Spamcop listed - need help to diagnose why

[Robert Slade]

On Sat, 2006-01-07 at 05:45, David Banning wrote:
> My server just was listed with Spamcop.  Before I exercise my -one time-
> option to de-list it I need to verify that indeed my server is not sending
> spam. I have 3 win boxes routing through my FreeBSD box.
> 
> Also there are a few windows computers in the outside world that send
> mail through my server via port 26 using their login and password.
> 
> I know it is possible for viruses to install a stand-alone smtp server
> on win boxes. That is one suspicion I have.
> 
> My question;
> What tool would I use to see if unauthorized mail is being sent via
> my server? Note that I am running tmda, so that I have around 80 emails per
> minute being sent out; to request verification on my standard incoming
> mail, (therefore it is too complicated to just watch -all- mail being
> sent out, and try and decode legitimate from illegitimate).

There is your problem TMDA is most likely the cause. Such programmes are
in effect adding to the spam problem. Nearly all spam has a forged from
address and all programmes such as TMDA do is send a challenge to an
innocent 3rd party. Whist it looks like it reduces your spam all you do
is in effect spam someone else. When your e-mail address has been used
in a spam run by a spammer and you start getting 10s of these challenge
an hour it is quite easy to report 1 my accident. If you look at the
Spamcop reporting page you will see a warning about just this situation.

I suppose that the real answer is to stop compounding the spam problem
and use a combination of spamassassin and block lists.

BTW I make it a point never to respond to challenges.

Rob