jordan023 Posted May 9, 2007 Share Posted May 9, 2007 Our company mailserver (202.175.19.172) got blocked by spamcop.However,i have check on spamcop.net and the ip address did not listed in the blacklist. But when the user in our company send mail to some user in sef.pt domain. They got the below returned mail. Your message did not reach some or all of the intended recipients. Subject: Test Mail from Macau DSFSM 2:56 P.M. Sent: 5/9/2007 2:56 PM The following recipient(s) could not be reached: xxx[at]SEF.pt on 5/9/2007 2:56 PM There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. <mailsrv.fsm.gov.mo #5.5.0 smtp;550 Rule imposed as xxx[at]fsm.gov.mo is blacklisted on SpamCop (see www.spamcop.net)> So,i wold like to know if there were any way could remove our company mailsrv from the spamcop blacklist. Thanks for any suggestion. Link to comment Share on other sites More sharing options...
Wazoo Posted May 9, 2007 Share Posted May 9, 2007 Still trying to recover from a fried CPU on my main system, I don't have quick access to all my links and tools ... First 'quick' answer (which is readily available through a ton load of FAQ entries, Wiki pages, thousands of other Posts, Topics, and Discussions here ... the SpamCopDNSBL does no blocking whatsoever. It is the "receiving" ISP that has chosen to use the SpamCopDNSBL data in a blocking fashion, which is against SpamCop.net's recommendations. Then, one moves onto the fact that the SpamCopDNSBL is a list of IP addresses, not e-mail addresses ... suggesting that this blocked e-mail may not be due to SpamCop.net at all .. rather some poorly configured e-mail server pointing to the wrong error message ... hard to say from what you've provided. In addition to that, there is a suggested message format for a rejection notice which would include the IP address involved, but again .. this message doesn't say anything about an issue with an IP address. Maybe I'll get to doing some research in a bit .. hopefully someone else will show up and jump in here ... but right off the bat .. not enough 'correct / specific" data provided to clear this up quickly, especially wothout my tools <g> Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 9, 2007 Share Posted May 9, 2007 I am taking you at your word that the IP address is not listed on spamcop. Sometimes server admins who block email at the server level use a generic message for all the blocklists they use. Since the IP address is not in the error message, your email may have been blocked for some other reason than the spamcop blocklist. You can contact your correspondent by using another email address (such as a hotmail address). And you can either ask him or ask his ISP directly why the email address is blocked. There are ways to research whether the IP address is on other blocklists that the server admin might be using and also whether there is an increase in the sending of email from that IP address - something that would indicate that a computer on that network had been compromised and is sending spam. You can also ask your IT department to investigate. If the IP address is not on the spamcop list, then possibly your IT department was alerted to the problem and has fixed it. If Wazoo gets his computer fixed or if someone else comes along, they may look into the problem further for you. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted May 9, 2007 Share Posted May 9, 2007 It would appear that there's a bit of mis-information here ...???? http://www.spamcop.net/w3m?action=checkblo...=202.175.19.172 202.175.19.172 not listed in bl.spamcop.net However, http://www.senderbase.org/search?searchBy=...=202.175.19.172 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 0.0 .. -100% Last 30 days .. 0.0 .. -100% Average ........ 0.0 Sender Category unknown Network Owner unknown Domain unknown Date of first message seen from this address But then scrolling down a bit; 202.175.19.171 shows some spew type numbers, also listed in http://cbl.abuseat.org/lookup.cgi?ip=202.175.19.171 (nothing to do with SpamCop.net) no clue offered by the Registration data, as a GMail address was used. IP address is under the same ISP, but .... in a bit of a different block. However, it seems like a bit of a stretch from netcraft.com.mo to try to connect to fsm.gov.mo, even though the IP addresses involved are but one least-significant bit away .... not going to do guessing games .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 9, 2007 Share Posted May 9, 2007 It would appear that there's a bit of mis-information here ...???? It is not unusual for error messages to be written to direct problems to SpamCop when the actual list being causing the block is elsewhere. Since SpamCop is usually the first to list an address, that is often effective, but does cause confusion when another list is the cause. Link to comment Share on other sites More sharing options...
