cplogan Posted November 9, 2006 Posted November 9, 2006 We moved to a new exchange server last week. We moved from exchange 2000 to exchange 2003. Our external ip address has stayed the same. # days ago we got blacklisted and I cannot figure out what keeps getting us put on there. I requested removal and we have went 24hours last without spam, but this morning we were back on there for the 3rd time this week. Any help would be appreciated here is one of the bounce emails i get. on 11/9/2006 9:37 AM There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. <tiffinmotorhomes.com #5.5.0 smtp;550 Requested action not taken: cannot accept mail for specified user from host: 66.21.94.98 RBL: bl.spamcop.net>
turetzsr Posted November 9, 2006 Posted November 9, 2006 Hi! Query bl.spamcop.net - 66.21.94.98 (Help) (Trace IP) (Senderbase lookup) 66.21.94.98 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) System administrator has already delisted this system once Because of the above problems, express-delisting is not available Listing History In the past 2.4 days, it has been listed 3 times for a total of 42 hours SpamCop v 1.600 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. Parsing input: 66.21.94.98 host 66.21.94.98 = mail.tiffinmotorhomes.com (cached) host 66.21.94.98 = mail.tiffinmotorhomes.com (cached) Routing details for 66.21.94.98 [refresh/show] Cached whois for 66.21.94.98 : abuse[at]bellsouth.net Using abuse net on abuse[at]bellsouth.net abuse net bellsouth.net = abuse[at]bellsouth.net, thisisspam[at]bellsouth.net Using best contacts abuse[at]bellsouth.net thisisspam[at]bellsouth.net Statistics: 66.21.94.98 listed in bl.spamcop.net (127.0.0.2) More Information.. 66.21.94.98 not listed in dnsbl.njabl.org 66.21.94.98 not listed in dnsbl.njabl.org 66.21.94.98 not listed in cbl.abuseat.org 66.21.94.98 not listed in dnsbl.sorbs.net 66.21.94.98 not listed in relays.ordb.org. Reporting addresses: abuse[at]bellsouth.net thisisspam[at]bellsouth.net ...Have you contacted the reporting addresses? They should be receiving e-mails about the reports from SpamCop users. As for the SpamTrap hits, information about those are available only from the SpamCop Deputies (deputies[at]admin.spamcop.net). You will have to satisfy the Deputies that you are the authorized administrator for 66.21.94.98 and even then they will only provide you very limited information. ...As for Exchange, please see SpamCop FAQ (link near top left of page) items labeled "But my Exchange 2000 server is secured against relaying!" and "Outlook & Exchange Solutions Center." ...Good luck!
Telarin Posted November 9, 2006 Posted November 9, 2006 Check out this topic for some previous exchange troubleshooting advice that I have posted. Let me know if any of it helps.
cplogan Posted November 9, 2006 Author Posted November 9, 2006 Check out this topic for some previous exchange troubleshooting advice that I have posted. Let me know if any of it helps. Thanks I check out the link
cplogan Posted November 9, 2006 Author Posted November 9, 2006 ...Have you contacted the reporting addresses? They should be receiving e-mails about the reports from SpamCop users. As for the SpamTrap hits, information about those are available only from the SpamCop Deputies (deputies[at]admin.spamcop.net). You will have to satisfy the Deputies that you are the authorized administrator for 66.21.94.98 and even then they will only provide you very limited information. ...As for Exchange, please see SpamCop FAQ (link near top left of page) items labeled "But my Exchange 2000 server is secured against relaying!" and "Outlook & Exchange Solutions Center." I am trying to ge tin touch with the it person at the place that is bouncing our mail. I would like to ge some info on the reports they are getting. I also have contacted the deputies at spamcop. I have finally managed to get off all of the blacklists but this one. Thanks for your help
Telarin Posted November 9, 2006 Posted November 9, 2006 The server bouncing your mail would not be the one receiving reports. Reports would be going to the registered abuse address for YOUR IP address, which is abuse[at]bellsouth.net.
Merlyn Posted November 9, 2006 Posted November 9, 2006 You have thousands of messages(spam) currently being delivered by you server: Last day 4.8 4709% Last 30 days 3.2 11% If you are the administrator you should either fix your problem or hire someone who can.
RocketX Posted November 10, 2006 Posted November 10, 2006 I'm sure someone or something is using your email server to send spam out. Check a local computer perhaps? We got blacklisted by Spamcop too (by a scri_pt spammer).. anyway we waited 24 hours for the listing to expire because we had already fixed the problem up. Then I suppose someone who left their Spamcop reporting duties a little late decided to report one of the emails in, we got listed for the 2nd time in 48 hours.
dra007 Posted November 10, 2006 Posted November 10, 2006 It takes more than one report to get listed, depending on the regular volume of your server 100s if not 1000s. Spamtraps hits however weigh more in the equation.
Miss Betsy Posted November 10, 2006 Posted November 10, 2006 It also doesn't matter when the report is made, the algorithym looks at when the spam was sent, not when it was received or the report sent. Miss Betsy
agsteele Posted November 10, 2006 Posted November 10, 2006 I am trying to ge tin touch with the it person at the place that is bouncing our mail. I would like to ge some info on the reports they are getting. It is unlikely that they'll have the information you are seeking. The normal approach with blocklists is that they compare the source ip of each message against the blocklist and your ip is currently listed then they drop the message and it is rejected. The most recent spam message reported is as follows: Submitted: Thu, 09 Nov 2006 11:16:24 GMT: lunchtime obduracy Andrew
Recommended Posts
Archived
This topic is now archived and is closed to further replies.