mail" has a specific definition. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 3, 2006 Share Posted October 3, 2006 Yes, I know you guys are just peeps. I'm familar with the system... I give people help at the ubuntu IRC channel. I emailed Steven both with my broken email (still doesn't work of course) and with my working web mail. Thanks so much guys! OK, I got one message, munged version here (please don't start underage drinking, it will not help us through this, and if you need to leave for classwork, by all means, please do): http://www.spamcop.net/sc?id=z1089191753ze...029ceef992ba1cz Now if as you seem to be saying here this is from your webmail system, it may be that this information will not help us at all. If your problem was due to a listing on spamcop. then you would have been able to send from the "broken" email because spamcop does no blocking on their systems. Ignore the webmail system for the moment. How is the "broken email" setup? Software, OS, when it last worked (if at all), whatever error message you see when trying to send messages. Once we have that info, we will likely have more specific questions based on the software in use as to where to look for the settings we are trying to reach. As far as IP addresses, we were trying to determine the IP address of the mail server. If you are trying to send directly from your PC, all bets are off, and if that was working, the administration may have finally clamped down on it to eliminate lots of junk leaving their network. We thank them for that. Somewhere on your campus should be the proper way to configure your machine to do email on campus. Link to comment Share on other sites More sharing options...
girl Posted October 4, 2006 Author Share Posted October 4, 2006 OK, I got one message, munged version here (please don't start underage drinking, it will not help us through this, and if you need to leave for classwork, by all means, please do): http://www.spamcop.net/sc?id=z1089191753ze...029ceef992ba1cz Now if as you seem to be saying here this is from your webmail system, it may be that this information will not help us at all. If your problem was due to a listing on spamcop. then you would have been able to send from the "broken" email because spamcop does no blocking on their systems. That is my berry email account send from online. At Berry, we're "supposed" to use it online. This is because Berry does not like having to deal with tech support questions. I do not like using the online interface, so I took the Berry thing, figured out how to pop it. That SAME EMAIL account does NOT work when I pop it (spamcop message) but DOES work when I use it online (as you can see). I send that same email message from love[at]daintyrose.net from pop and apparently you didn't get it. That's my bigger issue, the "completely broken" email address, if you will. Ignore the webmail system for the moment. How is the "broken email" setup? Software, OS, when it last worked (if at all), whatever error message you see when trying to send messages. Once we have that info, we will likely have more specific questions based on the software in use as to where to look for the settings we are trying to reach. To use pop3 I use Thunderbird on Ubuntu Linux... I'm using the newest Kernel it's 6.something or another. I'd have to go into terminal for the rest of the numbers, but just trust me that it's the latest (update manager it's bugging me). Last time it worked? It didn't work last night. Monday I don't think I tried to email anyone... and I was out of town for about a week before then... so that gives a broad range of when it possibly broke. As far as IP addresses, we were trying to determine the IP address of the mail server. If you are trying to send directly from your PC, all bets are off, and if that was working, the administration may have finally clamped down on it to eliminate lots of junk leaving their network. We thank them for that. Somewhere on your campus should be the proper way to configure your machine to do email on campus. Send directly from a pc? Is that what I've been doing using smtp? (if so I've been doing it for years and haven't gotten "caught") If I have to set something up differently for my love[at]daintyrose.net, Berry will not give me any support for it. Do you have any suggestions? Moderator Edit: tried to reformat this, again separating quetion, answer stuff .... Note: there is a Forum FAQ, a 'Test' Forum, etc .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 4, 2006 Share Posted October 4, 2006 Send directly from a pc? Is that what I've been doing using smtp? (if so I've been doing it for years and haven't gotten "caught") If I have to set something up differently for my love[at]daintyrose.net, Berry will not give me any support for it. Do you have any suggestions? It is possible that Berry noticed the spamcop listing of 70.159.7.113 and did not like all the garbage hitting the internet from their IP address and finally clamped down. In other words, what you are trying to do MAY NOT work now. POP and POP3 are used for receiving email from a server, not sending it. SMTP is used for sending it. Since you are running Linux, you may be attempting to use "direct to MX" sending over port 25 which would be the simple way for Berry to fix their problem. I am not a Unix/Linux person so can not tell you how to tell if you are doing that or trying to use a smarthost of some sort. Others here can probably help you there if you need it. Since it sounds like you have a domain outside of the college, it is possible they provide you SMTP server, even better it they offer that over an alternate port. You would then tell your local machine to use that connection information to send out your messages. Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2006 Share Posted October 4, 2006 Per Steven's Tracking URL, the e-mail in question did leave via one of the three previously identified 'authorized' e-mail servers ... IP address of 66.20.28.53 http://www.senderbase.org/?searchBy=ipaddr...ing=66.20.28.53 http://spamcop.net/w3m?action=checkblock&ip=66.20.28.53 66.20.28.53 not listed in bl.spamcop.net Going back to your identified "Port 0" ... it is possible that you have been using the SMTP server on your system to send stuff out. This in turn would have used your 'net' conection as the 'source' of that e-mail. If that's the case, extraploate some more data, other 'dorm residets' are also using the same network, have infected/compromised systems and are also spewing garbage out through the same server (also using their own or virus loaded SMTP engines) Now we're looking at a valid reason behind the listing of that IP address .. again noting that it isn't an '(officially) identified' e-mail server to begin with Flowing down that same river, now we look at the possibility that the 'admin crew' has tried to lock things down on that server .... thus offering the possiblity that your 'Domain'-named e-mail isn't flowing becasue it's been blocked by that server (not being a berry.edu address) .. only wild guesses at the possuibilities at this point ... However, any sign that the problem has been fixed has pretty much been shattered ... SenderBase data shows traffic is still on the increase (more computers getting infected?) http://www.senderbase.org/search?searchString=70.159.7.113 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.7 .. 2649% Last 30 days .. 3.7 .... 189% Average ........ 3.3 Another data point: http://www.senderbase.org/search?searchString=berry.edu Volume Statistics for this Domain Magnitude Vol Change vs. 30 Day Last day ........ 4.1 .. 514% Last 30 days .. 3.3 Link to comment Share on other sites More sharing options...
girl Posted October 4, 2006 Author Share Posted October 4, 2006 You know, I could say stuff that might be interesting to reply to you, but I'm sure you're tired of me. Especially because... I fixed it. I got on gmail and told gmail to pop again, and set up gmails pop on my thunderbird and then set up a second smtp so that gmail was on gmail's smtp and daintyrose was on daintyrose's. Yeah, you don't have to be advanced to do that, I don't know what Thunderbird was talking about. Anyway, gmail worked fine. So then I set up daintyrose to to use gmail's smtp. Last question, do you think I should keep daintyrose using gmail's smtp, or switch it back after a while? Link to comment Share on other sites More sharing options...
Wazoo Posted October 4, 2006 Share Posted October 4, 2006 Last question, do you think I should keep daintyrose using gmail's smtp, or switch it back after a while? Note the monster existing Topc/Discussion on GMail's servers getting listed .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.