Jump to content

vidarh

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About vidarh

  • Rank
    Newbie
  1. I knew they wouldn't send out much details, but no reports at all? Oh well. In any case, according to the summary report there were user reports as well, and we haven't see those either and I know my ISP has forwarded those in the past. Hopefully there is a way... I've raised this with both our account manager and our ISPs support/abuse team but I'm not holding my breath about getting them to react. Thanks anyway.
  2. Thank you for the reply, but please see the first paragraph I wrote. I am fully aware of this. I did find the "infection" (actually it was a stupid user with an insecure password that had been guessed) after it was blocked again this morning. As I said in my original message, I have already signed up for the summary reports. My question is about the full reports, to make it easier for me to respond and identify the source quickly. I've read that link, and it only covers the summary reports. Thanks anyway.
  3. Yesterday I discovered one of our hosts was in the SCBL. I looked things over, and thought we'd eliminated the source, and requested delisting. But this morning it was listed again, and with some more work I uncovered a compromised user account that was being used to send spam. Killed the processes, and I'm in the process of wiping everything clean, and I've amped up our logging of mail activity on our firewall. (The ip address is 195.224.183.208) However, I'm wondering what I can do to ensure I receive reports in the future? In the past our ISP has forwarded reports as they've received them, with suitably ominous language about "taking it very seriously", but recently they seem to have gotten quite useless at this. We've heard nothing about this most recent block, for example, despite the summary report listing 1695 spamtrap hits. I'm not happy about that, and we're requesting an explanation for why they've not passed anything on. And as much as I'd love to change colo (not *just* because of this, but it's part of a pattern), that's not a quick process... Our /29 is registered to them, and so I assume that's why we've not seen any reports even though the IP in question in this case reverse maps to our domain name. Is there a general way of requesting full reports even if the net block is not registered to us? (sorry if this is in the faq's - I couldn't find it) I receive summary reports now, but the full reports would make it much faster for us to track down the exact source. If there's no general way, is there anyone I can talk to who could help with this? I'm of course happy to provide full details. Thanks in advance.
×