Jump to content

Am I listed?


ashamshi

Recommended Posts

Hi All! My server was blacklisted today on bl.spamcop.net due to a virus attack. Now we eliminated that virus, and http://www.spamcop.net/bl.shtml says that we are not blocked:

"Query bl.spamcop.net - 86.110.195.14

86.110.195.14 not listed in bl.spamcop.net"

But response from recipient mail server is still the same:

"<<< 554 Connection from 86.110.195.14 rejected for policy reasons. Host found in DNS blacklist at bl.spamcop.net

554 5.0.0 Service unavailable"

I've searched at Google groups, it seems like my server is clear, and not listed in other blacklists.

Is it common problem? What can be done to solve it? Thank you.

Link to comment
Share on other sites

But response from recipient mail server is still the same:

"<<< 554 Connection from 86.110.195.14 rejected for policy reasons. Host found in DNS blacklist at bl.spamcop.net

554 5.0.0 Service unavailable"

I've searched at Google groups, it seems like my server is clear, and not listed in other blacklists.

Is it common problem? What can be done to solve it? Thank you.

I think the administrator of 86.110.195.14 is using an old blocklist. As I can see

$rblcheck 86.110.195.14

86.110.195.14 not RBL filtered by xbl.spamhaus.org

86.110.195.14 not RBL filtered by sbl.spamhaus.org

86.110.195.14 not RBL filtered by list.dsbl.org

86.110.195.14 not RBL filtered by dnsbl.njabl.org

86.110.195.14 not RBL filtered by dul.dnsbl.sorbs.net

86.110.195.14 not RBL filtered by l1.spews.dnsbl.sorbs.net

your server is not listed in any of the above. Your best approach would be to contact the administrator of 86.110.195.14's email server and make him aware of the problem at his side.

hth

raju

Link to comment
Share on other sites

http://www.spamcop.net/w3m?action=checkblo...p=86.110.195.14

86.110.195.14 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 10 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

http://www.senderbase.org/senderbase_queri...g=86.110.195.14

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day 4.1 2432%

Last month 2.7

C:\...>nslookup 14.195.110.86.bl.spamcop.net

Non-authoritative answer:

Name: 14.195.110.86.bl.spamcop.net

Address: 127.0.0.2

Looks like the problems continue

Link to comment
Share on other sites

Thank you for answers, they all was helpful! Now it's obvious, that all this time I nevertheless was blacklisted. So, I think there was some problem with query page (http://www.spamcop.net/bl.shtml) because I'm sure, that yesterday it said "86.110.195.14 not listed in bl.spamcop.net", but my mail still has been blocked. What do you think about it?

Link to comment
Share on other sites

Thank you for answers, they all was helpful! Now it's obvious, that all this time I nevertheless was blacklisted. So, I think there was some problem with query page (http://www.spamcop.net/bl.shtml) because I'm sure, that yesterday it said "86.110.195.14 not listed in bl.spamcop.net", but my mail still has been blocked. What do you think about it?

Because the SCBL is dynamic your listing can stop and then restart if spam continues to originate from your IP address.

Currently you are not listed in the SCBL but SenderBase continues to report significantly increased mail volumes (2453%) so you may still have an infected machine. In which case you can expect to be listed again unless you can resolve that problem.

Andrew

Link to comment
Share on other sites

The sc blocklist is automatic - when spam is no longer reported from coming from a particular IP address, it ages off. However, when spam is again reported, it is listed again. (it has aged off again)

Various server admins use the spamcop bl to block email from entering their servers. Some admins only use it as part of an array of blocklists. The server admin who was blocking email from your IP continued to use the scbl rejection message even after the IP address had aged off the scbl. Perhaps as people suggested before, he had not refreshed his cache. Perhaps he suspected that your IP address would be listed again and blocked it manually, but didn't change the message. Unless you ask the server admin who rejected the email, we will never know why he continued to block email from your IP address even though it was not listed on the scbl.

As merlyn suggested, you have not fixed the problem. There is still much more email coming from your IP address than normal. That is why you are again listed. Possibly the virus implanted a trojan that now is sending spam in regular cycles. When the trojan stops sending spam, the IP address ages off the scbl. When it starts sending spam again, it is listed again.

As spam continues to come from your IP address, other blocklists will start listing your IP address and other server admins will start to block it. No other blocklist is automatic. Other blocklists require that you contact them directly proving that you have solved your problem. Some server admins will manually add your IP address to IP addresses to be blocked. You will have to contact each one of them, as necessary.

The bottom line is that you need to make sure all of your computers are clean. Being on the scbl is a warning signal to you - particularly if it is listed, delisted, and listed again.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...