One of our users reported an email in the spam folder as an error, saying that it was a subscribed to newsletter about Japan tourism. Full header here;
Wed 2013-06-19 04:27:06: [4181:459] Accepting SMTP connection from [203.191.244.137]
Wed 2013-06-19 04:27:06: [4181:459] Looking up PTR record for 203.191.244.137 (137.244.191.203.IN-ADDR.ARPA)
Wed 2013-06-19 04:27:06: [4181:459] D=137.128-26.244.191.203.IN-ADDR.ARPA TTL=(59) PTR=[mail3-5.webcas.net]
Wed 2013-06-19 04:27:06: [4181:459] Gathering A-records for PTR hosts
Wed 2013-06-19 04:27:06: [4181:459] D=mail3-5.webcas.net TTL=(60) A=[203.191.244.137]
Wed 2013-06-19 04:27:06: [4181:459] --> 220-ns7.methusalah.com ESMTP MDaemon 6.7.9; Wed, 19 Jun 2013 04:27:06 -0500
Wed 2013-06-19 04:27:06: [4181:459] -->
Wed 2013-06-19 04:27:07: [4181:459] <-- EHLO wcasp3-efmta2.webcas.net
Wed 2013-06-19 04:27:07: [4181:459] Performing reverse lookup on wcasp3-efmta2.webcas.net (looking for 203.191.244.137)
Wed 2013-06-19 04:27:07: [4181:459] Name server reports domain name unknown.
Wed 2013-06-19 04:27:07: [4181:459] --> 250-ns7.methusalah.com Hello mail3-5.webcas.net (may be forged), pleased to meet you
Wed 2013-06-19 04:27:07: [4181:459] --> 250-ETRN
Wed 2013-06-19 04:27:07: [4181:459] --> 250-AUTH=LOGIN
Wed 2013-06-19 04:27:07: [4181:459] --> 250-AUTH LOGIN CRAM-MD5
Wed 2013-06-19 04:27:07: [4181:459] --> 250-8BITMIME
Wed 2013-06-19 04:27:07: [4181:459] --> 250 SIZE 0
Wed 2013-06-19 04:27:07: [4181:459] <-- MAIL FROM:<errmailxxx @ mail3.webcas.net> SIZE=11707
Wed 2013-06-19 04:27:07: [4181:459] Performing reverse lookup on mail3.webcas.net (looking for 203.191.244.137)
Wed 2013-06-19 04:27:07: [4181:459] D=mail3.webcas.net TTL=(60) A=[203.191.244.132]
Wed 2013-06-19 04:27:08: [4181:459] P=010 D=mail3.webcas.net TTL=(60) MX=[mail3.webcas.net] {203.191.244.132}
Wed 2013-06-19 04:27:08: [4181:459] Spam Blocker A-record resolution of [137.244.191.203.L2.APEWS.ORG] in progress (DNS Server: 192.168.1.3)...
Wed 2013-06-19 04:27:08: [4181:459] L2.APEWS.ORG LISTED
Wed 2013-06-19 04:27:08: [4181:459] Message will be accepted and X-RBL-Warning: header will be inserted.
Wed 2013-06-19 04:27:08: [4181:459] --> 250 <errmailxxx @ mail3.webcas.net>, Sender ok
Wed 2013-06-19 04:27:08: [4181:459] <-- RCPT TO:<xxx@xxx.xxx>
Wed 2013-06-19 04:27:08: [4181:459] --> 250 <xxx@xxx.xxx>, Recipient ok
Wed 2013-06-19 04:27:08: [4181:459] <-- DATA
Wed 2013-06-19 04:27:08: [4181:459] --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2013-06-19 04:27:09: [4181:459] --> 250 Ok, message saved <Message-ID: xxx.newsletter @ japantravelinfo.com>
Wed 2013-06-19 04:27:09: [4181:459] <-- QUIT
Wed 2013-06-19 04:27:09: [4181:459] --> 221 See ya in cyberspace
Wed 2013-06-19 04:27:09: [4181:459] SMTP session successful, 11682 bytes transferred.
Wed 2013-06-19 04:27:09: [4181:459] Shuffling message(s) into proper queue(s)
Wed 2013-06-19 04:27:09: [4181:459] Message received from wcasp3-efmta2.webcas.net [203.191.244.137] <errmail4-03@mail3.webcas.net> with SMTP for <xxx@xxx.xxx> [Size 11671] {j:\localq\7000002893.msg}
CASE: C-1403 Please remove us from your blacklist.
