misho Posted October 27, 2006 Posted October 27, 2006 Hello, In this days, i am in spamcop( Zlatograd.com mail server running postfix 2.2.3) blacklist, but i not sending spam or i have open relay mail server. If can help me what is the reason for what i am this spamcop blacklist . And when i understand what is the reason and if problem in my mail server i fix ! Thanks in advance !! Best Regards Mihail Peltekov System Administrator mail server Zlatograd.com !! Sorry for my bad english !
DavidT Posted October 27, 2006 Posted October 27, 2006 Mihail, I just looked up some things about the IP address [87.118.176.200], and it's not good news. First, take a look at the statistics on this page: http://www.senderbase.org/search?searchString=87.118.176.200 Under "Volume Statistics for this IP" the "Last day" value is 2693%, and although the SenderBase has only been watching the volume from that IP for a short time, that's a HUGE increase, so I'll guess that there's lots of stuff being transmitted from the IP without your knowledge. The reason the IP is listed in the SCBL is totally due to spam reports submitted by SpamCop users, such as these: Submitted: Thursday, October 26, 2006 1:24:49 PM -0700: SEXUALLY EXPLICIT : Horny cum eating blonde babe * 1986600140 ( 87.118.176.200 ) To: spamcop[at]imaphost.com * 1986600134 ( 87.118.176.200 ) To: ripe[at]itdnet.net Submitted: Tuesday, October 24, 2006 2:20:11 PM -0700: No problems in sex - no problems in life. Viagra Pro. * 1983289213 ( 87.118.176.200 ) To: ripe[at]itdnet.net Submitted: Monday, October 23, 2006 6:23:04 AM -0700: Get your ideal weight with this natural method * 1980983258 ( 87.118.176.200 ) To: mole[at]devnull.spamcop.net Submitted: Monday, October 23, 2006 6:10:40 AM -0700: We are trusted, reliable pharmacy * 1980973849 ( 87.118.176.200 ) To: ripe[at]itdnet.net Submitted: Monday, October 23, 2006 4:28:11 AM -0700: [spam] SEXUALLY EXPLICIT : Adorable blonde Carol teasing pink * 1981551962 ( 87.118.176.200 ) To: spamcop[at]imaphost.com * 1981551949 ( 87.118.176.200 ) To: ripe[at]itdnet.net Port spam, pharmaceutical spam....you've got some real problems with what's been going out from your machine! The reports have been sent to the "itdnet.net" adress shown above, so perhaps you can contact them for further details. If you're running a MS Exchange server, we have some helpful people who will come along and tell you how to secure it against hijacking, etc. Further info: Listing History In the past 4.1 days, it has been listed 3 times for a total of 2.1 days Other hosts in this "neighborhood" with spam reports 87.118.176.252 87.118.176.254 87.118.177.1 Looks like your IP has been repeated listed this week, and that you, or someone else has tried to "delist" it, so you can't do that any more. What you need to do is to find out who or what is transmitting all that spam from your IP and stop it. DT
misho Posted October 27, 2006 Author Posted October 27, 2006 Thanks for fast reply !! Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with spam !!! Who can help me to delist ? Thanks
StevenUnderwood Posted October 27, 2006 Posted October 27, 2006 Can u help and said my what is mail server who send this e-mails ... Because this server and routing and pc in local network and may be any of PC is have viruses .. I want see full Header of any recieved e-mail with this stupid spam !! I have spam and i will fight with spam !!! Who can help me to delist ? Delisting will happen automatically after a set amount of time without receiving a new report. The people at ripe[at]itdnet.net have the reports which include the headers. The only other way would be to convince the people at deputies[at]spamcop.net you are responsible for that IP address and ask for the headers as well. Not sure it will work (since reports already went to the responsible party on record). You may want to get this modified so you receive the reports: Reports routes for 87.118.176.200: routeid:22815066 87.118.176.0 - 87.118.177.255 to:ripe[at]itdnet.net Administrator found from whois records
DavidT Posted October 27, 2006 Posted October 27, 2006 Because this server and routing and pc in local network and may be any of PC is have viruses Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure. DT
misho Posted October 28, 2006 Author Posted October 28, 2006 Maybe you should configure the server so that it doesn't allow the PC's access to the SMTP port 25. I asked you if it is using Microsoft Exchange, but you didn't answer. We have experts here who can help you to make your server more secure. Hi Again In my first post i said what is my mail server ( Postfix 2.2.3) .. For auth i using SASL smptd, before users send e-mail they must AUTH, but may be my local area 192.168.8.0/24 is in my trusted network ... But think today to remove from there ..
DavidT Posted October 28, 2006 Posted October 28, 2006 Hi Again In my first post i said what is my mail server ( Postfix 2.2.3) Ah, yes you did....sorry. We've had so many Exchange admins drop by recently I had a "one-track" mind. Sorry for my confusion. DT
Recommended Posts
Archived
This topic is now archived and is closed to further replies.