Jump to content

Spamcop report - Open Proxy


Recommended Posts

Hi,

Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216.

Thanks,

David

Link to comment
Share on other sites

Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216

Is there a particular reason why you believe that the open proxy report came from SpamCop? At this point your IP is not listed in the SCBL. There is only one report from a user for your IP in the last 90 days. There may have been spam-trap reports that aren't open to the public to view.

You are, however, listed at cbl.abuseat.org and pbl.spamhaus.org You'll have to deal with those lists through their own operators.

Andrew

Link to comment
Share on other sites

Is there a particular reason why you believe that the open proxy report came from SpamCop? At this point your IP is not listed in the SCBL. There is only one report from a user for your IP in the last 90 days. There may have been spam-trap reports that aren't open to the public to view.

You are, however, listed at cbl.abuseat.org and pbl.spamhaus.org You'll have to deal with those lists through their own operators.

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

We are aware of the CBL & PBL issues and are following that up with the respective groups.

Link to comment
Share on other sites

...The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?
Hi David, can't help with the specific process used by SC but discussions here usually suggest the telnet relay-test.mail-abuse.org - as suggested http://forum.spamcop.net/forums/index.php?...ost&p=27379 other resources are shown in http://spamlinks.net/prevent-secure-relay-test.htm

HTH

[added on edit - a test with http://www.antispam-ufrj.pads.ufrj.br/cgi-...=83.137.133.216 was inconclusive. It appears to show an accepted relay in Test 8 but that is no proof by itself.]

Link to comment
Share on other sites

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.

Andrew

Link to comment
Share on other sites

That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.

And SpamCop itself does not test for open proxies. It does submit to other tests (by other blocklists) those that show signs of being submitted through an open proxy.

Link to comment
Share on other sites

Hi, David, and welcome!

And SpamCop itself does not test for open proxies.

<snip>

...Nor would SpamCop list your server solely because it met an open proxy test. See SpamCop FAQ (there's a link to it near the top left of each SpamCop Forum page) entry labeled "What is on the list?."
Link to comment
Share on other sites

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

None of us can see the email report referenced by that ID number, but I rather doubt that it was telling you that you had an open proxy...perhaps it only mentioned the possibility. In any case, it wasn't the result of a test, but rather a specific piece of email reported as spam by a SpamCop user.

DT

Link to comment
Share on other sites

That represents one report (probably the one I found) but one report would not constitute an entry in the SCBL.
Yeah, would have to be the same one Andrew
Report History:

--------------------------------------------------------------------------------

Submitted: Monday, 16 June 2008 7:45:20 PM +0800:

Work with Russian overseas property partners

3200297675 ( 83.137.133.216 ) To: ripe[at]pure360.com

None of us can see the email report referenced by that ID number, ...
True enough but just for the benefit of new users, the foregoing limited detail can be pulled up by entering the report number in the "Jump to report ID:" box in any member's "Past Reports" tab on the member (log in) page.
Link to comment
Share on other sites

Email from our PowerMTA email server has generated problem stating we are running an open proxy on the server.

The port 8080 had been open on the server but has now been closed by a firewall. Is there anyway to perform the same test Spamcop did to verify the problem has been resolved?

The IP address in question is 83.137.133.216.

Open Proxy???? I don't think so more like spamming.

---------------------------------------------------

See: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65317

83.137.133.0/24 is listed on the Spamhaus Block List (SBL)

16-Jun-2008 22:16 GMT | SR04

PUR3.NET

Sending not-Confirmed-Opt-In spam from most IPs in this range. Content is casino, vistaprint, etc.

---------------------------------------------------

According to senderbase every IP in the /24 is in multiple blocklists. Looks like spam to me.

Link to comment
Share on other sites

The reason is we received the email with the following details [spamCop (83.137.133.216) id:3200297675] but thank you for your thoughts regarding the problem.

We are aware of the CBL & PBL issues and are following that up with the respective groups.

You followed up with the cbl and it looks lke they put you back on.

------------------------------------------------------------------------------------------------------

IP Address 83.137.133.216 is currently listed in the CBL.

It was detected at 2008-06-15 23:00 GMT (+/- 30 minutes), approximately 1 days, 20 hours, 30 minutes ago.

It has been relisted following a previous removal at 2008-06-13 10:18 GMT

----------------------------------------------------------------------------------------------------

The problem is if you ask to be delisted you should not spam the same address again :(

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...