SORBS-DUHL LISTED Detail Return codes were: 127.0.0.10 blacklist

Discussion in 'Mail Server Support' started by popowich, Oct 6, 2011.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Yes. Find the source of the problem and stop the spam. Once the spam is stopped and the problem that causes it has been corrected create an account at SORBS (Spam and Open-Relay Blocking System) . Open a support ticket and let them know both what the problem was, how it was corrected, why it won't happen again, and don't forget to include the IP address in the ticket. As long as you appear to have been a good sender with a one time problem SORBS should delist you.

    I removed the IP address to protect your clients privacy (since it's me creating a thread from an email), but it's worth noting it's a good thing that their reverse DNS TTL is 1D (more than 14400 seconds). The SORBS minimum TTL for getting delisted is 14400 seconds.
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Did you fix the source of the spam problem?

    How far did you get with the delisting process?

    Do you have a SORBS account?

    Did you submit the delisting?

    Did you get an auto response back?

    Did you get any communication after the auto response?
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    What what the source of the problem and the fix?

    That info is required for delisting.

    Yes, having matching custom forward and reverse DNS TTL's that are at least 14400 seconds is one of the requirements for getting delisted at SORBS.

    Not knowing what caused you to get listed is a problem.

    If you get delisted and the problem repeats you'll get hit for being a repeat offender.

    Likely causes of listings are spam and/or backscatter going to SORBS spamtrap accounts.

    Make sure that the mail servers are only accepting email for addresses that can be delivered to, and that they 5xx reject emails that won't be delivered before they are accepted.

    Also check to make sure none of the computers the mail server will relay mail for are infected and sending spam.

    Do you see any unusual activity in your mail logs?
     
  4. blenheimfire

    blenheimfire Valued Member

    Joined:
    Sep 6, 2011
    Messages:
    58
    Likes Received:
    0
    Just to add a little note.... Is port 25 locked down only to mail server? If not it should be this will cut down on the possibility of workstations sending spam. I would also look at the network with tools such as Wireshark, Fireplotter etc. This will give you an in-depth look at where the SMTP traffic is coming from. If you have a half decent firewall(ciscoasa5505) you can caputre the information needed to correct issue if its spam related.

    If you need help nailing down the problem I will be around today until 3:00 maybe we can setup a remote session and I can help you?>

    Just an idea.

    I love problems like this~!
    Is your mail server open relay? AKA HOney Pot...AKA OH NO.

    Pop: how come your entering in 2 parts to the conversation?
     
  5. blenheimfire

    blenheimfire Valued Member

    Joined:
    Sep 6, 2011
    Messages:
    58
    Likes Received:
    0
    Ok I just realized I made every other firewall look like crap...FACT is a lot of firewalls have logging which you must turn on. This will also let you see connections for SMTP which should help you locate your top spammer. I just prefer Cisco ASA 5505.

    Sorry for the bias
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    I'm helping a friend by email and copying parts of the discussion to this thread so it can help other people too.
     
  7. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    What about the other suggestions that were contributed after me?

    Do they have a mail filter or other device/computer that's spamming?

    Does someone have an auto responder that is being used to redirect spam?

    From: Innocent 3rd party
    To: legit-user-with-autoresponder
    Body: Spammy content
    Auto response -> Spammy content to innocent 3rd party?

    One way or another you'll need to figure out the source of the problem or the blacklistings will continue.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...