Jump to content

[Resolved] Please tell the reason of listing


As_user
 Share

Recommended Posts

Hi

couldn't you tell us please, the reason why our IP is blocklisted consantly this week ?

http://www.spamcop.net/w3m?action=checkblo...ip=195.12.82.25

Our IP is static, we didn't make any changes in our configurations, except

adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in

our SMTP-gateway configuration (it is an checking addon of Traffic

Inspector - our firewall, and we're using it for 2 years).

Also we've got Panda Antivirus installed and renewing instantly on all

machines in our net, including servers and workstations.

Please let us know the reason, for we could correct our (possible) mistakes. :-(

Link to comment
Share on other sites

Please let us know the reason, for we could correct our (possible) mistakes. :-(

Presumably you looked at the reasons listed at the error URL you provided where it states:

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

This typically indicates that one or more machines at your location have become victim to a spyware trojan or similar. Currently you will be delisted in 19 hours but that assumes no more spam-traps are hit by Emails starting at your IP.

Senderbase doesn't have sufficient data to provide any statistics.

You also have some configuration issues which don't affect your listing but which you may want to take note of - again at the URL you provided.

Andrew

Link to comment
Share on other sites

we didn't make any changes in our configurations, except adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in our SMTP-gateway configuration

OK, so you added blocklists to the equation. Now tell us EXACTLY what happens to mail that 'fails' the blocklist test. What is the machine configured to do with it? EXACTLY how does it reply?

Link to comment
Share on other sites

the reason why our IP is blocklisted 195.12.82.25
The IP is sending ordinary spam. I can't share many details for fear of revealing our secret trap addresses, but this info may help:

Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25])

by [our trap server] with SMTP; 27 Feb 2008 19:xx:xx -0800

Subject: RE: February 83% OFF

From: <x[at]x>

Date: Wed, 27 Feb 2008 19:xx:xx -0800 (PST)

Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25])

by [our trap server] with SMTP; 26 Feb 2008 21:xx:xx -0800

Subject: RE: February 83% OFF

From: <x[at]x>

Date: Tue, 26 Feb 2008 21:xx:xx -0800 (PST)

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours.

I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem.

As it maybe interesting - I'ld like to tell about it.

2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately.

It's my fault, as I could't beleive that trojans could penetrate over Panda defense.

And 1 thing more I've done - in our firewall (which connected to ISP) I closed 25 (SMTP) port for all workstations, because after analysing its logs I've found out that this 2 PC's were generating (as I beleive) mail spam traffic exactly on 25 port.

Thank you all for answering and help :-)

Link to comment
Share on other sites

I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem.

As it maybe interesting - I'ld like to tell about it.

Please accept my apologies for 'rushing to judgment' we do get quite a few 'post-and-runs' in here but obviously you are not one of them. Also please accept my thanks for sorting the matter thus making the internet a better and safer place for us all and for updating us.

Link to comment
Share on other sites

<snip>

As it maybe interesting - I'ld like to tell about it.

2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately.

<snip>

...Thank you all for answering and help :-)

...And thank you for taking the time to let us know the good news! :) <g> Based on your note, I shall mark this thread as "Resolved."
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...