ReplyDeleteHello,
ReplyDeleteWe just bought a new IP address and it is not blacklisted anywhere except on Apews.org. We are looking for it to be removed. But we found nothing to contact them. The IP was blacklisted on 24 dec 2010, and we bought it yesterday (1 jul 2013). We have a proof, we can show our bill. Please if you have a solution, answer this post.
The IP is 178.32.42.143
Good afternoon, please remove us from the blacklist of L2.APEWS.ORG
ReplyDeleteMy case is:
Oooops 190.223.54.20 is currently listed in APEWS :-(
Entry matching your Query: E-608003
190.223.48.0/20
CASE: C-14
Spambots, zombies, contaminated CIDR, bad reputation provider
Hello,
ReplyDeleteWe have detected that we are in our blacklist of l2.apenws.org, we would like who are the steps to follow, for remome us.
This is the IP adress: 77.227.53.170
Entry matching your Query: E-380079
77.227.0.0/16CASE: C-1010
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthostSpecial Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct email connection. You must use correctly configured [with registered working abuse contact] static IP / ISP mail servers / smarthost service
History:
Entry created 2009-02-19
Thank you very much.
Please remove our server IP address 210.3.137.108.
ReplyDeleteWe switch to IP at 4-July-2013, and then I found it listed in your Database.
Our email configured not to be an open relay. And we also check on user send out emails.
i APEWS Admins, please remove my IP address from your blacklist : 190.154.44.96/29
ReplyDeleteThanks!
The server was infected but has been maintained and the problem has been solved
Hi.
ReplyDeleteI have a Static ip for my job, I need send mails everyday to clients, but they can´t receive it for your blocklist. This is mi case.
Oooops 77.225.217.46 is currently listed in APEWS :-(
Entry matching your Query: E-455993
77.225.192.0/18
CASE: C-79
Spambots, zombies, contaminated CIDR, bad reputation provider
History:
Entry created 2011-02-03
Our mail server is listed in APEWS as part of a CIDR block:
ReplyDeleteEntry matching your Query: E-620607
176.58.121.0/24
CASE: C-46
Spammer / Scammer / Scanner / Zombie / other within this CIDR
History:
Entry created 2013-01-31
I was recommended to post here by the APEWS website, but I don't have permission to post anything except a comment.
It seems likely that we are collateral damage of this very old report. Our server is just one IP at Linode. Probably they took down the spammer quickly. I have no idea why this CIDR is listed. Please could you remove it?
Cheers, Chris.
hello there
ReplyDeletePlease remove our server IP address 200.72.191.75
our testresul is:
Oooops 200.72.191.75 is currently listed in APEWS :-(
--------------------------------------------------------------------------------
Entry matching your Query: E-608694
200.72.160.0/19
--------------------------------------------------------------------------------
CASE: C-14
Spambots, zombies, contaminated CIDR, bad reputation provider
thanks.. APEWS
Please, remove our IP 212.34.151.56 from your blacklist. We have just deleted the compromised email account that has used to send spam. Thanks in advance.
ReplyDeleteOooops 212.34.151.56 is currently listed in APEWS :-(
Entry matching your Query: E-590288
212.34.151.0/24
CASE: C-36
Spammer / Scammer / Scanner / Zombie / other within this CIDR
History:
Entry created 2012-07-24
Email headers
--===sep_99944_1373246281_sep==
Content-Type: message/rfc822
Content-Disposition: inline; filename="23207261.eml"
Return-Path:
Delivered-To: spam-cong-andrew_marc_greene@frankston.com@spam
Received: (qmail 97854 invoked by uid 127); 8 Jul 2013 01:06:47 -0000
Delivered-To: bobf-andrew_marc_greene@frankston.com
Received: (qmail 97851 invoked from network); 8 Jul 2013 01:06:47 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on leila.iecc.com
X-Spam-Flag: YES
X-Spam-Level: *********************************
X-Spam-Status: Yes, score=33.0 required=4.4 tests=ADVANCE_FEE_2_NEW_MONEY,
ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW,
ADVANCE_FEE_4_NEW_MONEY,AXB_XMAILER_MIMEOLE_OL_024C2,DCC_CHECK,
FORGED_MUA_OUTLOOK,FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,
FROM_MISSP_REPLYTO,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,LOTS_OF_MONEY,
MISSING_HEADERS,MISSING_MID,MONEY_FRAUD_3,MONEY_FRAUD_5,MONEY_FROM_MISSP,
NSL_RCVD_HELO_USER,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,
TO_NO_BRKTS_MSFT,T_FROM_MISSP_DKIM,T_HK_NAME_DR autolearn=unavailable
version=3.3.2
X-Spam-Report: * 2.2 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
* 2.7 NSL_RCVD_HELO_USER Received from HELO User
* 1.2 MISSING_HEADERS Missing To: header
* 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
