jayfriedmn Posted April 6, 2007 Share Posted April 6, 2007 We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists. We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years. How do we trace this problem done and get it fixed? Please Help!!! -Jay Link to comment Share on other sites More sharing options...
petzl Posted April 6, 2007 Share Posted April 6, 2007 How do we trace this problem done and get it fixed? Please Help!!! -Jay Not listed by SpamCop but some reports have been made Submitted: Saturday, 31 March 2007 2:38:13 PM +1000: Important Information Regarding Your Banking Account 2223144246 ( [url=http://www.unwinded.com/ilmm/BOA/onlineid-sessi..]http://www.unwinded.com/ilmm/BOA/onlineid-sessi..[/url]. ) To: nomaster[at]devnull.spamcop.net 2223144240 ( 208.185.250.250 ) To: abuse[at]above.net -------------------------------------------------------------------------------- Submitted: Wednesday, 28 March 2007 7:40:13 AM +1000: Important Information Regarding Your Banking Account 2218012908 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 2218012907 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, 28 March 2007 7:38:17 AM +1000: Important Information Regarding Your Banking Account 2218012808 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 2218012807 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net 208.185.250.250 does not appear to be a mail server and looks like it is used for phishing attacks Go through my Signature to check this computer. If it is used as a mail server it is not stamping the IP source. This would mean it is not configured competently (Many ISP's create their own blocklists from spam recieved or use spamfilters like SpamAssasin) Link to comment Share on other sites More sharing options...
Wazoo Posted April 6, 2007 Share Posted April 6, 2007 We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists. Not very applicable, as this IP address is not currently listed on the SpamCopDNSBL. We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years. How do we trace this problem done and get it fixed? One would have to start with the "rejection nessages" provided and go from there, as far as the 'real' reason for being blocked. We can also make the assumption that you are taking the usual stand of "there's nothing in the e-mail logs" which then garners the standrd query as to what the firewall logs say .... As far as actual self-analysis, there is a ton-load of indormation in the FAQs provided here, the numerous previous Topics and Discussions from other folks that have actually ran into the situation of a SpamCopDNSBL listing, as seen by a receiving ISP choosing to use that data in a blocking fashion .. which is not the way way SpamCop.net suggests using that data .... As this does not appear to involve the SpamCopDNSBL, this Topic would normally be moved to the Lounge area. However, based on the data provided by Petzl, the SenderBase data for this IP address and the Domain(s) involved, and the general oddity of some of the information thus far seen, it may be that this IP address may in fact find its way into the SpamCopDNSBL ... so leaving in place for now .... actually wondering if the correct IP address was offered ..... it more looks like an 'input' server has been identified, whereas the 'problem' would be with an 'output' server .... 04/05/07 20:21:27 dns 208.185.250.250 nslookup 208.185.250.250 Canonical name: mail.simpli.biz Addresses: 208.185.250.250 If any reports had actually gone out (none of Petzl's samples did) they would/should have ended up going to abuse[at]above.net Possibly a minor detail, but the the data used to register here does not have any direct relationship to the data queried about in the Topic starter .... Link to comment Share on other sites More sharing options...
Merlyn Posted April 7, 2007 Share Posted April 7, 2007 How did you fix your last problem? http://groups.google.com/group/news.admin....&hl=en& Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.