MailScanner mailing list ended up on a black list.

Scott Silva ssilva at sgvwater.com
Tue Aug 21 16:49:01 IST 2007


Jim Barber spake the following on 8/20/2007 5:30 PM:
> Hi all.
> 
> Last night I noticed that most (all?) of my incoming posts from this
> list were tagged as spam (despite having really low scores).
> I found the cause was due to an RBL server that I use having listed one
> of the email servers this list comes from.
> 
> The MailScanner server that is getting black listed is: 83.98.192.7
> which reverse resolves to safir.blacknight.ie
> The RBL server that I am using is blackholes.five-ten-sg.com
> This one I've added myself, but I am reluctant to remove it since so far
> over the months it has served me well.
> 
> If you go to http://www.five-ten-sg.com/blackhole.php and enter
> 83.98.192.7 into the form it comes back with the following:
> 
> ------------------------------------------------------------
> IP address 83.98.192.7 is listed here as 83.98.192.165 misc.
> 
> Although there may be other reasons, most of the listings in this
> category are due to
> (1. systems apparently sending bulk mail from ip addresses with bogus or
> missing reverse dns, or with no web server, or with boilerplate web
> content, or
> 2. a suspected multistage relay output, or
> 3. machines probably running MS SMTPSVC with an open guest account, or
> 4. running some open proxy), or it is in the same /24 subnet containing
> multiple machines with that property.
> ------------------------------------------------------------
> 
> The 'misc' (127.0.0.9) return code is defined by the site as:
> 
> ------------------------------------------------------------
> misc - Miscellaneous includes (but is NOT limited to) the following groups.
> Note that this does NOT include misc.spam which is listed under spam above.
> 1) /24 blocks of addresses containing systems that are apparently
> sending bulk email (in volumes apparently comparable with the volume
> from AOL, Earthlink, Google), with any of the following attributes:
> missing or bogus reverse dns, reverse dns names in domains with no web
> server, or domains with boilerplate web content.
> 2) Systems that are strongly suspected of being multistage open relays
> (where I have not been able to identify the input stage) or open proxies.
> 3) Any system that delivers spam here, that appears to be running MS
> SMTPSVC, and that appears to have relayed the message from China, Korea,
> Brazil, or any known open proxy.
>    These are generally systems that have enabled the guest account, and
> spammers are using them as open relays, even though they do require SMTP
> AUTH.
>    Enabling the guest account allows anyone to relay thru them.
> ------------------------------------------------------------
> 
> Is this the correct place to report it to?
> It's sort of ironic having an anti-spam list ending up marked as spam.
> Oh well.
> 
> Regards,
> 
blackholes.five-ten-sg.com is too aggressive a list for me. One spammer can
kill an entire subnet on that list. If you check those spammers on other
lists, they are usually there also.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list