Jump to content

jmann

Members
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by jmann

  1. Hi folks. I'm the admin for the mail server on 194.117.129.35. This server is currently listed on bl.spamcop.net. We are an ISP, and the server in question is an outgoing mail relay for the use of our business customers. It is restricted to relaying for the IP ranges that we assign to those customers only. We DO have a no-spam policy. Unfortunately, from time to time, we get a customer who is either deliberately sending spam through the relay in defiance of our policy, or unknowingly has an insecure mail server themselves, and has it set to use our relay as a smart host. In such cases, our standard course of action is to immediately block the offending customer from using the relay and then contact them to inform them of what is happening. Only after they have told us that they have secured their mail server do we lift the block on the relay server. I would like to do that in this case, but I don't have enough information to proceed. To identify the customer, I need to see all the Received: headers of the spam message so that I can identify the IP address that sent the mail to our relay. However, the listing on spamcop only shows a small portion of the headers of the offending mail, with much of the information masked out. I'm stuck now. I'm unable to identify the abuser of our relay, and thus I'm unable to stop them. I DO want to act responsibly here and prevent this spam from being sent. Can anyone suggest what I should do? Thanks. Jason Mann
  2. I'll say this much: The customer in question was one of those who had an insecure mail server without realising it. The spam originated from a 3rd party outside their network. The customer was notified and they have corrected the configuration of their mail server. I have just now carried out an open-relay check on their server, and it seems to be ok, so we have already unblocked them from using our relay. I shall be keeping a close eye on them though, and they will be blocked instantly if I see any more spam.
  3. Unfortunately, I can't say. I'd probably get in serious trouble with my employer.
  4. I've just searched through the queue for more mails with the string "NEILSONS" in it, and found quite a few. I have now blocked the sending IP address and will delete any already-queued mails. Hopefully the spam will stop and we can be unlisted in 48 hours. Thanks for your help. Jason
  5. Thank you all for your replies. I'm using qmail, and subject lines are not included in the logs. STJOHNS.NEILSONS.CO.UK doesn't resolve to anything. Still stuck.
×