UCEPROTECT Delisting Question
mkeat...@gmail.com
If a party listed at Level 2 pays for express delisting from that
level, do the Level-1 listings that led to the escallation remain in
place for the usual seven-day waiting period, or do they get delisted
as well? I suspect (and hope) they would remain listed until
expiration, but -- as I said -- I am curious.
Thanks.
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Claus v. Wolfhausen
mkeat...@gmail.com says...
>
>For the sake of my curiosity, I have to ask...
>
>If a party listed at Level 2 pays for express delisting from that
>level, do the Level-1 listings that led to the escallation remain in
>place for the usual seven-day waiting period, or do they get delisted
>as well? I suspect (and hope) they would remain listed until
>expiration, but -- as I said -- I am curious.
We often hear that question and i believe we will add it to our FAQ soon.
UCEPROTECT's Level 2 and 3 are nothing than pure mathematics based on LEVEL 1.
That is the reason why exceptions are not possible.
If you expressdelist an allocation which is listed at Level 2 then in fact
all Level 1 listings inside that allocation will be removed resulting in Level
2 is no longer triggered.
If you expressdelist an AS which got listed at Level 3 then all Level 1
listings under that ASN will be removed resulting in Level 2 and Level 3 are no
longer triggered.
I hope you are not asking this because your netrange is in Level 2 or your
providers ASN is in Level 3.
I can't say that often enough:
If the problems in an netrange or ASN are not fixed, expressdelisting is a pure
waste of money, because that range or ASN might get listed again within a
short timeframe as new abuse becomes known and Level 1 listings are growing
over Level 2 or Level 3 trashcounters.
So expressdelisting is not the solution, but stopping spam is.
--
Claus von Wolfhausen
UCEPROTECT-Projektleitung
http://www.uceprotect.net
bhmai...@gmail.com
We are blakclisted by UCEPROTECT. The website states that to isolate
spam traps, you can
Grep the logs (last 8 days) on your server for following expression:
”Access denied and blocklisted”
We just did that and didn't find any bounce messages containing this.
Do you have any suggestions what to do in such case?
THanks for any help.
E-Mail Sent to this address will be added to the BlackLists
> We are blakclisted by UCEPROTECT.
What IPs / CIDR / ASN ?
UCEprotect says AS20374 , 216.205.224.0/19 has zero IPs listed.
However I do see a history of e.g. 216.205.224.10
getting listed by several DNSbls in the past.
> The website states that to isolate spam traps, you can
> Grep the logs (last 8 days) on your server for following
> expression: ”Access denied and blocklisted”
In the past, UCEprotect spamtrap hits seem easy
enough to find, when I look for them.
e.g. 550 UCEPROTECT-Policy Server decided: 550 (V#.#-EXPO-####)
...
You hit a Spamtrap.
Counter to blacklisting increase for your IP.
421 Service not available, closing transmission channel
...
We have no user with that account here.
No PTR (Reverse-DNS) is assigned to your IP.
Welcome to UCEPROTECT-Level 1.
...
We have no user with that account here.
Your IP was detected to be a Dialup.
Welcome to UCEPROTECT-Level 1.
> We just did that and didn't find any bounce messages
> containing this.
> Do you have any suggestions what to do in such case?
Perhaps rejects, not bounces?
Perhaps your mail server is not the process hitting
UCEprotect spamtraps, rather a rogue process,
or other node through the same NAT?
Oh, look at that (seem so):
<http://cbl.abuseat.org/lookup.cgi?ip=216.205.224.10>
2009-03-20 16:00 GMT rustock spamBOT
high volume spam sending trojan - it is participating
or facilitating a botnet sending spam or spreading
virus/spam trojans.
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.