Paradise.Net SMTP server blocked.
After experiencing email problems I've noticed Paradise's SMTP server is currently being blocked by SpamCop. http://www.spamcop.net/w3m?action=checkblock&ip=203.96.152.177 Anybody got any comments? These email problems have been ongoing over the last few weeks so I suspect the server (smtp1.paradise.net.nz) has been on the list for some time.
After experiencing email problems I've noticed Paradise's SMTP server is currently being blocked by SpamCop.
http://www.spamcop.net/w3m?action=checkblock&ip=203.96.152.177
Anybody got any comments? These email problems have been ongoing over the last few weeks so I suspect the server (smtp1.paradise.net.nz) has been on the list for some time.
"If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 13 hours." Here's hoping Paradise users will refrain from sending out "ongoing objectionable email" for approximately 13 hours. -- Juha
Juha Saarinen wrote:
"If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 13 hours."
Here's hoping Paradise users will refrain from sending out "ongoing objectionable email" for approximately 13 hours.
Query bl.spamcop.net - 203.96.152.177 203.96.152.177 not listed in bl.spamcop.net Say it, and it will be done. "Wow, I'm good at this... now, let me wish for a 12 year old girl and a donkey..." - Drawn Together - Drew
At 18:07 9/11/2005, Steve Biddle wrote:
After experiencing email problems I've noticed Paradise's SMTP server is currently being blocked by SpamCop.
http://www.spamcop.net/w3m?action=checkblock&ip=203.96.152.177
Anybody got any comments? These email problems have been ongoing over the last few weeks so I suspect the server (smtp1.paradise.net.nz) has been on the list for some time.
Warning, rant ahead. :) The same thing happened to us (for the first time) a few weeks ago. No warning of any kind we just suddenly notice that some of our outgoing mail is getting rejected. So I go to the spamcop website to look up our mailserver to see whats going on, and find there is NO information on why we've been blacklisted, just a list of "possible reasons" why spamcop blacklist servers. There is a method to follow to get yourself removed from the list immediately, but it has the veiled threat attached to it that you can only use it "once" and if a further re-ocurrance of a spam report occurs you will be immediately blocked again for at least 12 hours. Not happy with this, since I have no idea WHAT the reason for the block was in the first place, I email them through their contact form complaining that no evidence has been provided as to why the block was in place, and that I can't confirm the "problem" is fixed if I don't know what the supposed problem is. I get back an email response (admitedly fairly quickly, when I wasn't expecting any response) which says: "Your server is not an open relay, but you have a user that is infected with a mass-mailer trojan/malware" (and finally a copy of some message headers that prove it) WHAT ? An entire ISP's mailserver blocked because one user is infected with a spam trojan ? Gosh, if thats their policy, every ISP on the planet is going to keep getting blocked all the time, as I don't know of ANY ISP that doesn't have at least a few customers infected with a spam zombie/trojan at a given time. Not only that, but the sample message header they provided had many of the message fields obfuscated, including the message id tag and the time, making it extremely difficult to track the message back to a specific customer anyway. (As it was a dynamic dialup ip, the exact time is required to confirm their identity....) Another thing with spamcop is that they do NOT verify "spam complaints" from people submitting them to the site before putting someone on a blocklist, it is an automated process. So all it takes is a few disgruntled (or ignorant) netizens to list the same server, and bang, you're on there, whether guilty or innocent. What surprised me during this whole episode is just how many people (including large ISP's) seem to use the spamcop list as an outright block at the SMTP level seemingly without knowing or understanding spamcops (poor) policies. I strongly suggest that people DONT do SMTP level blocks using spamcop lists, as they are simply not trustworthy enough, I only use spamcop as a points scoring mechanism in spamassassin, I've never trusted it for outright blocking... Regards, Simon Byrnand iGRIN Internet
On 9-Nov-2005, at 15:48, Simon Byrnand wrote:
The same thing happened to us (for the first time) a few weeks ago.
No warning of any kind we just suddenly notice that some of our outgoing mail is getting rejected. So I go to the spamcop website to look up our mailserver to see whats going on, and find there is NO information on why we've been blacklisted, just a list of "possible reasons" why spamcop blacklist servers.
If you're interested in being warned when an address in your netblock appears on a DNSBL, try talking to Rick about the service he's running at Alice, as described here: http://www.nanog.org/mtg-0510/wesson.html Also, if can get yourself onto nsp-sec, you'll find there are other similar tools available to you: https://puck.nether.net/mailman/listinfo/nsp-security Neither of these things help you get off lists once you're on them, but at least they give you advanced warning that the problem exists before your customers start telling you about it. Joe
"Your server is not an open relay, but you have a user that is infected with a mass-mailer trojan/malware"
(and finally a copy of some message headers that prove it)
Was this the honest-to-god reason? I thought that most malware did its own MX lookups and relayed directly? Aka bypassing the SMTP relay provided by infected-parties ISP? Given the sheer volume of smtp-crud that a lot of people see, it wouldnt suprise me that large blocks get put in sooner rather than later. In some respects though, SORBS's policy is actually reasonably well thought out. Entries get a TTL of 2 days and if now further 'hits' on the IP are received, the TTL auto-expires and the block comes off. TTL gets renewed each time a further report is received. Mark.
participants (6)
-
Drew Broadley -
Joe Abley -
Juha Saarinen -
Mark Foster -
Simon Byrnand -
Steve Biddle