Jump to content

postmaster-Tim

Members
  • Posts

    8
  • Joined

  • Last visited

postmaster-Tim's Achievements

Newbie

Newbie (1/6)

0

Reputation

  1. Sorry if it seemed to be implied that you are a spammer with my wording I used. I was trying to point out that I have been contacted by spammers attempting to claim their emails are legit. I don't have to stop to think that they are not spammers, when the emails incoming from them (directly) are XXX/porn, falsified From/Reply addresses etc... etc.. etc.. As for "Would it not be better to shoot after asking the questions", there are two types of emails blocked by a mail server, spam and virus emails. The whole job behind administering a mail server is to put a stop to the inbound emails in question, and deal with the resolution afterwards. You wouldn't let it run rampant during the time you are "looking into it". So no, with false positives, I deal with resolving blocking complaints from legit sources after the block is put in place. A week going through log files? Wondering how in my previous post, it was even close to it sounding like that. The vacation comment and the "week worth of logs" comment are in two completely separate posts.
  2. Sorry about that, really. I was using "I" at the time, as I had no reason to bring my "co-worker" into the fray. Also, I find out all the sh** that happens when I get back from a week holiday. I keep the wheels in motion here, and when I'm gone, I come back to worse issues compared to this one. I'm sorry, but I get nothing but accolades from my customers on "You are doing a great job keeping spam out", and "What would we do without you". I'm placed in a position to make judgement calls on who or what I can block on the mail server. For the most part it provides better service to our customers, with the occasional situation like as you see here. A blocking like this happens once a year here, where a legitimate server is blocked, but normally goes without a hitch for removal if/when server owner provides evidence that they are sending legitimate emails. In this case, it was not that straight forward, as I monitored for legitimate emails in a week timeframe, and did not see the evidence to justify removing the IP blocking ASAP. And to be honest, this is not the first time I've had a spammer contact me directly to attempt being unblocked. I've played the game many times, and I will continue to act defensively in the beginning of a situation. Just doing my job here, which daily, is fighting spam to prevent it from our system, Brian's IP was one of those "once a year" hiccups that comes from doing this sort of work.
  3. 1. I didn't fully verify that it was not an open relay, ordb.org is only one of many websites to test open relay. I suspected it as an open relay at the time, which I fealt necessary to block whether long term or temporarily, to prevent incoming flood of spam. Where in my first message, did I: A. Indicate that my post to Spamcop was a complaint? B. State/admit that it was not originating from your server? (putting words in my mouth now) 2. Block removed by co-worker, sorry for having a damn life outside of work and taking a week off to enjoy time with my family. Christ. :angry: I received two messages (while at work) in regards to this, and at the time was rather quite busy with all other ongoing duties I have in my job and could not contact you immediately at the time. You did end up reaching me shortly thereafter. Being the sole person to handle all administrative functions in an ISP environment, you may not always hear back from me within 5 minutes.
  4. Man, I just want an end to this, at the same time trying to post my side of it again as well. First off, I did not come out and specifically state who it was. I can see a problem if I specifically stated a name of person or company, but I did not. Right now, I cannot care less. This is pissing me off. Stating an IP, and others choosing to look up info on it to find out who it is, is certainly not me pointing out who it is. I was in no way directly posting detailed information on the sender. And I apologize for how I phrase things, that is just me. To get picky on how someone phrases something.... What happens if someone with poor English skills posts, and they do not phrase something right, and things are taken out of context? Don't shoot the person for not phrasing something well, please. I started this simply stating the facts that I saw at the time, which was incoming spam to our mail server (yes, which it IS my job to prevent spam to our system, especially when it affects the functionality of our mail server), I pointed out the IP that at the time, I was suspicious of being an open relay. I know enough that the starting point of the email in question was not the IP I indicated, so use of the word "originating" was not a good choice. However, I suspected a possible open relay, with no logged entries of legit email originating (or relaying!) from the IP in question, so I put a block on it at the time. Notified by Brian with an explanation as to the situation, and I acted accordingly by removing the IP from being blocked. I don't get how this is not straight forward.
