Lately, I've been getting more spam on my server... and after I recently sent an e-mail, I received a reply that said my e-mail got rejected as it was SPAM-MAIL...

this is what it said:

Mail from spam source 64.191.4.74 refused - see http://www.spews.org/

------ This is a copy of the message, including all the headers. ------

Return-path: <raine@eldaronline.com>
Received: from ******.net.cable.rogers.com ([24.*.*.*] helo=biggie)
by 40k.eldaronline.com with asmtp (Exim 3.36 #1)
id 18oM8p-0003Zw-00
for *******@*****.com; Thu, 27 Feb 2003 06:23:55 -0500
From: "Purple Raine" <raine@eldaronline.com>
To: ***@***.com>
Subject: RE: Date: Thu, 27 Feb 2003 06:23:45 -0500
Message-ID: <000a01c2de52$b47a6580$bcbb6718@biggie>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000B_01C2DE28.CBA45D80"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <008a01c2d6cb$4d4a1100$0e02a8c0@WorkGroup>

This is a multi-part message in MIME format.


I've never heard of SPEWS before, but when i looked up the IP address to my server, this is what it said...

BTSmailer/bulkingpro
|--------------------
0, 216.27.159.6, Peter DeCaro / bulkingpro.com / BTSmailer (dsl027-159-006.nyc1.dsl.speakeasy.net)
0, 64.176.61.93, Peter DeCaro / bulkingforprofit.com / BTSmailer (successfulhosting.com / alabanza.com) (dead)
0, 64.239.50.7, Peter DeCaro / btsmailer.com (coyotesoftware.net) (dead)
1, 66.230.215.240, Peter DeCaro / dreampro.net (on City-Guide spam house)
1, 66.230.222.200, Peter DeCaro / dreampro.net (on City-Guide spam house)
1, 200.153.75.123, "ptrdname = ns1.bulk-server.com" (Oromar Mollica Jr's Brazilian spam house)
1, 200.153.74.0 - 200.153.76.255, bulk-server.com (amearte.com.br taubateonline.com.br telesp.net.br)
1, 200.206.193.84, 9.bulk-server.com (200-206-193-84.dsl.telesp.net.br)
1, 200.206.193.83, aim.wesellforyou.net (200-206-193-83.dsl.telesp.net.br)
1, 200.206.193.0/24, 9.bulk-server.com (telesp.net.br) (on listed telesp.net.br)
1, 200.32.3.104, ns1.bulk-server.com (datamarkets.com.ar) (dead)
1, 200.32.3.105, ns2.bairesweb.com (datamarkets.com.ar) (dead)
1, 208.56.91.162, Peter DeCaro / pharamond.net / bulkingpro.com / BTSmailer
2, 208.56.91.128/25, Peter DeCaro / pharamond.net / bulkingpro.com / BTSmailer (Alabanza)
1, 208.56.163.187, Peter DeCaro / fashionreseller.com (oneononeinternet.com)
1, 208.56.163.128/25, Peter DeCaro / fashionreseller.com (Alabanza)
1, 216.147.1.208, Peter DeCaro / ns2.pharamond.net (host.ns2.dedicatedns.com) (Alabanza)
2, 65.108.6.137, Peter DeCaro / fashionreseller.org / bulkingpro.com (dead?)
0, 65.108.6.128/25, Alabanza (Peter DeCaro / fashionreseller.org / bulkingpro.com)
1, 64.176.29.189, Peter DeCaro / "bprocenter.org" (host27.the-web-host.com)
1, 64.176.29.128/24, the-web-host.com (Peter DeCaro / "bprocenter.org") (Alabanza)
0, 66.70.21.144, Peter DeCaro / i-marketingpro.com (ian.ukinternetsites.com) (dead)
0, 66.70.21.128/25, datapipe.com (Peter DeCaro / i-marketingpro.com (ian.ukinternetsites.com))
1, 64.191.4.19, Peter DeCaro / i-marketingpro.com (everity.com)
1, 64.191.4.0/25, Peter DeCaro / i-marketingpro.com (everity.com / servershost.net / hostnoc.net)
---------------------|


and yati yati ayti

Thank you!
WBR, Jimmy Brown.

========================================================



Long, sorry, any ideas?

This sucks but can be corrected,

Switch off relaying on your mail server.

Different methods depending on your mailserver.

Qmail is noted in http://www.lifewithqmail.org/lwq.html#relaying

Exchange is noted in http://www.slipstick.com/exs/relay.htm

Otherwise google is your friend www.google.ca

Then once you have checked that your relaying is off by Telnetting in and trying to send a mail through telnet from another domain via yours or go to the nice folks at http://www.ordb.org/ if you cannot use telnet to test your SMTP relaying.

If all your ducks are in place and all is OK, then contact the holder of the blacklist and suck up like crazy explaining your initial ignorance of the relaying and your action when you found it out and that you want to be unblacklisted.

*If all else fails then tell him you know me and that I'll send the boys around later on to sort him out if he doesn't unblacklist you*

But seriously, most admins can stop a person who didn't know and learned a lesson the hard way from a spam idiot_scum_sucking_pig_mofo_stuff_I_scraped_off_my_shoe_type_person and will then comply.

HTH,

Glyn

"Lack of planning on your part, does not constitute an emergency on my part."

Originally posted by raine
Lately, I've been getting more spam on my server... and after I recently sent an e-mail, I received a reply that said my e-mail got rejected as it was SPAM-MAIL...

this is what it said:

Mail from spam source 64.191.4.74 refused - see http://www.spews.org/


Here are the entries relevant to your IP (64.191.4.74):


1, 64.191.4.19, Peter DeCaro / i-marketingpro.com (everity.com)
1, 64.191.4.0/25, Peter DeCaro / i-marketingpro.com (everity.com / servershost.net / hostnoc.net)


This means that, most likely, the actual spam was coming from the IP 64.191.4.19. Your IP is being included as part of the 64.191.4.0/25 block (the IPs between 64.191.4.0 and 64.191.4.127). That block is being listed as collateral damage, and not because any spam is actually known to be coming from it. The idea is that by listing other IPs owned by the same folks who are "condoning" the spam, it puts more pressure on the IP owners to do something about it. (Whether it works is a much-debated topic, and I've no interest in discussing that here.)

Either way, there's probably not a whole lot you can do. SPEWS supporters would tell you to complain to your ISP and convince them to cancel the spammer, and anti-SPEWS folks would tell you to complain to whoever runs the mailserver that you're trying to send mail to and convince him to stop using SPEWS to block mail. Neither approach is likely to work very well. You could also try to get your provider to move you to another, non-blacklisted netblock, which is more likely to work. (Of course, it that block gets blacklisted, you're back where you started.)

At any rate, the good news is that your box isn't being used to send spam (or at least none that's shown up anywhere yet), so you don't need to worry about that.