Jump to content

blacklisted help!!!


cplogan

Recommended Posts

Posted

We moved to a new exchange server last week. We moved from exchange 2000 to exchange 2003. Our external ip address has stayed the same. # days ago we got blacklisted and I cannot figure out what keeps getting us put on there. I requested removal and we have went 24hours last without spam, but this morning we were back on there for the 3rd time this week. Any help would be appreciated here is one of the bounce emails i get.

on 11/9/2006 9:37 AM

There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.

<tiffinmotorhomes.com #5.5.0 smtp;550 Requested action not taken: cannot accept mail for specified user from host: 66.21.94.98 RBL: bl.spamcop.net>

Posted

Hi!

Query bl.spamcop.net - 66.21.94.98

(Help) (Trace IP) (Senderbase lookup)

66.21.94.98 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours.

Causes of listing

  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
  • SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

  • System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 2.4 days, it has been listed 3 times for a total of 42 hours

SpamCop v 1.600 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved.

Parsing input: 66.21.94.98

host 66.21.94.98 = mail.tiffinmotorhomes.com (cached)

host 66.21.94.98 = mail.tiffinmotorhomes.com (cached)

Routing details for 66.21.94.98

[refresh/show] Cached whois for 66.21.94.98 : abuse[at]bellsouth.net

Using abuse net on abuse[at]bellsouth.net

abuse net bellsouth.net = abuse[at]bellsouth.net, thisisspam[at]bellsouth.net

Using best contacts abuse[at]bellsouth.net thisisspam[at]bellsouth.net

Statistics:

66.21.94.98 listed in bl.spamcop.net (127.0.0.2)

More Information..

66.21.94.98 not listed in dnsbl.njabl.org

66.21.94.98 not listed in dnsbl.njabl.org

66.21.94.98 not listed in cbl.abuseat.org

66.21.94.98 not listed in dnsbl.sorbs.net

66.21.94.98 not listed in relays.ordb.org.

Reporting addresses:

abuse[at]bellsouth.net

thisisspam[at]bellsouth.net

...Have you contacted the reporting addresses? They should be receiving e-mails about the reports from SpamCop users. As for the SpamTrap hits, information about those are available only from the SpamCop Deputies (deputies[at]admin.spamcop.net). You will have to satisfy the Deputies that you are the authorized administrator for 66.21.94.98 and even then they will only provide you very limited information.

...As for Exchange, please see SpamCop FAQ (link near top left of page) items labeled "But my Exchange 2000 server is secured against relaying!" and "Outlook & Exchange Solutions Center."

...Good luck!

Posted
...Have you contacted the reporting addresses? They should be receiving e-mails about the reports from SpamCop users. As for the SpamTrap hits, information about those are available only from the SpamCop Deputies (deputies[at]admin.spamcop.net). You will have to satisfy the Deputies that you are the authorized administrator for 66.21.94.98 and even then they will only provide you very limited information.

...As for Exchange, please see SpamCop FAQ (link near top left of page) items labeled "But my Exchange 2000 server is secured against relaying!" and "Outlook & Exchange Solutions Center."

I am trying to ge tin touch with the it person at the place that is bouncing our mail. I would like to ge some info on the reports they are getting. I also have contacted the deputies at spamcop. I have finally managed to get off all of the blacklists but this one. Thanks for your help

Posted

The server bouncing your mail would not be the one receiving reports. Reports would be going to the registered abuse address for YOUR IP address, which is abuse[at]bellsouth.net.

Posted

You have thousands of messages(spam) currently being delivered by you server:

Last day 4.8 4709%

Last 30 days 3.2 11%

If you are the administrator you should either fix your problem or hire someone who can.

Posted

I'm sure someone or something is using your email server to send spam out. Check a local computer perhaps?

We got blacklisted by Spamcop too (by a scri_pt spammer).. anyway we waited 24 hours for the listing to expire because we had already fixed the problem up. Then I suppose someone who left their Spamcop reporting duties a little late decided to report one of the emails in, we got listed for the 2nd time in 48 hours.

Posted

It takes more than one report to get listed, depending on the regular volume of your server 100s if not 1000s. Spamtraps hits however weigh more in the equation.

Posted
I am trying to ge tin touch with the it person at the place that is bouncing our mail. I would like to ge some info on the reports they are getting.

It is unlikely that they'll have the information you are seeking. The normal approach with blocklists is that they compare the source ip of each message against the blocklist and your ip is currently listed then they drop the message and it is rejected.

The most recent spam message reported is as follows:

Submitted: Thu, 09 Nov 2006 11:16:24 GMT:
lunchtime obduracy

Andrew

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...