calande Posted February 13, 2006 Share Posted February 13, 2006 Hello, my IP address has once more been added to the Spamcop BL... I contacted my web hosting company and here's their reply: "Spamcop has been contacted and will be removing the listing in about 13 hours. To avoid relisting, please contact spamcop and get on a feedback loop so that you can monitor spam reports about your server. Doing so can help you locate and eliminate spam issues before they get large enough to warrant blacklisting." I need to find out who is sending spam on my server. How could I do that? Thanks, Link to comment Share on other sites More sharing options...
Jeff G. Posted February 13, 2006 Share Posted February 13, 2006 Welcome! I need to find out who is sending spam on my server. How could I do that?40409[/snapback] Please see How can I get SpamCop reports about my network?. Thank you for wanting to find out who is sending spam on your network. Also, if you post the IP Address of the server, you can find out where the reports have been going. Link to comment Share on other sites More sharing options...
turetzsr Posted February 13, 2006 Share Posted February 13, 2006 Hi, calande! <snip> I need to find out who is sending spam on my server. How could I do that? 40409[/snapback] ...SpamCop reports (except for spam that goes to spam Traps) are sent to the registered Abuse address for the IP address that is seen as the source of the spam. To know who that is, we would need to know the IP address in question. You can do it by navigating to the SpamCop F A Q (see link near top of page) entry, clicking the link labeled "SpamCop Blocking List - Am I listed?" then pasting the blocked IP address into the text box next to the button labeled "Numeric IP address" and clicking the button, then clicking the link labeled "Trace IP." ...Other possibly relevant information in the SpamCop F A Q are: How can I get SpamCop reports about my network? How do I register an abuse[at] email address? Link to comment Share on other sites More sharing options...
calande Posted February 13, 2006 Author Share Posted February 13, 2006 Thank you guys, my IP is 70.85.206.50. I created an account but I don't understand what each option is used for. What I'd like to do is find out who is using my IP address to send spam. I want to stop this person. Thanks. Link to comment Share on other sites More sharing options...
Telarin Posted February 13, 2006 Share Posted February 13, 2006 Thank you guys, my IP is 70.85.206.50. I created an account but I don't understand what each option is used for. What I'd like to do is find out who is using my IP address to send spam. I want to stop this person. Thanks. 40420[/snapback] Pulling a report for that IP address, it looks like your listing is caused by spam trap hits. 70.85.206.50 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 10 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Automatic delisting If you are the administrator of aura.auriance.net and you are sure it will not be the subject of any more reports of spam, you may cause the system to be delisted without waiting for us to review the issue. The most common cause of this is having your mailserver misconfigured so that it sends NDRs to the envelope sender of undeliverable mail, rather than rejecting them during the SMTP session with a 500 series error message. If you contact deputies[at]spamcop.net, and provide them with proof that you are the administrator of this IP address, they can most likely provide you with the subjects of the email in question, so we can see if that is indeed the problem. Link to comment Share on other sites More sharing options...
Jeff G. Posted February 13, 2006 Share Posted February 13, 2006 Some PSBL spamtrap evidence (three spam email messages sent to PSBL spamtraps) is available at http://psbl.surriel.com/evidence?ip=70.85....=Check+evidence via http://psbl.surriel.com/listing?ip=70.85.206.50 . Link to comment Share on other sites More sharing options...
Telarin Posted February 13, 2006 Share Posted February 13, 2006 Some PSBL spamtrap evidence (three spam email messages sent to PSBL spamtraps) is available at http://psbl.surriel.com/evidence?ip=70.85....=Check+evidence via http://psbl.surriel.com/listing?ip=70.85.206.50 . 40423[/snapback] Oh yeah, thats definitely spam of the spammiest kind. Could be a number of things. Just looking at the headers however, and seeing that the mail has an envelope sender of nobody[at]aura.auriance.net, which is the correct domain name for the server in question, makes me suspect two possibilities. Either you have an unsecured form to mail scri_pt on this server that a spammer is abusing, that is configured to always use the from address of nobody[at]aura.auriance.net, or your server is configured to blindly relay email for anyone who claims is is from the aura.auriance.net domain name. I would start by checking your form to mail scripts if you use any, and insure that the to: address is hard coded, and not passed using a hidden form field or something easily changed by a bot. Next I would check the configuration of your mail server, and make sure that if you must allow relaying, that you require authentication, and that all accounts that are allowed to relay have strong passwords on them. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.