As_user Posted February 28, 2008 Posted February 28, 2008 Hi couldn't you tell us please, the reason why our IP is blocklisted consantly this week ? http://www.spamcop.net/w3m?action=checkblo...ip=195.12.82.25 Our IP is static, we didn't make any changes in our configurations, except adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in our SMTP-gateway configuration (it is an checking addon of Traffic Inspector - our firewall, and we're using it for 2 years). Also we've got Panda Antivirus installed and renewing instantly on all machines in our net, including servers and workstations. Please let us know the reason, for we could correct our (possible) mistakes. :-(
agsteele Posted February 28, 2008 Posted February 28, 2008 Please let us know the reason, for we could correct our (possible) mistakes. :-( Presumably you looked at the reasons listed at the error URL you provided where it states: System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) This typically indicates that one or more machines at your location have become victim to a spyware trojan or similar. Currently you will be delisted in 19 hours but that assumes no more spam-traps are hit by Emails starting at your IP. Senderbase doesn't have sufficient data to provide any statistics. You also have some configuration issues which don't affect your listing but which you may want to take note of - again at the URL you provided. Andrew
Derek T Posted February 28, 2008 Posted February 28, 2008 This typically indicates that one or more machines at your location have become victim to a spyware trojan or similar. Another possibility is that you re sending misdirected 'bounces' due to 'out-of-office', 'over-quota' etc.
Derek T Posted February 28, 2008 Posted February 28, 2008 we didn't make any changes in our configurations, except adding RBL-checking addresses (such as sbl-xbl.spamhaus.org and so on) in our SMTP-gateway configuration OK, so you added blocklists to the equation. Now tell us EXACTLY what happens to mail that 'fails' the blocklist test. What is the machine configured to do with it? EXACTLY how does it reply?
SpamCopAdmin Posted February 28, 2008 Posted February 28, 2008 the reason why our IP is blocklisted 195.12.82.25The IP is sending ordinary spam. I can't share many details for fear of revealing our secret trap addresses, but this info may help: Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25]) by [our trap server] with SMTP; 27 Feb 2008 19:xx:xx -0800 Subject: RE: February 83% OFF From: <x[at]x> Date: Wed, 27 Feb 2008 19:xx:xx -0800 (PST) Received: from server.e-zdrav.ru (HELO proxy.utnet.ru) ([195.12.82.25]) by [our trap server] with SMTP; 26 Feb 2008 21:xx:xx -0800 Subject: RE: February 83% OFF From: <x[at]x> Date: Tue, 26 Feb 2008 21:xx:xx -0800 (PST) - Don D'Minion - SpamCop Admin -
Derek T Posted February 28, 2008 Posted February 28, 2008 The IP is sending ordinary spam. Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours.
As_user Posted March 3, 2008 Author Posted March 3, 2008 Thanks, Don, the OP doesn't seem to be that interested as s/he's not been back in eight hours. I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem. As it maybe interesting - I'ld like to tell about it. 2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately. It's my fault, as I could't beleive that trojans could penetrate over Panda defense. And 1 thing more I've done - in our firewall (which connected to ISP) I closed 25 (SMTP) port for all workstations, because after analysing its logs I've found out that this 2 PC's were generating (as I beleive) mail spam traffic exactly on 25 port. Thank you all for answering and help :-)
agsteele Posted March 3, 2008 Posted March 3, 2008 Thank you all for answering and help :-) Thank your for handling the issue. I see that your IP is already not listed in the SCBL. Andrew
Derek T Posted March 3, 2008 Posted March 3, 2008 I beg your pardon for not answering soon, because all day long on Friday was trying to resolve the problem. As it maybe interesting - I'ld like to tell about it. Please accept my apologies for 'rushing to judgment' we do get quite a few 'post-and-runs' in here but obviously you are not one of them. Also please accept my thanks for sorting the matter thus making the internet a better and safer place for us all and for updating us.
turetzsr Posted March 3, 2008 Posted March 3, 2008 <snip> As it maybe interesting - I'ld like to tell about it. 2 PC was infected by trojans, and Panda AV has missed it even with fresh bases. Scanning the workstations with another antivirus from boot CD found more infected files which all were deleted immidiately. <snip> ...Thank you all for answering and help :-) ...And thank you for taking the time to let us know the good news! <g> Based on your note, I shall mark this thread as "Resolved."
As_user Posted March 4, 2008 Author Posted March 4, 2008 To ALL guys: Not at all... I'll be glad if my experience can be useful
Recommended Posts
Archived
This topic is now archived and is closed to further replies.