Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by sehh

  1. There is no contact information on Spamhaus, they clearly state that they do not want any sort of communication. Yes my IP is static unique and on my server only (of which I only have access for my personal domains). I've setup DKIM, SPF, DMARC and things have been running smoothly for many many years.
  2. This might be off-topic but I would appreciate some help because I am at a loss I've got a server with Linode and it comes with two IP addresses, one IPv4 and one IPv6. The server is running CentOS 7, with Apache virtualhosts that host static html pages and postfix/dovecot for my personal email. So far so good. Now here comes the crazy thing. Spamhaus will list my IPv6 address in their SBLCSS blacklist, continuously (I delist and a few hours later its listed again). The server is not compromised, its a vanilla CentOS 7 with SELinux enabled and running Apache for static html pages, the server cpu usage is 0% and network is also at 0%. I even shutdown the server and my IPv6 address STILL got listed by Spamhaus even tough the server was turned off. I am can only conclude that my server is not compromised, maybe Spamhaus is running some kind of net-block-wide auto-block system that also covers my own IPv6 address. My IPv4 has never been listed, in case you are wondering, and neither of my two addresses got listed on any other blacklist that I know of. I tried to contact Spamhaus but they don't have any contact information on their website. I would appreciate any suggestions please.
  3. No I haven't reported it to paypal, just spamcop at the moment. This paypal account has been used only once, for a payment to a single person only. So that limits the possible leakage points I was not aware that once you make a paypal payment, the remote party has access to your email address, so I will get in touch with this person first and report the issue, maybe we can pin-point the problem. Thanks for the info, much appreciated.
  4. I've got a special email address that I've created just to register with PayPal and never used anywhere else. This email address uses a randomized first part (before the @) so its impossible to predict or to automatically generate. This email address has received 4-5 emails from PayPal since 2013 when it was first registered, mainly about updating the account details. BUT Today it received a spam email, originating from the IP address (mail6.kayfun.vip) about some e-shop selling fake jewellery, directly addressed to my special email address. So what possible theories exist? 1) My Linode.com server has been compromised and the email addresses have been harvested. It runs a pure CentOS 7.3 server, no control panel, just apache, dovecot and postfix. 2) PayPal has been hacked 3) PayPal sells email addresses to spammers 4) My desktop computer has been compromised (runs Fedora Linux, with claws-mail as an email client) 5) Something else? or a combination of the above? Anyone else seen this before? I'd appreciate your suggestions. Thank you.
  5. Recently, I've started to receive spam that do not contain a body, the entire spam is in the subject line. I tried to report them to spamcop but the online form rejects my submission because there is no body. I sort of tricked the form by adding a bunch of random characters as a body. Here is an example of the subject line from a spam without body: Subject: Attention, I have deposited your Consignment Trunk Box of ($4.8Million) dollars with FedEx Courier Company,so please re-confirmed your personal information such as to them.ask them for the Consignment box 1. Your full name.. 2. Address where you will like it to be sent.. 3. Private phone and fax number.. 4. Your age.. 5. Attached / scanned copy of any identification of yours.. ATTN: DR.JERRY COOK EMAIL: banktobank13@gmail.com Tel: +22998437846 EMAIL: banktobank13@gmail.com Thanks and Remain Blessed, Best Regards, Mrs. Douglas Smith
  6. Theoretical question, but do you find that current blocklists are ineffective? For example, yet another spam came from the IP (somewhere in Thailand). Ok no problem, I enter it in dnsbl.info, which scans about 50+ blocklists and guess what, comes up "green" on all of them. Several hours later, still all green. I'm testing lots of IP's from spam that go through and they all appear unlisted. Even those coming from yahoo.com and outlook.com. So whats up with the blocklists these days? Are spammers getting lucky or have their tools improved?
  7. sehh

    Yahoo spam

    So I take it that this is a common problem? Based on the above, content filtering is the only way to go then (spamassassin bayes etc), at least as a last resort.
  8. sehh

    Yahoo spam

    Hello everyone, I'm quite happy with my SMTP (postfix) spam protection, it uses several RBL's and also a list of milters for content scanning, including grey listing. But, I do get some spam, all of them seem to have one common characteristic, they come from yahoo. Maybe yahoo with its current financial problems has started accepting "donations" to forward spam? My question is what to do with yahoo. Their servers pass all the typical tests (SPF, etc) so their emails seem quite legitimate. Since I don't want to block yahoo entirely, is there some other trick that you guys have come up with? Thank you.
  9. Hello, Over the past several months, we've received thousands of spam, originating from IP addresses owned by a provider called SingleHop, which in turn advertise sites hosted by another provider called Blacklotus. What we found interesting, is that once we block their IP network range, a few months later they change to another network, again owned by SingleHop. SpamCop as well, seems not to have them blacklisted (at least not their current range of IP's, which is SpamCop sends reports to abuse[at]singlehop.com and to abuse[at]blacklotus.net, but of course that makes no difference. Does the above imply that these two "businesses" are in bed together, or owned by the same person(s)? Since any spam sent from SingleHop always points to Blacklotus sites.
  10. Hello people, i've been using spamcop to report spam for several years now and i'm very happy with their service. Recently i've been getting a specific spam from "Fedmarket" and i noticed that none of their spam gets blocked by spamcop, no matter how many times i report their spam. Their latest spam originates from and Does this mean that the above systems haven't been reported enough times to warant a ban? Thank you.
  • Create New...