sherifd Posted March 29, 2004 Posted March 29, 2004 My SMTP got listed for sending many emails? well I have so many email users, and 2 free signup domains. We do not send spam, usually sometimes spamcop sends us spam reports and we do contact users to fix this, usually it is a virus on a PC on a LAN. In the last 2 weeks I did not get any spam reports from spam cop and I got my SMTP listed, and the report says the system has been sending emails consitently since 27 days, well this is because it is an outgoing SMTP. I hope it can be unlisted ASAP, for the 10 spams sent the last week, I hope I get reports about them, anyway 10 emails in a week for about 50,000 users means we do not send spam!! Only buisness companies and travel agencies are losing thier emails and complaining either from our side or recipients side.
Merlyn Posted March 29, 2004 Posted March 29, 2004 If you want assistance then post the IP address of the server you believe is blocked.
StevenUnderwood Posted March 29, 2004 Posted March 29, 2004 Without an IP address to check against, we will not be able to provide much assistance. All of the following is speculation and general information. You can get more infomation by reading the pinned messages at the top of this forum, which are the current equivalent to a FAQ section. The link you followed which showed "system has been sending emails consitently since 27 days" and "the 10 spams sent the last week" did not happen to mention spamtraps, did it? Also, that status page is no longer real-time thanks to the spammers using that information to their advantage. Many of the recent listings without reports being sent have been due to messages being sent to the spamtrap addresses, either because of bouncing incoming virus messages to a forged sender address or a virus sending directly to the spamtraps. There are 2 ways currently that reports do not get sent. The first is the spamtrap accounts and these trip the bl quicker than user reports. The second is the mole reporter account where only a summary of the spam reported is sent, though I do not know the mechanism for that summary to be sent (request, x reports, weekly, etc). It is unlikely but possible that only mole reporters have received/reported spam from your system. Please supply an IP address or the error message your users are receiving when trying to send messages and we may be able to help more.
sherifd Posted March 29, 2004 Author Posted March 29, 2004 Sorry I forgot to post the address: http://www.spamcop.net/bl.shtml?217.29.134.11 Here is the info from bl.shtml : 217.29.134.11 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 27.7 days. It has been listed for less than 24 hours. In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 30 times A sample sent sometime during the 24 hours beginning Monday, March 29, 2004 2:00:00 AM +0200: Received: from -.-.net (-.-.net [217.29.134.11])- by -.-.com (-.-.-.-.-) with - id - for <-[at]-.com>- Mon, 29 Mar 2004 - - (-)- (- -.-[at]-.com)- Subject: - From: a... at ..t.com A sample sent sometime during the 24 hours beginning Sunday, February 22, 2004 2:00:00 AM +0200: Received: from -.-.net (217.29.134.11) by -.-.-.- with - - Feb 2004 - - Subject: vacancies issue - From: ad.. at ..om.eg
Merlyn Posted March 29, 2004 Posted March 29, 2004 Looks like this server spammed McFadden Associates this morning also. You were just listed by them: http://bl.csma.biz/cgi-bin/listing.cgi?ip=217.29.134.11 the sample from Spamcop was last night so you might have a client doing a spam run right now or just finished one.
sherifd Posted March 29, 2004 Author Posted March 29, 2004 I want to get a sample of the spam, and the IP address of the PC that is sending spam, so to disconnect that PC, it probably have a virus, we have many leased lines used by many users. I do not know how to find which PC in which remote location is making that spam. Also I did not get any warning msg about this spam activity. 1- Thanks for your help 2- How can I use RBL on my servers so as to protect my users from spam comming from the internet ? 3- I visited http://bl.csma.biz/cgi-bin/listing.cgi?ip=217.29.134.11 and removed my IP 4- I am using a nice anti spam filter that uses baysian spam, it can help protect against spam in addition to RBL, it's address is http://assp.sourcefourge.net
Merlyn Posted March 29, 2004 Posted March 29, 2004 Did you click on http://assp.sourcefourge.net Nice Filter
Miss Betsy Posted March 29, 2004 Posted March 29, 2004 If you write to deputies [at] spamcop.net, they be able to help locate the computer with the virus. Miss Betsy
sherifd Posted March 29, 2004 Author Posted March 29, 2004 Sorry it is http://assp.sourceforge.net spelling mistake
StevenUnderwood Posted March 29, 2004 Posted March 29, 2004 Also I did not get any warning msg about this spam activity. According to the spamcop system, reports for that IP should go to: Parsing input: 217.29.134.11 host 217.29.134.11 = ns1.menanet.net (cached) Reporting addresses: emohamed[at]menanet.net bassel.safwat[at]menanet.net That is unless the message went to a spamtrap or only mole reporters which as I mentioned above will not send reports.
Merlyn Posted March 29, 2004 Posted March 29, 2004 Just a suggestion, If you do not have a working abuse & postmaster address you might find yourself in rfc-ignorant.
Ellen Posted March 29, 2004 Posted March 29, 2004 Sorry I forgot to post the address: http://www.spamcop.net/bl.shtml?217.29.134.11 Here is the info from bl.shtml : 217.29.134.11 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 27.7 days. It has been listed for less than 24 hours. In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 30 times A sample sent sometime during the 24 hours beginning Monday, March 29, 2004 2:00:00 AM +0200: Received: from -.-.net (-.-.net [217.29.134.11])- by -.-.com (-.-.-.-.-) with - id - for <-[at]-.com>- Mon, 29 Mar 2004 - - (-)- (- -.-[at]-.com)- Subject: - From: a... at ..t.com A sample sent sometime during the 24 hours beginning Sunday, February 22, 2004 2:00:00 AM +0200: Received: from -.-.net (217.29.134.11) by -.-.-.- with - - Feb 2004 - - Subject: vacancies issue - From: ad.. at ..om.eg I believe I just took care of this via email.
sherifd Posted March 30, 2004 Author Posted March 30, 2004 The problem is solved now thank you, and the customer sending spam was disabled for now. I am now checking why I did not recieve spam reports, abuse is working but at my domain, menanet.net, other addresses are ok I adjusted postmaster, and will adjust tamer gadalla as he left the company. Will see how to change this in RIPE. Thanks for your co-operation,
Recommended Posts
Archived
This topic is now archived and is closed to further replies.