rocsca Posted November 9, 2006 Share Posted November 9, 2006 Hello, yesterday my mail server was blacklisted by spamcop.net. Still now I can't figure out why. The only explanation I get is that spamtrap reports that my mail server sends spam. It was not nice at all as we: - use an update virus scanner either on outgoing and on incoming messages. - use an update spamscanner either on outgoing and on incoming messages. - MTA is always updated. - Have many hundreds of domains (and many thousands of user) that use our mailserver to send mail. - We haven't received any notification of blacklisting And still worst, we can't point out the problem (if any). Moreover it is quite impossible to contact from support to get the needed informations. Here my email that I wrote to "Bruno Hammer" (It would be a person from support of spamcop.net. I get that email looking for some address of spamcop.net on Internet): ============== Mr Bruno Hammer, Today the IP 80.74.176.149 that corresponds to the mail server that I administer, has been blocked from SCBL. So I’m writing you to get more insights about this. More specifically, I would like to get an answer for any of the following questions: 1) Why our IP address above was blocked? 2) How has he been able to happen if we use regular software that scans every message both for viruses and spams? 3) Why we haven’t been advised that our IP was about to be blocked? Safe to obtain a fast and clear answer from you. Best Regards, ===================================== Could someone explain how to get such informations? It is important for us and, I think, for anyone whose (like us) can be demaged from such blacklisting. Sincerely, Rocco Link to comment Share on other sites More sharing options...
turetzsr Posted November 9, 2006 Share Posted November 9, 2006 Hi, Rocco, <snip> Here my email that I wrote to "Bruno Hammer" (It would be a person from support of spamcop.net. I get that email looking for some address of spamcop.net on Internet): <snip> ...How did you get this? I am not aware that anyone with that name has any connection to SpamCop.net. ...You are quite correct that you must contact an official SpamCop representative for information about SpamTrap hits. Please contact the SpamCop Deputies at e-mail address deputies[at]admin.spamcop.net. You will have to satisfy them that you are an administrator of the IP address that is being blocked. ...Good luck! Link to comment Share on other sites More sharing options...
Telarin Posted November 9, 2006 Share Posted November 9, 2006 If you want to provide the rejection message you are receiving, we may be able to help you troubleshoot your issue as well without having to wait on the deputies. They are very overloaded and can sometimes take a couple days to respond. Link to comment Share on other sites More sharing options...
petzl Posted November 9, 2006 Share Posted November 9, 2006 yesterday my mail server was blacklisted by spamcop.net. Still now I can't figure out why. The only explanation I get is that spamtrap reports that my mail server sends spam. Sender Base is recording large increase in "mail" through your server? Magnitude Vol Change vs. Average Last day 4.0 2209% Last 30 days 3.2 219% Average 2.7 Does your Server stamp (as it should) the IP source If your server is properly configured SpamCop will be able to track and only add the computer sending spam or bounces You server can also get listed if it bounces email that has false addresses (these often hit spamtrap addresses which have 16 or more alphanumeric address which is better than bank security to guess) As you are finding that you are getting blocked by the best most accurate Blocklist on the planet It means you are getting listed by slower blocklists which are often secret (AOL MSN HOTMAIL GMAI etc,etc) and almost impossible to be removed from (They also use spamtraps) Our SpamCop members SCBL Blocks spam BEFORE being sent not after releasing an afflicted IP when spam stops. You may be lucky in only getting blocked by a friendly blocklist giving you a warning shot. Link to comment Share on other sites More sharing options...
qjvgpuryy Posted November 10, 2006 Share Posted November 10, 2006 Hi, Rocco,...How did you get this? I am not aware that anyone with that name has any connection to SpamCop.net. I think he was using that as an example. He probably should have said 'J. Random Support Person'. Link to comment Share on other sites More sharing options...
Wazoo Posted November 10, 2006 Share Posted November 10, 2006 I think he was using that as an example. He probably should have said 'J. Random Support Person'. Not sure myself ... there once was a Bruno that was an active newsgroup poster ...???? Data point added while here ... http://www.senderbase.com/?searchBy=ipaddr...g=80.74.176.149 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 3.8 1200% Last 30 days 3.2 223% Average 2.7 down since the lost posted data .... http://spamcop.net/w3m?action=checkblock&a...p=80.74.176.149 80.74.176.149 not listed in bl.spamcop.net Link to comment Share on other sites More sharing options...