Wazoo Posted May 9, 2007 Share Posted May 9, 2007 I was going with the possibiity that the IP address identified could ve an incoming e-mail server, but the output server hasn't been identified. Not listed above, but added here to show why was throwing in the towel .... for instance, one would think that if an outfit could 'afford' some IronPort hardware, that same outfit would have some staff on-hand that had a clue ... http://www.dnsreport.com/tools/dnsreport.c...netcraft.com.mo dns1.netcraft.com.mo. [202.175.114.11] [TTL=3600] [MO] [These were obtained from umacss2.umac.mo] ERROR: You have less than two nameservers. You are required to have at least 2 nameservers per RFC 1035 section 2.2 (RFC2182 section 5 recommends at least 3 nameservers). OK. Your SOA serial number is: 2007050401. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. So this indicates that your DNS was last updated on 04 May 2007 (and was revision #1). Your 1 MX record is: 20 ironport.netcraft.com.mo. [TTL=3600] IP=202.175.114.10 [TTL=3600] [MO] (now this IP address is one off of the posting IP ...) But then one also sees; www.netcraft.com.mo. A 202.175.114.10 [TTL=3600] [MO] Again, a suggested IronPort hardware box to handle the traffic, but .... a single server to act as an MX and a web-server ...???? So then we go look at the domain of the e-mail address offered up ... http://www.dnsreport.com/tools/dnsreport.c...main=fsm.gov.mo Your NS records at the parent servers are: [These were obtained from ns1.gov.mo] Notice that blank line ..... A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. this is where I got tired of chasing things that went nowhere .... Link to comment Share on other sites More sharing options...
jordan023 Posted May 10, 2007 Author Share Posted May 10, 2007 Thanks for suggestion. Actually, for netcraft.com.mo.It were my company domain and fsm.gov.mo is my customer domain. The problem is that while the user in fsm.gov.mo send mail to this domain sef.pt.They got the NDR 550 Rule imposed as xxx[at]fsm.gov.mo is blacklisted on SpamCop... If i try send mail from netcraft.com.mo to sef.pt,no any NDR appear in my mailbox. So,it seem that the my customer domain have been blocked somewhere so that the user could send mail to sef.pt domain. Therefore,i would like to know if anyone could provide hints to fix this problem. Thanks for any suggestion. Link to comment Share on other sites More sharing options...
agsteele Posted May 10, 2007 Share Posted May 10, 2007 550 Rule imposed as xxx[at]fsm.gov.mo is blacklisted on SpamCop... If i try send mail from netcraft.com.mo to sef.pt,no any NDR appear in my mailbox. So,it seem that the my customer domain have been blocked somewhere so that the user could send mail to sef.pt domain. You'll need to provide the IP address for the outgoing (SMTP) mail server that your client is using. Without that there is nothing that can be done to help you. Andrew Link to comment Share on other sites More sharing options...
jordan023 Posted May 10, 2007 Author Share Posted May 10, 2007 The outgoing mail server ip address is 202.175.19.171 for client use to send mail in fsm.gov.mo domain. Please help to check and let me know the solution. Thanks for all your guy great help! Link to comment Share on other sites More sharing options...
