Outernaut 0 Posted March 27 All very generic old-style Viagra, Fat Burners, free energy scams, sunglasses - the usual stuff flogged by affiliates whose owners don't care how their product get's out, so long as they make a $ are inundating one email address. I have reported the IPs to SpamCop for 2 weeks now. The IP is always the same except last octet goes up or down a number or 2. But they are still coming, and I WAS still adding them, today I think about 20 of them before I decided I need some time for myself. I tested and pasted the full IP of several of those bits of wasted time into https://whatismyipaddress.com/blacklist-check and they all come out by SpamCop as being A-OK. I can't be the only one that gets these. So, how is SpamCop a good thing? I've been manually posting the messages here , then copying the IP and going to my mail server and adding them in to Global Email Filters, which has decided that it no longer likes the asterisk in addresses (170.130.207.*) and does nothing about blocking them. My own ISP, not affiliated with my other mail server, has decided not to use SBLs and insists customer can take the time to dig out the headers and paste it into a email to the ISP. I did this, and 2 weeks later received a email saying the spam was too old. They tell me they have their own "team" now reviewing copies sent to them. I think that support fella is too stoned. I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them? ~o~ Share this post Link to post Share on other sites
gnarlymarley 0 Posted March 27 9 hours ago, Outernaut said: I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them? I believe the option you are looking for is RBL check (realtime blacklist). This is also known as dnsbl. Share this post Link to post Share on other sites
KNERD 0 Posted April 1 At this point, I just do not believe in those block lists anymore. I feel the spamcop one is too light on reports (many offenders never even get on the list), and some others are too heavy (never forgets). I also feel some lists are compromised. One of them is SORBS. When I was using it, and making reports to spamcop, I would see the offender on the SORBS block list, but still making it into my inbox. Then one day I was wondering why I stopped getting legitimate emails from reputable big companies, I looked in the maillog to see they were being blocked by SORBS. I think the best thing to do if you are running your own email server, is to get a full blown server, and block the IP addresses yourself when you keep seeing spam coming from the same provider after sending many reports. A week ago, I had to rebuild my email server. On that IP address block was the massive IP range of EONIX.net. I have not blocked their IP addresses yet, as I seem to be no longer getting any more spam from that provider. Share this post Link to post Share on other sites
gnarlymarley 0 Posted April 1 1 hour ago, KNERD said: At this point, I just do not believe in those block lists anymore. This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin. The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one. Share this post Link to post Share on other sites
KNERD 0 Posted April 1 That sounds like a good plan Share this post Link to post Share on other sites
Outernaut 0 Posted April 4 On 4/1/2021 at 10:53 AM, gnarlymarley said: This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin. The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one. I use spammassassin. Trouble is, even set at 2.5, so much crud still gets through - same spam, same IP. So I also use "Global Email Filters" and toss IP addresses in there. I don't care if I forget to check and remove them the list. Most come from Google, or passed through Outlook, or via OVH. That's a manual task I'd rather get rid of, each domain has it's own cPanel, so what I add is not system-wide through all my clients. Ergo, my question about SBL > RBLs. Now I've come across extortion without a IP. Separate post on that. Oh well, the battle goes on. ~o~ Share this post Link to post Share on other sites