Jump to content

mmarklew

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mmarklew

  • Rank
    Member
  1. Just checked and the hostname doesnt reverse to bishop its localhost in the /etc/hosts file. Must be something that either amavis or postfix is doing.. thanks.
  2. Wazoo's previous comment about us getting listed for forwarded e-mail was correct but I didnt quite understand what he ment. Turns out one of my customers was forwarding e-mail to a spamcop account (I even do this) and the parser was making a mistake with the forwarding via my anti-virus system. Means it was listing my ISP for the e-mail by mistake. The deputy fixed it but I need to clean up the message routing to prevent this type of thing happening again. I have been using the amavis anti virus for almost a year, but there must be something I have done wrong in its configuration. Anyone seen this type of problem before and know how to fix the headers for amavis + postfix? Thanks for everyones help.
  3. I have a paid spamcop e-mail account. I am happy to even pay for a reporting account if I can get the info I need. Believe me I see the need for the Spamcop service I am as committed as you at stopping spam. I have read loads of FAQ's and stuff but can find this out. There is a lot of info though. Can you point me to the right docs please?
  4. That is a good point and worth checking. Its a Linux server with postfix, I guess its possible it has been compromised. Just checked my netflow records and nothing going external from that IP. You had me worried for a second there. Sorry to harp and thank you for your help, but I still do not know why I am blocked. Everyone has been helpful to give me records of spam my server sent but nothing in these posts allows me to track it back to my server and the originating user. I check the time stamps and there was nothing at the time I could see to be the message in question (my time is in sync). Can I gain access to more of the header? I need the bit that shows the sent from/to or the message ID from my server so I can search my logs.
  5. I'll put my mail server on another subnet that I have access to the whois e-mail address or is there another way to change the reporting address? (I cant access the whois due to a APNIC policy with old registered class C's) It would have been before, I only switched it 40 hours or so ago. I fixed the DNS, but am I correct the only error is to do with the virus scanning on outgoing e-mail? I will remove this service. Lots? Other then the anti virus and the dns for 203.33.254.150, am I reading this wrong?
  6. Are you able to give me the full headers for one or some of these messages by any chance? I honostly have spent many hours (like 4 days up until midnight) trying to figure out where it is coming from. I like nothing more then to disconnect a user who is sending spam , kind of like disconnecting an ISP that sends spam I suppose
  7. Yes, the mail definatly goes via the smart host and then is sent to the Internet. My bad, thought that was the address reporting the spam (please see my last post, we really need a chat line instead of a discussion board.. and thanks for you quick help) My comment was a litte toung in cheek. I get self proclamed network admin's calling for support ever day that don't even know how to forward a port.
  8. Ahh.. Should I feel stupid now? So you are saying the reports where sent to c9514955[at]alinga.newcastle.edu.au, not that the spam was reported by this address? I cant change the whois lookup as I registered that subnet some 12 years ago and unless I start paying APNIC they wont update records. Any way to get notifications to go to a different address? Do you have any details of the actual message headers so I can track it within my network. I really want to know how I can miss so many in my logs. Still doesn't answer the question as to why I am getting re-listed when that sever does not send e-mail directly. Any more help please?
  9. Yes.. But it doesnt send any e-mail directly. It relays via another host. I do not send e-mail to c9514955[at]newcastle.edu.au it's my personal old UNI account. They forward my e-mail to my ISP that I happen to own.. They forward to 203.33.254.150 not the other way around. I just logged into their webmail admin and turned off the forwarding. BUT there must be an issue somewhere, what if one of my customers did this. I know you get a lot of noobs posting crap, and at the risk of sounding like I don't know what I am doing let me say that I do know what I am doing and I am an ISP admin of some 10 years.
  10. Missed my post Yes, My spam assassin works like mad filtering all the crap generated from that account. Again its sent to my mail server not the other way around.. c9514955[at]newcastle.edu.au forwards to 203.33.254.150.
  11. That is my personal old uni e-mail address that forwards to my ISP account. My mail server 203.33.254.150 does not send that e-mail out it recieves it from the newcastle uni. Is there something wrong with spam cop? PS: I can't believe I put my e-mail as the login and I can't figure out where to change it. Anyone know?
  12. Thats me, been staring at those pages for many hours now I added a smart host yesterday to relay all the messages via a different machine. Logs show the messages all going to the remote machine and recieved on the other end to. It doesn't track messages via a relay does it? Or how updated is it?
  13. IP: 203.33.254.150 After first been listed last week I started examining my mail logs in detail trying to find the customer responsible. I managed to stop a couple of customers sending non-deliverable reports but we are only talking like 5 messages a day out of some 10,000 we send. After continual re-listing over the weekend, many late nights examining logs, writing filters and attempts to contact Spamcop for more information I gave up and changed the IP of my mail server yesterday morning some 30hours + ago. I really didn't want to do this as if there is a problem I would like to fix it. The new IP hasn't been listed yet. But the old IP has been relisted since I stopped it sending any e-mail? How is this possible, am I missing something? The spamcop site doesn't really give any details of the reason for listing, other then the obvious.
×