On Fri, Mar 04, 2011 at 03:29:08PM +0100, kapetr wrote:
> first I have to say: the problem with home/dynamic IP ranges,
> business accounts, ... and therefore the need of using relay of
> my ISP in my case I have well understand and I do it so.
>
> What I'm interesting for is still the:
>
> > http://cbl.abuseat.org/lookup.cgi?ip=85.71.234.108+&.submit=Lookup
> >
> > says -as you wrote:
> > IP Address 85.71.234.108 is listed in the CBL. It appears to be
> > infected with a spam sending trojan or proxy.
> > It was last detected at 2011-03-01 07:00 GMT (+/- 30 minutes),
>
> So the question is, how I get into such list and why am I
> recognized as " infected with a spam sending trojan or proxy"
> and not just "disabled while dynamic IP range".
Did you read the rest of that page, and these links?
http://cbl.abuseat.org/nat.html
http://cbl.abuseat.org/advanced.html
> I have first time used Postfix (after install) at 2011-03-01 06:00
> GMT
>
> And at 2011-03-01 06:44 GMT I have try send test e-mail to my
> <kenap.i...@gmail.com>, which was rejected back.
>
> So my conclusion is, that my only "crime" was this action: attempt
> of send mail to Goggle SMTP server from homeIP address. The Google
> server probably immediately have send report of that to
> cbl.abuseat.org, which has it rated as I would be "infected with a
> spam sending trojan or proxy", which is not accurate - NOT correct.
I doubt your conclusion. IIUC CBL detects spam based on content and
ONLY when it hits a spamtrap address; that is, an address which has
never been used for legitimate mail and was harvested by spammers.
I further highly doubt any link between Gmail and CBL exists.
> Maybe cbl.abuseat.org simple things, that if someone try to send
> emails from MTA on homeIP, then it must be spamer or infected system
> ?!
>
> On spamhaus.org I am in PBL (which is correct - dynamic range) and
> unfortunately also in XBL, just while I am listed by the CBL at
> abuseat.org - as discussed above.
>
> My logs are OK. No spams. No one is abusing my system. I'm 99.99%
> sure :)
Block and log all outbound accesses to port 25 in your firewall. Oh
wait ... the links above tell you that. You need to go through those
before posting again. As the advanced.html page says, it can be very
difficult to identify the source of the spam.
Also it's not really on topic here. If you'll indulge a shameless
self-promotion, this would be quite on topic on this list, which I
co-manage:
http://spammers.dontlike.us/
We do have a CBL representative who subscribes and sometimes posts.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
