[plug] blocked site

Peter Wright pete at flooble.apana.org.au
Sat Aug 16 00:29:02 WST 2003 

On 15/08 22:58:38, Jon Miller wrote:
> Today while trying to send an e-mail to a friend I noticed this in my
> log file.  Does this mean that his site isn't accepting mail from us, or
> that we are the ones in err.
[ snip ]
> Aug 15 23:04:00 gateway postfix/smtp[916]: 518B9D:
> to=<joseph at enochweb.com>, relay=mail.enochweb.com[66.102.130.125],
> delay=1, status=deferred (host mail.enochweb.com[66.102.130.125] said:
> 451 Blocked - see http://spamcop.net/bl.shtml?203.153.229.84)

Possibly both. ;-)

It simply means that mail.enochweb.com is rejecting mail from
mailservers listed in the SpamCop blacklist.

gateway.mmtnetworks.com.au appears to be listed in SpamCop.

> Would this be due to a mass mailing that the client on this VPN sent
> (~3000 e-mails, their client list).

Hmmm. Hmm.

Well, while it appears SpamCop only shows the _headers_ of the spam
samples reported to them (ie. not the message body), even just the
headers of this sample looks pretty suspicious:

| Received: from mailserv2.cps.pl (gateway.mmtnetworks.com.au [203.153.229.84])
| 	by mailserv2.cps.pl (Postfix) with SMTP
| 	id 183F76367; Thu, 14 Aug 2003 21:19:15 +0200 (CEST)
| To: <x>
| From: "Qum" <elizabethwilliamsqyddpjjr at yahoo.com>
| Subject: Qum
| Date: Thu, 14 Aug 2003 12:13:33 -0700

(from http://spamcop.net/w3m?action=checkblock&ip=203.153.229.84 )

Do they normally send emails out to their "client" list with what
looks like fake yahoo.com addresses in the From: field? :-/

Anyway, the evidence would _seem_ to indicate there's a low-grade
spammer using gateway.mmnetworks.com.au to send stuff - not
necessarily the client you're referring to, but someone.

Though I'm not too familiar with the SpamCop site, so I might have
misread something.

> If this is the situation, how do I get them off the bl.spamcop list?
> Or do I need to wait out the time period?

Assuming you're referring to mail.mmtnetworks.com.au, I'm not sure.
I couldn't find on the SpamCop site anything specifying what you have
to do to get unlisted - but from what I remember about SpamCop, if no
more spam comes from that source, it'll eventually (days? weeks?) get
unlisted.

It's really the problem of the mail.mmtnetworks.com.au administrator,
though. Contact that person and let them know that the mailserver is
listed on SpamCop (presuming they didn't already know). Once they've
found out who spammed and taken action to prevent them doing it again,
you should be fine.

> Thanks
> Jon

Pete.
-- 
http://akira.apana.org.au/~pete/
There are 2 kinds of people in my world: those who know Unix, Perl, Vim, GNU,
Linux, etc, and those who know COBOL.  It gets very difficult for me at
parties, not knowing which group to socialise with :-) -- Sitaram Chamarty

More information about the plug mailing list