[plug] blocked site

Jon Miller jlmiller at mmtnetworks.com.au
Sat Aug 16 07:22:51 WST 2003 

Peter,
Thanks a lot and I know what happened in this case.
It wasn't the mass nailing that caused this at all.

Jon

On Sat, 2003-08-16 at 00:29, Peter Wright wrote:
> On 15/08 22:58:38, Jon Miller wrote:
> > Today while trying to send an e-mail to a friend I noticed this in my
> > log file.  Does this mean that his site isn't accepting mail from us, or
> > that we are the ones in err.
> [ snip ]
> > Aug 15 23:04:00 gateway postfix/smtp[916]: 518B9D:
> > to=<joseph at enochweb.com>, relay=mail.enochweb.com[66.102.130.125],
> > delay=1, status=deferred (host mail.enochweb.com[66.102.130.125] said:
> > 451 Blocked - see http://spamcop.net/bl.shtml?203.153.229.84)
> 
> Possibly both. ;-)
> 
> It simply means that mail.enochweb.com is rejecting mail from
> mailservers listed in the SpamCop blacklist.
> 
> gateway.mmtnetworks.com.au appears to be listed in SpamCop.
> 
> > Would this be due to a mass mailing that the client on this VPN sent
> > (~3000 e-mails, their client list).
> 
> Hmmm. Hmm.
> 
> Well, while it appears SpamCop only shows the _headers_ of the spam
> samples reported to them (ie. not the message body), even just the
> headers of this sample looks pretty suspicious:
> 
> | Received: from mailserv2.cps.pl (gateway.mmtnetworks.com.au [203.153.229.84])
> | 	by mailserv2.cps.pl (Postfix) with SMTP
> | 	id 183F76367; Thu, 14 Aug 2003 21:19:15 +0200 (CEST)
> | To: <x>
> | From: "Qum" <elizabethwilliamsqyddpjjr at yahoo.com>
> | Subject: Qum
> | Date: Thu, 14 Aug 2003 12:13:33 -0700
> 
> (from http://spamcop.net/w3m?action=checkblock&ip=203.153.229.84 )
> 
> Do they normally send emails out to their "client" list with what
> looks like fake yahoo.com addresses in the From: field? :-/
> 
> Anyway, the evidence would _seem_ to indicate there's a low-grade
> spammer using gateway.mmnetworks.com.au to send stuff - not
> necessarily the client you're referring to, but someone.
> 
> Though I'm not too familiar with the SpamCop site, so I might have
> misread something.
> 
> > If this is the situation, how do I get them off the bl.spamcop list?
> > Or do I need to wait out the time period?
> 
> Assuming you're referring to mail.mmtnetworks.com.au, I'm not sure.
> I couldn't find on the SpamCop site anything specifying what you have
> to do to get unlisted - but from what I remember about SpamCop, if no
> more spam comes from that source, it'll eventually (days? weeks?) get
> unlisted.
> 
> It's really the problem of the mail.mmtnetworks.com.au administrator,
> though. Contact that person and let them know that the mailserver is
> listed on SpamCop (presuming they didn't already know). Once they've
> found out who spammed and taken action to prevent them doing it again,
> you should be fine.
> 
> > Thanks
> > Jon
> 
> Pete.
-- 
Jon Miller <jlmiller at mmtnetworks.com.au>
MMT Networks Pty Ltd

More information about the plug mailing list