Farelf Posted November 11, 2006 Share Posted November 11, 2006 There may be (coincidental) information at http://www.uceprotect.net/en/rblcheck.php?ipr=80.74.176.149 which says spam Database Query UCEPROTECT-Network Level 1: IP 80.74.176.149 is blacklisted at UCEPROTECT Level 1 This means spamtraps were hit from this IP directly within the last 7 days. Find out, which UCEPROTECT-Server did list your IP and for what reason. To do this, grep your logs (last 8 days) for following expression: UCEPROTECT-Policy Server All you need to know in order to locate the problem should be inside those logfiles. If this is not your IP, but your providers server we recommend: Please send a compliant to your provider and request him to fix this problem immediatly. Think about this: You pay him for, that you can use the internet without problems. For Informations how to get off our Level 1 follow this link SenderBase is fluctuating at the moment 1341% Link to comment Share on other sites More sharing options...
rocsca Posted November 15, 2006 Author Share Posted November 15, 2006 If you want to provide the rejection message you are receiving, we may be able to help you troubleshoot your issue as well without having to wait on the deputies. They are very overloaded and can sometimes take a couple days to respond. I have already delisted my server, without capture the messagges, nevertheless I have received any email to abuse[at]sttspa.it pinting out that I m going to be blacklisted... So Ild likee to know why Im blacklisted.. Is there any way to know this? Thank u, rocsca Sender Base is recording large increase in "mail" through your server? Magnitude Vol Change vs. Average Last day 4.0 2209% Last 30 days 3.2 219% Average 2.7 Does your Server stamp (as it should) the IP source If your server is properly configured SpamCop will be able to track and only add the computer sending spam or bounces You server can also get listed if it bounces email that has false addresses (these often hit spamtrap addresses which have 16 or more alphanumeric address which is better than bank security to guess) As you are finding that you are getting blocked by the best most accurate Blocklist on the planet It means you are getting listed by slower blocklists which are often secret (AOL MSN HOTMAIL GMAI etc,etc) and almost impossible to be removed from (They also use spamtraps) Our SpamCop members SCBL Blocks spam BEFORE being sent not after releasing an afflicted IP when spam stops. You may be lucky in only getting blocked by a friendly blocklist giving you a warning shot. I agree with you about the policy of spamcop. But it seems right to me that I have to know the real reason why I was blacklisted. Is there a way to know this? Indeed I have started to use again (in a production environment ) annina.sttspa.it as mail server as with had a high increase in mail traffic.. So iT has been clear that the magnitude od annina.sttspa.it has growth hugely.. But what I have been to do? Spamcop can give me some hint????? So the next time there will not be??? Thanks, rocsca Link to comment Share on other sites More sharing options...
Wazoo Posted November 15, 2006 Share Posted November 15, 2006 FAQs are available here to explain how the SpamCopDNSBL works. Links have been provided for you to check directly. For example; to check the current status - http://spamcop.net/w3m?action=checkblock&a...p=80.74.176.149 If results are due to spamtrap hits, no reports sent. If results are due to Reports, check the InBox at the abuse address listed below; Parsing input: 80.74.176.149 host 80.74.176.149 (getting name) = annina.sttspa.it. host 80.74.176.149 = annina.sttspa.it (cached) Routing details for 80.74.176.149 Cached whois for 80.74.176.149 : andrea.pomari[at]sttspa.it michele.rabbi[at]sttspa.it abuse[at]sttspa.it lir-tech[at]sttspa.it aboni[at]sttspa.it Using abuse net on abuse[at]sttspa.it No abuse net record for sttspa.it Using best contacts abuse[at]sttspa.it For further information, start with the SpamCop FAQ .. then ask any questions still not understood. Link to comment Share on other sites More sharing options...
turetzsr Posted November 16, 2006 Share Posted November 16, 2006 <snip> Links have been provided for you to check directly. For example; to check the current status - http://spamcop.net/w3m?action=checkblock&a...p=80.74.176.149 <snip> Using best contacts abuse[at]sttspa.it For further information, start with the SpamCop FAQ .. then ask any questions still not understood. ...So spam reports (except for spam Trap hits) are going to abuse[at]sttspa.it. Have you contacted them to see if they have received reports that they would be willing to share with you? ...Also, note my earlier reply, above: <snip> ...You are quite correct that you must contact an official SpamCop representative for information about SpamTrap hits. Please contact the SpamCop Deputies at e-mail address deputies[at]admin.spamcop.net. You will have to satisfy them that you are an administrator of the IP address that is being blocked. ...Good luck! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.