Once again.
It seems uceprotect has some feedback-mechanism, where an email to a nonexistant address can automatically get the sending server added to a blacklist. See http://www.uceprotect.net/en/index.php?m=3&s=0
Pity that this also affects addresses which are not existant anymore, and double the pity that people of course keep mailing to those, or do not deinstall their mailforwards.
But the best things is the following. The users and their respective domains have been anonymized, however, the IPs and ISPs NOT.
Aug 21 08:40:09 10.0.2.1 exim-mxin[95536]: 2008-08-21 08:40:09 1KW3q5-000Oqu-6m <= user@some-domain.ch H=(mailgate1.webhost4u.ch) [193.138.29.15] P=esmtp S=13147 id=000f01c90358$bfd51cf0$2c01a8c0@user.local
user@some-domain.ch sends a mail. His webhoster seemingly reports to uceprotect.
Aug 21 08:40:11 10.0.2.15 exim-dist[48224]: 2008-08-21 08:40:11 1KW3q5-000CXo-Dy <= user@some-domain.ch H=(mxin001.mail.hostpoint.ch) [10.0.2.1] P=esmtp S=13618 id=000f01c90358$bfd51cf0$2c01a8c0@user.local Aug 21 08:40:11 10.0.2.15 exim-dist[48239]: 2008-08-21 08:40:11 1KW3q5-000CXo-Dy => otheruser@some-other-domain.ch R=local_delivery_router T=local_delivery S=13708 QT=2s DT=0s Aug 21 08:40:12 10.0.2.15 exim-dist[48239]: 2008-08-21 08:40:12 1KW3q5-000CXo-Dy => otheruser otheruser@some-other-domain.ch R=autoresponder T=autoresponder S=13684 QT=3s DT=1s Aug 21 08:40:12 10.0.2.15 exim-dist[48239]: 2008-08-21 08:40:12 1KW3q5-000CXo-Dy Completed
The mail arrives at otheruser@some-other-domain.ch. This otheruser uses an autoresponder which sends a mail back to user@some-domain.ch.
Aug 21 08:40:12 10.0.2.16 exim-mxout[21209]: 2008-08-21 08:40:12 1KW3q8-0005W5-GD <= <> H=(dist004.mail.hostpoint.ch) [10.0.2.15] P=esmtp S=1064 Aug 21 08:40:13 10.0.2.16 exim-mxout[21210]: 2008-08-21 08:40:13 1KW3q8-0005W5-GD ** user@some-domain.ch R=smtp_router T=remote_smtp: SMTP error from remote mail server after RCPT TO:user@some-domain.ch: host mailgate1.webhost4u.ch [193.138.29.15]: 571 Access denied and blocklisted: 990 (V4.07-RULE-0901) Sorry your IP is blacklisted at http://www.backscatterer.org/?ip=217.26.49.182
Sadly, user@some-domain.ch doesn't really exist, so the mailserver of otheruser@some-other-domain.ch gets into the uceprotect blacklist.
The point of this is of course, that EVERY ISP which has some customer which uses autoreply can be blacklisted. This is very bad.
Cheers Seegras