Jump to content

IP blocked but not on any blacklist


jayfriedmn
 Share

Recommended Posts

We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists.

We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years.

How do we trace this problem done and get it fixed?

Please Help!!!

-Jay

Link to comment
Share on other sites

How do we trace this problem done and get it fixed?

Please Help!!!

-Jay

Not listed by SpamCop but some reports have been made

Submitted: Saturday, 31 March 2007 2:38:13 PM +1000: 
Important Information Regarding Your Banking Account 
2223144246 ( [url=http://www.unwinded.com/ilmm/BOA/onlineid-sessi..]http://www.unwinded.com/ilmm/BOA/onlineid-sessi..[/url]. ) To: nomaster[at]devnull.spamcop.net 
2223144240 ( 208.185.250.250 ) To: abuse[at]above.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, 28 March 2007 7:40:13 AM +1000: 
Important Information Regarding Your Banking Account 
2218012908 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 
2218012907 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, 28 March 2007 7:38:17 AM +1000: 
Important Information Regarding Your Banking Account 
2218012808 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 
2218012807 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net 

208.185.250.250 does not appear to be a mail server and looks like it is used for phishing attacks

Go through my Signature to check this computer. If it is used as a mail server it is not stamping the IP source. This would mean it is not configured competently

(Many ISP's create their own blocklists from spam recieved or use spamfilters like SpamAssasin)

Edited by petzl
Link to comment
Share on other sites

We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists.

Not very applicable, as this IP address is not currently listed on the SpamCopDNSBL.

We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years.

How do we trace this problem done and get it fixed?

One would have to start with the "rejection nessages" provided and go from there, as far as the 'real' reason for being blocked. We can also make the assumption that you are taking the usual stand of "there's nothing in the e-mail logs" which then garners the standrd query as to what the firewall logs say ....

As far as actual self-analysis, there is a ton-load of indormation in the FAQs provided here, the numerous previous Topics and Discussions from other folks that have actually ran into the situation of a SpamCopDNSBL listing, as seen by a receiving ISP choosing to use that data in a blocking fashion .. which is not the way way SpamCop.net suggests using that data ....

As this does not appear to involve the SpamCopDNSBL, this Topic would normally be moved to the Lounge area. However, based on the data provided by Petzl, the SenderBase data for this IP address and the Domain(s) involved, and the general oddity of some of the information thus far seen, it may be that this IP address may in fact find its way into the SpamCopDNSBL ... so leaving in place for now ....

actually wondering if the correct IP address was offered ..... it more looks like an 'input' server has been identified, whereas the 'problem' would be with an 'output' server ....

04/05/07 20:21:27 dns 208.185.250.250

nslookup 208.185.250.250

Canonical name: mail.simpli.biz

Addresses:

208.185.250.250

If any reports had actually gone out (none of Petzl's samples did) they would/should have ended up going to abuse[at]above.net

Possibly a minor detail, but the the data used to register here does not have any direct relationship to the data queried about in the Topic starter ....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...