MailScanner mailing list ended up on a black list.

Jim Barber jim.barber at ddihealth.com
Tue Aug 21 01:30:54 IST 2007


Hi all.

Last night I noticed that most (all?) of my incoming posts from this list were tagged as spam (despite having really low scores).
I found the cause was due to an RBL server that I use having listed one of the email servers this list comes from.

The MailScanner server that is getting black listed is: 83.98.192.7 which reverse resolves to safir.blacknight.ie
The RBL server that I am using is blackholes.five-ten-sg.com
This one I've added myself, but I am reluctant to remove it since so far over the months it has served me well.

If you go to http://www.five-ten-sg.com/blackhole.php and enter 83.98.192.7 into the form it comes back with the following:

------------------------------------------------------------
IP address 83.98.192.7 is listed here as 83.98.192.165 misc.

Although there may be other reasons, most of the listings in this category are due to
(1. systems apparently sending bulk mail from ip addresses with bogus or missing reverse dns, or with no web server, or with boilerplate web content, or
2. a suspected multistage relay output, or
3. machines probably running MS SMTPSVC with an open guest account, or
4. running some open proxy), or it is in the same /24 subnet containing multiple machines with that property.
------------------------------------------------------------

The 'misc' (127.0.0.9) return code is defined by the site as:

------------------------------------------------------------
misc - Miscellaneous includes (but is NOT limited to) the following groups.
Note that this does NOT include misc.spam which is listed under spam above.
1) /24 blocks of addresses containing systems that are apparently sending bulk email (in volumes apparently comparable with the volume from AOL, Earthlink, Google), with any of the following attributes: missing or bogus reverse dns, reverse dns names in domains with no web server, or domains with boilerplate web content.
2) Systems that are strongly suspected of being multistage open relays (where I have not been able to identify the input stage) or open proxies.
3) Any system that delivers spam here, that appears to be running MS SMTPSVC, and that appears to have relayed the message from China, Korea, Brazil, or any known open proxy.
    These are generally systems that have enabled the guest account, and spammers are using them as open relays, even though they do require SMTP AUTH.
    Enabling the guest account allows anyone to relay thru them.
------------------------------------------------------------

Is this the correct place to report it to?
It's sort of ironic having an anti-spam list ending up marked as spam. Oh well.

Regards,

-- 
----------
Jim Barber
DDI Health


More information about the MailScanner mailing list