Jump to content
Sign in to follow this  
jayfriedmn

IP blocked but not on any blacklist

Recommended Posts

We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists.

We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years.

How do we trace this problem done and get it fixed?

Please Help!!!

-Jay

Share this post


Link to post
Share on other sites
How do we trace this problem done and get it fixed?

Please Help!!!

-Jay

Not listed by SpamCop but some reports have been made

Submitted: Saturday, 31 March 2007 2:38:13 PM +1000: 
Important Information Regarding Your Banking Account 
2223144246 ( [url=http://www.unwinded.com/ilmm/BOA/onlineid-sessi..]http://www.unwinded.com/ilmm/BOA/onlineid-sessi..[/url]. ) To: nomaster[at]devnull.spamcop.net 
2223144240 ( 208.185.250.250 ) To: abuse[at]above.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, 28 March 2007 7:40:13 AM +1000: 
Important Information Regarding Your Banking Account 
2218012908 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 
2218012907 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net 

--------------------------------------------------------------------------------

Submitted: Wednesday, 28 March 2007 7:38:17 AM +1000: 
Important Information Regarding Your Banking Account 
2218012808 ( [url=http://www.myspacestrain.com/BOA/onlineid-sessi..]http://www.myspacestrain.com/BOA/onlineid-sessi..[/url]. ) To: mole[at]devnull.spamcop.net 
2218012807 ( 208.185.250.250 ) To: mole[at]devnull.spamcop.net 

208.185.250.250 does not appear to be a mail server and looks like it is used for phishing attacks

Go through my Signature to check this computer. If it is used as a mail server it is not stamping the IP source. This would mean it is not configured competently

(Many ISP's create their own blocklists from spam recieved or use spamfilters like SpamAssasin)

Edited by petzl

Share this post


Link to post
Share on other sites
We're perplexed. In the past 24 hours it appears that numerous mail servers have started blocking email from our mail server (208.185.250.250). However, it's not listed on any black list we can find. By asking one of the intended email recipients, we do know at least one is using spamcop lists.

Not very applicable, as this IP address is not currently listed on the SpamCopDNSBL.

We don't generate a lot of outbound email. We don't believe we have any configuration problems since this server has been functioning well for about 4 years.

How do we trace this problem done and get it fixed?

One would have to start with the "rejection nessages" provided and go from there, as far as the 'real' reason for being blocked. We can also make the assumption that you are taking the usual stand of "there's nothing in the e-mail logs" which then garners the standrd query as to what the firewall logs say ....

As far as actual self-analysis, there is a ton-load of indormation in the FAQs provided here, the numerous previous Topics and Discussions from other folks that have actually ran into the situation of a SpamCopDNSBL listing, as seen by a receiving ISP choosing to use that data in a blocking fashion .. which is not the way way SpamCop.net suggests using that data ....

As this does not appear to involve the SpamCopDNSBL, this Topic would normally be moved to the Lounge area. However, based on the data provided by Petzl, the SenderBase data for this IP address and the Domain(s) involved, and the general oddity of some of the information thus far seen, it may be that this IP address may in fact find its way into the SpamCopDNSBL ... so leaving in place for now ....

actually wondering if the correct IP address was offered ..... it more looks like an 'input' server has been identified, whereas the 'problem' would be with an 'output' server ....

04/05/07 20:21:27 dns 208.185.250.250

nslookup 208.185.250.250

Canonical name: mail.simpli.biz

Addresses:

208.185.250.250

If any reports had actually gone out (none of Petzl's samples did) they would/should have ended up going to abuse[at]above.net

Possibly a minor detail, but the the data used to register here does not have any direct relationship to the data queried about in the Topic starter ....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×