[SC-Help] Re: about blacklist

[John E. Malmberg]

The Shetainhe wrote:
> my server ip : 62.244.208.82
> 
> www.spamcop.net
> 
> 62.244.208.82 listed in bl.spamcop.net (127.0.0.2)If there are no reports of
> ongoing objectionable email from this system it will be delisted
> automatically in approximately 12 hours.

Spamcop reports for that I.P. address would have been sent to
mehmetd(at)e-grup.net.

A paying spamcop.net member can look at the spamcop.net evidence to
determine what triggered the listing. I can not do so.

I can only look at public evidence:

http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?62.244.208.82

This looks like a badly misconfigured mail server, which is probably the 
cause for the spamcop.net listing, and is probably going to cause other 
networks to refuse or silently delete all e-mail from your network until 
it is fixed.

The mail server appears to be accepting all e-mail and then generating a 
new bounce message for the messages that can not be delivered.

This is very bad, as almost all e-mail that can not be delivered is 
either spam or a virus that has forged some other person's e-mail address.

In effect, your mail server is being used by spammers and viruses to 
attack other mail servers.

While this behavior is technically allowed by the protocol, it is now 
too abusive for a mail server to be doing that.

The mail server should be checking to see if it can deliver the mail 
before it accepts the e-mail, and then if it can not deliver the e-mail, 
it should use an SMTP reject code.  This is the only way to reliably 
notify a sender that their e-mail was not received.

Until this problem is fixed, you can expect to have other networks 
refuse mail from that server.

According to the MAPS evidence, this misbehavior was first detected on 
January of 2004.  Which is when your provider should have received the 
first complaint about it.

So a spamcop.net blocking should not have been unexpected, since this 
problem has existed now for well over a year.

It is highly likely that many other networks which are not using the 
spamcop.net or other public blocking lists are now either refusing 
e-mail from that server, or silently deleting all e-mail.


Other problems:

Parsing input: 62.244.208.82
host 62.244.208.82 = host-62-244-208-82.borusantelekom.com (cached)

Your network provider has assigned a generic rDNS for that mail server 
that makes it look like a DHCP assigned address.  This may cause 
problems with people accepting your e-mail, or cause spam filters to 
silently delete such mail.

I strongly recommend that the rDNS for a mail server have either the 
string "mail" or "smtp" in it so that everyone in the world will see it 
as a valid mail server and is not on a temporary DHCP address.


As to other problems:

+ SORBSSPEWS-L1 Spam Prevention Early Warning System
  - Level 1 Mirror: l1.spews.dnsbl.sorbs.net -> 127.0.0.2
  ! [1] Paul Mentesidis/WebFills/rxmedicals/palmnet,
   see   http://spews.org/ask.cgi?S1958

This will cause many networks to reject or silently delete e-mail from 
you.  Contact your ISP to get it resolved.

According to the evidence file at SPEWS, your network provider or one of 
the network providers they are using is allowing a criminal to use their 
servers to sell fake pills.

If that ISP considers the money from that more important than what you 
pay or your ISP pays them, then you can expect more problems with 
sending e-mail.  The hosting of such a criminal will cause some networks 
to refuse or silently delete all e-mail from that network, even if they 
do not use SPEWS.

SPEWS will not remove the listing until all spammers are removed from 
the network.  Other networks will need to be individually contacted once 
you determine that your mail is not getting through to them.

So you have at least three visible problems that until they are fixed 
will cause you problems with e-mail delivery.  All of which need to be 
fixed on the sending side.

-John
wb8tyw at qsl.network
Personal Opinion Only