Jump to content

80.53.104.91 - blocked again


stranGer

Recommended Posts

Posted
Thank you,

Certainly,

I had 1 user with vacation message - it's removed now,

also I have changed greylisting scri_pt from qgreylist to qgreylistrbl (http://www.datenklause.de/en/software/qgreylistrbl.html)

Should I wait all 21 hours or is it possible to remove my server from list immediately ?

If you are absolutely sure the problem is resolved you have a once-in-a-lifetime express delisting on the link Steven posted. If you've already used your 'get out of jail free' card then you'll just have to wait.

Posted

Just to be on the safe side, I would recommend emailing the deputies to make sure that the problem was an autoresponder and not something else. They are the only ones that have access to the messages received by the spamtraps, and while they won't give you the headers or anything, as that would potentially compromise the identity of the spamtraps, they will generally be willing to tell you what kind of traffic they are seeing.

Posted
Should I wait all 21 hours or is it possible to remove my server from list immediately ?
The problem isn't over. The IP is sending ordinary spam to our system. As recently as two hours ago.

Received: from poczta.stalko-polska.com.pl ([80.53.104.91])

by [our trap server] with SMTP; 05 Feb 2007 06:xx:xx -0800

Received: (qmail invoked from network); Mon, 5 Feb 2007 15:xx:xx +0100

Received: from unknown (HELO domb17wkabon) (xpplasma[at]vincistar.com[at]83.252.24.253)

by 5b683550vincistar.com with SMTP; Mon, 5 Feb 2007 15:xx:xx +0100

Message-ID: <[at]domb17wkabon>

From: license <x[at]vincistar.com>

To: x

Subject: jrsteld

Date: Mon, 5 Feb 2007

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

http://www.spamcop.net/

Posted

Well, I guess that answers that question. Seems you have everyday spam coming from your IP address. Is that IP dedicated to your mail server, or is the NAT address of your firewall being shared by multiple machines?

If it is shared by multiple machines, any one of them could be generating the spam in question. I would recommend monitoring your firewall for any traffic outbound on port 25 from any source other than your mail server.

Of course, that assumes you have already taken appropriate steps to insure that your mail server is not the problem.

Posted

That IP among others in the /24 have spamming problems

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?80.53.104.91

--------------------------------------------------------------------------------

PSBL Passive spam Block List: psbl.surriel.com -> 127.0.0.2

Listed in PSBL, see http://psbl.surriel.com/listing?ip=80.53.104.91

--------------------------------------------------------------------------------

SPAMCANNIBAL the SpamCannibal project: bl.spamcannibal.org -> 127.0.0.2

blocked, See: http://www.spamcannibal.org/cannibal.cgi?p...p;lookup=$

--------------------------------------------------------------------------------

80.53.104.91

Last day 3.7 34060%

Last 30 days 1.8 370%

Average 1.1

-------------------------------------------------------------------------------------

Looks like the spammers have control of this IP

Posted
80.53.104.91

Last day 3.7 34060%

Last 30 days 1.8 370%

Average 1.1

-----------------------------

Looks like the spammers have control of this IP

Stats to be taken with a pinch of salt as first mail from that IP seen on 2nd Feb 07: it's a new address.

Posted
Stats to be taken with a pinch of salt as first mail from that IP seen on 2nd Feb 07: it's a new address.

This is the most impressive stat and the most meaningful:

Last day 3.7 34060%

Posted

I am only remote administrator and I informed proper persons to do some investigations on users desktops. It seems to me that problem has been solved (hopefully).

Now Spamcop tells me that it takes 1 hour to be delisted...

:)

thank you very much for all suggestions!

stranGer

Posted

Looks like its about to age off the SCBL. Senderbase volume is still showing a magnitude 4.0 which is up from the last check. That equates to about 10,000 emails per day flowing from that IP. Of course, those senderbase numbers seem to lag as much as 24 hours behind, so it is quite possible that if it was fixed in the last 24 hours, they might not reflect it yet. Hopefully you got everything sorted out, and won't have any more issues.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...