RicardoL Posted July 3, 2007 Posted July 3, 2007 Our mailsystem is in the blocklist. It was delisted but came on the list again. I installed a patch on our exchange 5.5 server to not send NDR's anymore. But i don't know what the exact reason is why we are on. And an out of office reply should not be used anymore these days because it gets you on the spamlist here? We also have an XWALL system between our exchange server en the internet. I am 99% sure there is no worm or virus. Anybody any help to resolve this issue???
StevenUnderwood Posted July 3, 2007 Posted July 3, 2007 Our mailsystem is in the blocklist. It was delisted but came on the list again. I installed a patch on our exchange 5.5 server to not send NDR's anymore. But i don't know what the exact reason is why we are on. And an out of office reply should not be used anymore these days because it gets you on the spamlist here? We also have an XWALL system between our exchange server en the internet. I am 99% sure there is no worm or virus. Anybody any help to resolve this issue??? Statistics: 213.178.115.134 not listed in bl.spamcop.net Parsing input: 213.178.115.134 No recent reports, no history available With the above information, it would likely have been spamtrap hits alone that listed the address. We can not tell the exact reason you were on the list becuase the listing has expired. You could ask the deputies[at]admin.spamcop.net address for an explaination. They can see all the reports. Sending OoO replies will not get you blacklisted if you do not reply to spam messages. Those should be filtered out before an OoO reply is allowed to act (i.e. before it reaches the account of the vacationing user).
RicardoL Posted July 3, 2007 Author Posted July 3, 2007 Aah i made a typing mistake. The ip is 212.178.115.134 Maybe an admin can change the topic title Statistics: 213.178.115.134 not listed in bl.spamcop.net Parsing input: 213.178.115.134 No recent reports, no history available With the above information, it would likely have been spamtrap hits alone that listed the address. We can not tell the exact reason you were on the list becuase the listing has expired. You could ask the deputies[at]admin.spamcop.net address for an explaination. They can see all the reports. Sending OoO replies will not get you blacklisted if you do not reply to spam messages. Those should be filtered out before an OoO reply is allowed to act (i.e. before it reaches the account of the vacationing user).
StevenUnderwood Posted July 3, 2007 Posted July 3, 2007 Aah i made a typing mistake. The ip is 212.178.115.134 Maybe an admin can change the topic title 212.178.115.134 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 11 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it. No public reports are available. Another interesting point is that you are posting from that same address. Normally you should not be browsing from an email server as you are creating a greater chance of infection. The spamtraps are seeing misdirected bounces. If you contact the deputies, they might be able to tell you which software appears to be sending the bounce.
turetzsr Posted July 3, 2007 Posted July 3, 2007 <snip> And an out of office reply should not be used anymore these days because it gets you on the spamlist here? <snip> ...In case it wasn't clear from StevenUnderwood's first reply: no, the use of Out of Office replies in and of itself will not get you on the blocklist; it is sending the OOO replies to the forged "From" or "Reply-to" address that might get you on the blocklist.
Miss Betsy Posted July 4, 2007 Posted July 4, 2007 ...In case it wasn't clear from StevenUnderwood's first reply: no, the use of Out of Office replies in and of itself will not get you on the blocklist; it is sending the OOO replies to the forged "From" or "Reply-to" address that might get you on the blocklist. I think the pertinent information is that OOOs must not go to spam sources. I am not entirely sure how one makes sure - StevenUnderwood said to filter out the spam - but I also think that you can use whitelists to make sure that OOOs only go to people who need to know. spam almost always has a forged From or return address so that if you accept email and then send an automatic reply without filtering out /all/ the spam, then the automatic replies will go to an innocent person who may get hundreds (just as bad as spam). Miss Betsy
turetzsr Posted July 4, 2007 Posted July 4, 2007 I think the pertinent information is that OOOs must not go to spam sources. I am not entirely sure how one makes sure - StevenUnderwood said to filter out the spam - but I also think that you can use whitelists to make sure that OOOs only go to people who need to know. <snip> ...My suggestion would be to use the directions you will find in my reply in thread "My company's mail public adress has been listed in your database."
Farelf Posted July 4, 2007 Posted July 4, 2007 I once copied the words of a Lotus Notes admin (in another forum somewhere) which seemed to me quite apt: "All forms of auto-responders for e-mail from outside an organisation will get you into serious trouble over time. It's just not safe any more to blindly respond to whatever came along. At the very least, auto-responses to detected spam and to (non-) delivery notifications should be disabled. Further, verifyable faked senders (check SPF and/or DKIM) must be excluded as well. The safe approach obviously is not to auto-respond, except if the sender (or the sender's domain) is known (eg through an entry in the address book or a global whitelist). Excuses for performance reasons are not acceptable -- "stupid" auto-responders are causing too much harm to innocent bystanders." NDRs are useful - I hate it when domains stop sending them, but they must be done in the SMTP layer only - otherwise for every useful heads up that Julian.Arkleseizure might have left his old firm (or you've misspelled his name, again) there will be a hundred misdirected responses to the innocent return addresses spoofed in spam. I guess OoOs are useful too but most of us can probably, most of the time, resort to real-time audio contact with the switchboard to find out why Julian is not responding if it is truly that urgent. But yes, the ones that advise start and finish dates, the contact detail of interim delegate(s), maybe a cellphone number for emergencies - those are useful and some companies even allow them for departed staff, for a reasonable period, and that is very useful too, better than an NDR in those circumstances. IT managers should not be the ones to decide this stuff. If they do, and they do it right, they deserve a bonus. Or a raise. Obviously they have more business sense than anyone else from CEO down.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.