ashamshi Posted February 19, 2008 Share Posted February 19, 2008 Hi All! My server was blacklisted today on bl.spamcop.net due to a virus attack. Now we eliminated that virus, and http://www.spamcop.net/bl.shtml says that we are not blocked: "Query bl.spamcop.net - 86.110.195.14 86.110.195.14 not listed in bl.spamcop.net" But response from recipient mail server is still the same: "<<< 554 Connection from 86.110.195.14 rejected for policy reasons. Host found in DNS blacklist at bl.spamcop.net 554 5.0.0 Service unavailable" I've searched at Google groups, it seems like my server is clear, and not listed in other blacklists. Is it common problem? What can be done to solve it? Thank you. Link to comment Share on other sites More sharing options...
kamaraju Posted February 19, 2008 Share Posted February 19, 2008 But response from recipient mail server is still the same: "<<< 554 Connection from 86.110.195.14 rejected for policy reasons. Host found in DNS blacklist at bl.spamcop.net 554 5.0.0 Service unavailable" I've searched at Google groups, it seems like my server is clear, and not listed in other blacklists. Is it common problem? What can be done to solve it? Thank you. I think the administrator of 86.110.195.14 is using an old blocklist. As I can see $rblcheck 86.110.195.14 86.110.195.14 not RBL filtered by xbl.spamhaus.org 86.110.195.14 not RBL filtered by sbl.spamhaus.org 86.110.195.14 not RBL filtered by list.dsbl.org 86.110.195.14 not RBL filtered by dnsbl.njabl.org 86.110.195.14 not RBL filtered by dul.dnsbl.sorbs.net 86.110.195.14 not RBL filtered by l1.spews.dnsbl.sorbs.net your server is not listed in any of the above. Your best approach would be to contact the administrator of 86.110.195.14's email server and make him aware of the problem at his side. hth raju Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 19, 2008 Share Posted February 19, 2008 If they are caching the lookups, any change would not be seen on their end until their cache clears. Also, it can take up to a couple of hours to get all of spamcop's DNS servers updated after an IP drops off the list. Link to comment Share on other sites More sharing options...
Farelf Posted February 19, 2008 Share Posted February 19, 2008 http://www.spamcop.net/w3m?action=checkblo...p=86.110.195.14 86.110.195.14 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 10 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) http://www.senderbase.org/senderbase_queri...g=86.110.195.14 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day 4.1 2432% Last month 2.7 C:\...>nslookup 14.195.110.86.bl.spamcop.net Non-authoritative answer: Name: 14.195.110.86.bl.spamcop.net Address: 127.0.0.2 Looks like the problems continue Link to comment Share on other sites More sharing options...
Merlyn Posted February 19, 2008 Share Posted February 19, 2008 CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=86.110.195.14 SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?86.110.195.14 Senderbase is way up. Last day 4.1 2432% Last month 2.7 Link to comment Share on other sites More sharing options...
ashamshi Posted February 20, 2008 Author Share Posted February 20, 2008 Thank you for answers, they all was helpful! Now it's obvious, that all this time I nevertheless was blacklisted. So, I think there was some problem with query page (http://www.spamcop.net/bl.shtml) because I'm sure, that yesterday it said "86.110.195.14 not listed in bl.spamcop.net", but my mail still has been blocked. What do you think about it? Link to comment Share on other sites More sharing options...
agsteele Posted February 20, 2008 Share Posted February 20, 2008 Thank you for answers, they all was helpful! Now it's obvious, that all this time I nevertheless was blacklisted. So, I think there was some problem with query page (http://www.spamcop.net/bl.shtml) because I'm sure, that yesterday it said "86.110.195.14 not listed in bl.spamcop.net", but my mail still has been blocked. What do you think about it? Because the SCBL is dynamic your listing can stop and then restart if spam continues to originate from your IP address. Currently you are not listed in the SCBL but SenderBase continues to report significantly increased mail volumes (2453%) so you may still have an infected machine. In which case you can expect to be listed again unless you can resolve that problem. Andrew Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 20, 2008 Share Posted February 20, 2008 The sc blocklist is automatic - when spam is no longer reported from coming from a particular IP address, it ages off. However, when spam is again reported, it is listed again. (it has aged off again) Various server admins use the spamcop bl to block email from entering their servers. Some admins only use it as part of an array of blocklists. The server admin who was blocking email from your IP continued to use the scbl rejection message even after the IP address had aged off the scbl. Perhaps as people suggested before, he had not refreshed his cache. Perhaps he suspected that your IP address would be listed again and blocked it manually, but didn't change the message. Unless you ask the server admin who rejected the email, we will never know why he continued to block email from your IP address even though it was not listed on the scbl. As merlyn suggested, you have not fixed the problem. There is still much more email coming from your IP address than normal. That is why you are again listed. Possibly the virus implanted a trojan that now is sending spam in regular cycles. When the trojan stops sending spam, the IP address ages off the scbl. When it starts sending spam again, it is listed again. As spam continues to come from your IP address, other blocklists will start listing your IP address and other server admins will start to block it. No other blocklist is automatic. Other blocklists require that you contact them directly proving that you have solved your problem. Some server admins will manually add your IP address to IP addresses to be blocked. You will have to contact each one of them, as necessary. The bottom line is that you need to make sure all of your computers are clean. Being on the scbl is a warning signal to you - particularly if it is listed, delisted, and listed again. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.