Derek T Posted May 10, 2007 Share Posted May 10, 2007 The outgoing mail server ip address is 202.175.19.171 for client use to send mail in fsm.gov.mo domain. At Last! Something we can work with. That IP not listed by spamcop. No report history. WAS listed by cbl but now de-listed. Senderbase shows a recent surge in email from that server which is now declining. Nothing to do at the moment except check all machines for malware and maybe try the firewall logs for anything suspicious. http://spamcop.net/w3m?action=checkblock&a...=202.175.19.171 Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2007 Share Posted May 10, 2007 Thanks for suggestion. Almost all dialog here has been about the lack of data. A lot of things pointed out, not much provided in response. Actually, for netcraft.com.mo.It were my company domain and fsm.gov.mo is my customer domain. The problem is that while the user in fsm.gov.mo send mail to this domain sef.pt.They got the NDR 550 Rule imposed as xxx[at]fsm.gov.mo is blacklisted on SpamCop... Yes ... you started out with that. However, you didn't seem to catch the rest of the stuff stated. http://www.mxtoolbox.com/index.aspx No MX records found for fsm.gov.mo http://www.dnsreport.com/tools/dnsreport.c...main=fsm.gov.mo still has issues; DNS Report for fsm.gov.mo Generated by www.DNSreport.com at 09:47:41 GMT on 10 May 2007. [ERROR: I was unable to get an answer from the parent servers [ns2.gov.mo], when I tried to find the NS records for fsm.gov.mo.] 05/10/07 03:21:18 dns fsm.gov.mo Canonical name: fsm.gov.mo Addresses: 202.175.19.172 05/10/07 03:23:08 Browsing http://fsm.gov.mo/ Fetching http://fsm.gov.mo/ ... GET / HTTP/1.1 Host: fsm.gov.mo HTTP/1.1 200 OK Connection: close Content-Length: 1433 Date: Thu, 10 May 2007 04:15:23 GMT Content-Location: http://fsm.gov.mo/iisstart.htm Content-Type: text/html Server: Microsoft-IIS/6.0 Last-Modified: Fri, 21 Feb 2003 10:48:30 GMT <title ID=titletext>Under Construction</title> <h1 ID=errortype style="font:14pt/16pt verdana; color:#4e4e4e"> <P ID=Comment1><!--Problem--><P ID="errorText">Under Construction</h1> <P ID=Comment2><!--Probable causes:<--><P ID="errordesc"><font style="font:9pt/12pt verdana; color:black"> The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured. <P ID=term1>Please try this site again later. If you still experience the problem, try contacting the Web site administrator. So you say you have a 'client' that is trying to send out e-mail from a Domain that has DNS issues, a non-existent web-site, no MX records ... and you still have not bothered to identify the actual "output" server in question. The suggestion here is that are many reasons that some ISPs would reject e-mail from this Domain, simply based on this lack of data situation. If i try send mail from netcraft.com.mo to sef.pt,no any NDR appear in my mailbox. So,it seem that the my customer domain have been blocked somewhere so that the user could send mail to sef.pt domain. Therefore,i would like to know if anyone could provide hints to fix this problem. From what you say here, "you" can send an e-mail to that ISP and ask them to; 1. explain the 'real' problem with the blocking rules they are using 2. ask them to 'fix' their error message, as again, there is still no sign that the SpamCopDNSBL is involved at all If you actually want anyone 'here' to help ... you need to help us and fill in the blanks, tell us the rest of the story .... And, after posting this, I see that data was posted .... yet that 'new' data I had already brought up myself in my previous post #4 .... so went a bit deeper on that IP address for the next go-round .... Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2007 Share Posted May 10, 2007 The outgoing mail server ip address is 202.175.19.171 for client use to send mail in fsm.gov.mo domain. Please help to check and let me know the solution. I included that IP address in my initial analysis seen in Linear Post #4 in this very Topic ....???? As I stated then, It was not listed in the SpamCopDNSBL, was listed elsewhere, and that the traffic numbers were odd .... http://www.senderbase.org/search?searchString=202.175.19.171 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 3.2 ... 64% Last 30 days .. 3.6 .. 666% Average ........ 2.7 Real-time blacklists cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=202.175.19.171 Network Owner CTM Internet Services Domain ctm.net Date of first message seen from this address 2007-03-08 CIDR range 202.175.0.0/18 # of domains controlled by this network owner 49 Addresses in ctm.net used to send email Showing 1 - 50 out of 248 202.175.19.171 z19l171.static.ctm.net Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2007 Share Posted May 10, 2007 http://cbl.abuseat.org/lookup.cgi?ip=202.175.19.171 IP Address 202.175.19.171 was not found in the CBL. It was previously listed, but was removed at 2007-05-10 09:16 GMT Again, nothing to do with SpamCop.net. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.