* 0.1 MISSING_MID Missing Message-Id: header
* 0.0 LOTS_OF_MONEY Huge... sums of money
* 0.0 T_HK_NAME_DR T_HK_NAME_DR
* 1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
* 2.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
* 2.6 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
* 1.3 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
* 2.6 MONEY_FROM_MISSP Lots of money and misspaced From
* 1.8 FROM_MISSP_REPLYTO From misspaced, has Reply-To
* 0.0 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
* 1.9 FROM_MISSPACED From: missing whitespace
* 0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
* 1.7 FROM_MISSP_EH_MATCH From misspaced, matches envelope
* 0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
* 2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
* 1.1 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
* 2.6 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
* 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
* 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
* 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
* 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
* 3.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Authentication-Results: iecc.com; spf=none spf.mailfrom=info@aristia.es spf.helo=camara.ran.es
Received: from camara.ran.es (mail.comunicamos.com [212.34.151.56]) by
mail1.iecc.com ([64.57.183.56]) with ESMTP via TCP port 35534/25 id
536560377; 08 Jul 2013 01:06:45 -0000
Received: from [178.63.199.33] (helo=User)by camara.ran.es with esmtpa (Exim
4.73)(envelope-from )id 1UvyyP-0004Pz-FN; Mon, 08 Jul 2013
02:06:35 +0200
Reply-To:
From: "Dr. John Fisher"
Subject: Information Regarding Your Funds, Pls Stop All contact with Fruadster
Date: Sun, 7 Jul 2013 17:01:15 -0700
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-DCC-iecc-Metrics: leila.iecc.com 1107; bulk Body=many Fuz1=many Fuz2=many
MIME-Version: 1.0
Please delist 24.120.126.203 and 24.120.126.204
ReplyDeleteThe 24.120.0.0/16 block may have been part of a dynamic range and one point but our ISP told us it is now being used for Static IPs only.
Entry matching your Query: E-287417
24.120.0.0/16
--------------------------------------------------------------------------------
CASE: C-1010
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthost
--------------------------------------------------------------------------------
Special Reason:
Dynamic IP, generic DNS, missing rDNS/PTR not permitted for direct email connection. You must use correctly configured [with registered working abuse contact] static IP / ISP mail servers / smarthost service
--------------------------------------------------------------------------------
History:
Entry created 2007-08-21
Dear APEWS Administrator,
ReplyDeletePionica Poland is a Polish company which is creating banking software and software as a service.
Some time ago, Pionica Poland has changed his ISP and got a new IP space, it is 79.188.148.0/29.
One of the ip's within this range is used for sending emails from mailboxes of our employees, it is 79.188.148.2 with revdns mail.pionica.com. The rest of ips are used fo other servers like svn, gateway, other services, and are not used for sneding emails.
Coul dyou please extract this subnet 79.188.148.0/29 to the separate record in APEWS DB and mark it as delisted?
Thank you in advance
Marcin Zawadzki.
Please delist 190.131.194.124 and 190.131.194.126
ReplyDeleteCASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated to bad reputation provider
or allocated but dynamic / generically named IPs,
or bogons, see www.cidr-report.org,
or orphaned IP / CIDR in routing table
What can I do to remove my IPs from your blacklist ?¿?
ReplyDeleteI appreciate very much your help, it is urgent !!!
Please remove IP Address 65.23.95.106 from your blacklist. They previously had a rDNS issue that was not resolving to the correct Domain name.
ReplyDeleteThis has since been addressed.
Hi APEWS Admins, please remove my IP address from your blacklist : 211.25.236.5
ReplyDeleteThanks!
Hi APEWS Admins, please remove my IP address from your blacklist : 200.26.171.163
ReplyDeleteThanks
Thanks!Oooops 200.26.171.163 is currently listed in APEWS :-(
Entry matching your Query: E-823160
200.26.171.0/24
CASE: C-1416
Spammer or scammer or scanner or zombie PC or other within this CIDR
History:
Entry created 2013-11-21
Hi,
ReplyDeletecan you please remove this IP which is lited in error: 37.153.96.60
re: case C-1416
mérci mes amis pour le fantastique article
ReplyDeletehttp://jeuxjeux99.blogspot.com/
العاب سيارات هنا سوف ستجدون تشكيلة مميزة من أروع و أفضل ما يوجد في العاب سيارات يمكنك اللعب مباشرة وبسهولة تامة بدون تحميل و مرحبا بالجميع في موقع العاب سيارات .