Doing expressdelistings before fixing the problem is *NEVER* a good idea,
so you are possible still at risk to join Level 1 again.
I strongly recommend to fix the problem in first place.
Searching for reports 207.65.84.139 in expressdelisted IP's i got following:
20.04.2008 - 08:58 reported by trapserver # 124 (V4.04-RULE-0507)
20.04.2008 - 22:20 reported by trapserver # 124 (V4.04-RULE-0506)
22.04.2008 - 09:34 reported by trapserver # 124 (V4.04-RULE-0506)
Timezone of reports is Germany.
V4.04 = Trapserver is running UCEPROTECT's latest final release.
In release 4.04 the matching rules have following meaning:
RULE-507 = Spamtrap hit from an very suspect IP. (Had earlier listings here)
RULE-506 = Spamtrap hit from an IP having an RBLSCORE higher than 99.
Because you said you don't have your logs i did request the logs from the admin
running trapserver 124:
ISSUE 1:
Apr 20 08:58:22 trapserver smtpd[29896]: External client 207.65.84.139 has
opened a new session...
Apr 20 08:58:24 trapserver smtpd[29896]: REQUEST: IP="207.65.84.139"
PTR="
mail.acuitymarketing.com" HELO="
mail.acuitymarketing.com"
FROM="online.security@
natwest.com" RCPT="hidden1@trapdomain" RBLS="0" R
HSS="0"
Apr 20 08:58:24 trapserver smtpd[29896]: DECISION: 999 (V4.04-RULE-0507) You
are very suspect to be a spammer here.
Apr 20 08:58:24 trapserver smtpd[29896]: Hasta la vista 207.65.84.139 :-)
ISSUE 2:
Apr 20 22:20:36 trapserver smtpd[4983]: External client 207.65.84.139 has
opened a new session...
Apr 20 22:20:37 trapserver smtpd[4983]: 207.65.84.139 is LISTED on:
dnsbl-1.uceprotect.net. Scored: 250 Points
Apr 20 22:20:40 trapserver smtpd[4983]: REQUEST: IP="207.65.84.139"
PTR="
mail.acuitymarketing.com" HELO="
mail.acuitymarketing.com"
FROM="online.security@
natwest.com" RCPT="hidden2@trapdomain" RBLS="250"
RHSS="0"
Apr 20 22:20:40 trapserver smtpd[4983]: DECISION: 999 (V4.04-RULE-0506) Your IP
is known for Mailabuse on the net. See:
http://www.blacklistalert.org/?q=207.65.84.139
Apr 20 22:20:40 trapserver smtpd[4983]: Hasta la vista 207.65.84.139 :-)
ISSUE 3:
Apr 22 09:34:25 trapserver smtpd[2674]: External client 207.65.84.139 has
opened a new session...
Apr 22 09:34:26 trapserver smtpd[2674]: 207.65.84.139 is LISTED on:
dnsbl-1.uceprotect.net. Scored: 250 Points
Apr 22 09:34:34 trapserver smtpd[2674]: REQUEST: IP="207.65.84.139"
PTR="
mail.acuitymarketing.com" HELO="
mail.acuitymarketing.com"
FROM="online.security@
natwest.com" RCPT="hidden3@trapdomain" RBLS="250"
RHSS="0"
Apr 22 09:34:34 trapserver smtpd[2674]: DECISION: 999 (V4.04-RULE-0506) Your IP
is known for Mailabuse on the net. See:
http://www.blacklistalert.org/?q=207.65.84.139
Apr 22 09:34:34 trapserver smtpd[2674]: Hasta la vista 207.65.84.139 :-)
If you still have questions feel free to mail my unmodified reply-address.
--
Claus von Wolfhausen
UCEPROTECT-Projektleitung
http://www.uceprotect.net