  5. Ok, so, providing an IP address is in no way slander, IMO. I didn't state a name, I just called it as I saw it, which was an origin of spam entering our mail server. (I didn't think referencing an IP of spam origin, or possible open relay was slander) I searched, with a fine tooth comb, a week's worth of email logs for valid email originating from this IP address, and saw no attempts of legit email sending from that server. Apparently during this period of a week, I was informed by Brian that legit email attempts were made by him to these customers. I can/would have seen any/all attempts, legit or not. I did not see email originating from "him". As for 3 customers, I have only ever seen email attempts from that IP to only one of our customers. I found out on the phone with Brian, about a possible 2nd and/or 3rd customer. As mentioned, in all my digging for info of this IP in question, I saw only traffic going to one customer here, no other. There are times I block an IP for seeing actual spam coming through, until notified otherwise. Which was in this case. I see it initially as spam flood to an account on our server, I block it, then Brian calls me to indicate he has legit email sending through. Simple solution, I removed the blocking of his IP immediately. Where/how I was wrong in that, I don't understand. All it took was for him to indicate that he and his server are a legit source of email, and I took immediate action on my part to remove the IP from our block list. That was end of conversation. Seems he wants to keep this going for some reason now. I was led to believe this had all been cleared up with the fact that I removed the block upon receiving his phone call, and he explained the situation. Case closed. Tell me there are no other ISPs in the world who have had a similar situation, where a block is placed, contact from server owner afterwards to clear up the situation, then block is removed. Tim P.S. arin.net lookup on IP in question, how/where does this point to Doctor PC or the name Brian for that matter? Server Central Network SCN-4 (NET-205-234-128-0-1) 205.234.128.0 - 205.234.255.255 HostForWeb Inc. HOSTFORWEB-14 (NET-205-234-132-0-1) 205.234.132.0 - 205.234.132.255 How/where would that imply you specifically? IP is not shown to be owned by Doctor PC. IP is owned by a company in Chicago it appears.
  6. To answer clean and simple, it is my job here (part of my job) to prevent what I saw, getting to the customer. So no worries there, I know for a fact that it was spam, especially with the indicators of the actual sender being hidden etc.. Not sure about going against Spamcop rules, as I report spam as I see it, I'm not going to turn away from reporting child porn just because I see it and one of my customers does not see it. Just my opinion I guess, but I always attempt to better the fight against spam, and if it helps others in not receiving it. Tim
  7. Ok, yes, I reported the whole email in question. I mis-interpreted the reference to relay that the Spamcop system stated. It was definitely spam, no question on that. I have only seen one customer of ours targeted by this spam and sender IP however. I was stating that it appeared to be spam, as the person who is on that IP is in Ontario, Canada, and the spam all points to Tulsa, Oklahoma. As I am not the actual recipient of the message, I can't speak for their opinion on what it is. It was along the lines of "win a Sony Playstation". The person in question at 205.234.132.30 has not legitimately sent email from his own email address(es) through to our mail server. Each entry associated with this IP, is attempting to reach our one particular customer. I am blocking the IP, by my choice, server side. I allowed for it just to see what was going to come through, and sure enough it is spam. I reported it via my usual methods, and flagged this person as a permanent IP blacklisting. I just find it funny that he physically called us (no customer complaint on our end) to ask why we are blocking him. Tim
  8. Ok, Awhile back, I started blocking a particular IP (205.234.132.30) as I noticed a steady flood of what appeared to be spam, being sent to at least one user on our mail server. The guy who is on this IP (which he appears to be locally addressed to us), actually phoned us to ask why he's being blocked. So I have his name, phone #, you name it. Funny thing is, I have not seen any attempt at legit email from this person's domains in our mail logs. Only entries for spammy emails. This guy has some balls to be calling us! The IP above when reported through Spamcop, goes into open relay testing. Lets say he has an open relay and does not know, then I can understand him asking why he's being blocked. However, with seeing no legit email attempts from this person, I'd say that the guy is lying through his teeth. Tim Update: Hmm, seems when submitted for testing as open relay: The host you submitted at ORDB.org (205.234.132.30), has been thoroughly checked, and does not seem to permit relaying. It comes back as not open relay.
×
×
  • Create New...