Jump to content

My domain listed in SpamCop


Recommended Posts

Posted

Dear sirs and madams,

I'm totally bewildered... My mail domain (IP 80.78.41.168, MS Exchange 5.5 SP3) is listed in SpamCop for third time and I even don't understand why. I can give a guarantee that my mail server doesn't work as open relay and my users never sent any e-mail which can be estimate as spam. At least any of them didn't send any message with subject like 'save money', 'pa.. at' (see http://www.spamcop.net/w3m?action=blcheck&ip=80.78.41.168).

I really don't know what must I do to settle this situation, so I want ask you to HELP ME.

Thank you in advance!

Dmitry V.Boolychev

Posted

First of all, have you gone through the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=509 and not found anything there to help? Have you gone through the steps and procedures found at http://www.msexchange.org/tutorials/Preven..._Server_55.html and not found anything wrong in your configuration? Is this totally "your" server or is it shared? Basically asking if you've got access to the server logs or not ... is there a firewall, and are there logs on it that may show stuff that's not going through the Exchange server?

Posted
Dear sirs and madams,

I'm totally bewildered... My mail domain (IP 80.78.41.168, MS Exchange 5.5 SP3) is listed in SpamCop for third time and I even don't understand why. I can give a guarantee that my mail server doesn't work as open relay and my users never sent any e-mail which can be estimate as spam. At least any of them didn't send any message with subject like 'save money', 'pa.. at' (see http://www.spamcop.net/w3m?action=blcheck&ip=80.78.41.168).

I really don't know what must I do to settle this situation, so I want ask you to HELP ME.

Thank you in advance!

Dmitry V.Boolychev

Your IP is listed in the SpamCop blocklist because it is sending mail to our spamtraps. Spamtraps are email addresses that do not exist, have never existed and should never receive email.

Your exchange server is relaying spam for spammers. It appears that your exchange server is being used by spammers exploiting the SMTP/AUTH hack. Please see this faq for information about the exploit and how to fix the problem:

http://news.spamcop.net/cgi-bin/fom?file=372

This exploit allows spammers to relay thru your exchange server. This relaying does not show up using standard open relay tests as the spammer has gained "legal" access to your server by hacking an account/password combination.

Posted

Ellen, Wazoo: thank you very much! Yours advice are really useful for me.

I had looked through security log of my server this morning and detected the sourŅe of problem - user 'test' with guest permissions and with no password. Now I have disabled this account and I think it helps me to stop sending spam mail through my server.

Thank you all very much again!

Sincerely yours,

Dmitry V.Boolychev

Posted

Thanks for closing off the spammer access to your system -- your IP 80.78.41.168 is in the process of delisting which takes about 2 hours to propagate.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...