Jump to content

paulp

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About paulp

  • Rank
    Member
  1. paulp

    Empty spam from cesmail.net?

    Thanks for you answer! I'll check the logs on monday when I'm back in the office.
  2. paulp

    Empty spam from cesmail.net?

    Not enough data provided? What else can I provide? I get empty mails from cesmail.net. The only thing that "arrives" here is the header, which I have added. A tracking URL? As far as I understand an empty mail cannot be reported to Spamcop.
  3. I've been receiving them for many months, but now they are more and more often: empty mails from cesmail.net E.g.: Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49]) by esperanto.be with ESMTP (Mailtraq/2.12.1.2362) id ESPR80EAC70A for xxx[at]esperanto.be; Thu, 05 Jun 2008 10:30:40 +0200 Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217]) by c60.cesmail.net with SMTP; 05 Jun 2008 04:30:39 -0400 Received: (qmail 3823 invoked by uid 1010); 5 Jun 2008 08:30:39 -0000 I assume cesmail = spamcop. So is some spamcop-bot badly configured?
  4. paulp

    "Bounce" to Spamcop spamtrap

    Thanks for all you ideas. I'll have to find out how to turn off this thing, and the help forum of my MTA Mailtraq is rather silent at the moment ...
  5. paulp

    "Bounce" to Spamcop spamtrap

    Yes, that's precisely what happened here: The receiving Mail Transfer Agent returns an SMTP reject code to the sending MTA that the email was not accepted. The sending MTA creates a separate email to send to the originator,
  6. Hello, our domain 195.144.83.8 has been listed in bl.spamcop.net (127.0.0.2). I wrote to the deputies in order to find out what has happened and they sent me a copy of the offending mail. This helped me to search the logs and find what has happened: A spammer, using a Spamcop spamtrap address as a fake sender address, sends 10 mails to our domain. 7 of them are sent to non existing addresses and they are refused immediately, without a bounce message. 3 of them are sent to legitimate addresses and are delivered. One of these three users has installed a forwarding to his home address. When the spam mail reaches the mail server of his home address, this server refuses, and sends a 554 message with the text "Mail contains a URL listed on www.surbl.org" to my mail server 195.144.83.8. This mail server notifies the sender (= the spamtrap) of the non delivery, and our domain gets on the blacklist. The Spamcop deputy does not want to delist us, because "this is accept-and-bounce and accept-and-bounce is bad". Is this really an accept-and-bounce case? What do you do if a mail gets refused before delivery? The sender somehow has to know that his mail was refused. Most practically it would be to notify the sender only if it is a known account, but in my mail server program (Mailtraq) I cannot find a way to do this. Any thoughts? Thanks!
  7. paulp

    Can router be source of spam?

    By the way, this spammer, using our mailserver, has sent spams also to our own spamtraps, giving such Spamcop-reports: << 0: Received: from 87-248-177-148.starnet.md ( [10.1.1.254]) by xxx.be with ESMTP (Mailtraq/2.6.1.1688) id ESPR7EDA3F68 for pault[at]xxx.be; Wed, 14 May 2008 10:55:47 +0200 Internal handoff at xxx.be error:Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam error:No IP found>>
  8. paulp

    Can router be source of spam?

    Thanks. We've just decided to install a new router with more configuring facilities. This could be part of the problem. Anyway, the spam flood has ceased now. This could mean the spammer went to another server. But I want to make sure that he, or his esteemed colleagues, can't come back. Your tips and those of Wazoo helped me a lot in "configuring" my thoughts! Mailtraq, version 2.6.1.1688. It has been working fine without any intrusion for many years. So I cannot complaint ...
  9. paulp

    Can router be source of spam?

    Thanks for trying to help me out! No. Only one Received line, looking like this: Received: from msg-g09pmirpcam ( [10.1.1.254]) by xxx.be with ESMTP (Mailtraq/2.6.1.1688) id ESPR7E87E5A6; Sat, 10 May 2008 23:21:35 +0200 Yes, rather complicated password set, and it is still intact. Router is Sitecom 54G, firmware 1.45 I've checked the configuration, and noticed nothing unusual. It is both. The wireless part has WPA-PSK. No, all clients have fixed IP. There is a small range of dynamic IP addresses, but in order to connect the MAC address of the computers should be entered in the router. Are being checked again, with no "luck" so far ...
  10. My mailserver suddenly had 22000 mails in its outbox. I uncoupled it immediately from the Internet, deleted the 22000 mails and connected to the Internet again. A few seconds later there were again some 100 spams in my outbox. Every spam has the following received line: Received: from chiwan[at]xxx.be ( [10.1.1.254]) 10.1.1.254 is the IP of my router. Could somebody explain what is happening? As far as I can see my mailserver is not an open relay. The mailserver has been checked for viruses, malware etc, but nothing found.
×