Jump to content

[Resolved] How to determinate spam activity from our IP?


Vo_Vik
 Share

Recommended Posts

Hello,

According to this report there were registered some email spam activity from IP 74.124.217.22

http://www.senderbase.org/senderbase_queri...3ASearch=Search

I reviewed mail server log, but cann't find any suspicion lines.

Also this IP not mentioned in any databases from this page

http://www.senderbase.org/senderbase_queri...g=74.124.217.22

dnsbl.njabl.org

dnsbl.sorbs.net

bl.spamcop.net

cbl.abuseat.org

sbl.spamhaus.org

pbl.spamhaus.org

I tried to contact senderbase.org thought email support[at]senderbase.org few times, but no answers((

When I dig more, http://www.spamcop.net/mcgi?action=ispcent...a=74.124.217.22

At spamcom ISP control center, and here is results:

74.124.217.22

Most recent spam reported about 6.2 days ago

How I can get any addition information about this spam activity?

I requested hourly report, but no results yet.

Thank you.

Link to comment
Share on other sites

Hi, Vo_Vik,

...Thank you for your interest in trying to address spam!

...What I would suggest is that you start with the SpamCop FAQ (links to which appear near the top left of each SpamCop Forum page) articles labeled:

  • "I'm receiving spam reports, but my mail server logs don't reflect it. Why?"
  • How can I control spam from my network?
  • How can I control unsolicited bounces?

...If you have follow-up questions, please post them as replies here.

...Good luck!

Link to comment
Share on other sites

Hi, Vo_Vik,

...Thank you for your interest in trying to address spam!

...What I would suggest is that you start with the SpamCop FAQ (links to which appear near the top left of each SpamCop Forum page) articles labeled:

  • "I'm receiving spam reports, but my mail server logs don't reflect it. Why?"
  • How can I control spam from my network?
  • How can I control unsolicited bounces?

...If you have follow-up questions, please post them as replies here.

...Good luck!

Thank you for your answer.

[*]"I'm receiving spam reports, but my mail server logs don't reflect it. Why?"

http://www.spamcop.net/fom-serve/cache/183.html

I have no spam report, this is why I tried to contact senderbase.org or spamcop.net (the same domain registrator). I need any spam exsample from our server to find it in log.

How can I control spam from my network?

http://www.spamcop.net/fom-serve/cache/379.html

http://spam.abuse.net/adminhelp/

The same thing, we need any sample of spam from our server to find where is the problem.

How can I control unsolicited bounces?

http://www.spamcop.net/fom-serve/cache/380.html

the same problem that with first two. I need know the reason, not just fight with ghosts.

Edited by Vo_Vik
Link to comment
Share on other sites

<snip>

I have no spam report,

<snip>

...Hm, I'm confused -- you wrote "According to this report there were registered some email spam activity from IP 74.124.217.22" -- to what "report" are you referring if not a spam report?

...Oh, I think I see -- did you mean the web page at http://www.senderbase.org/senderbase_queri...3ASearch=Search? If so, hopefully someone who is able to see information about spam from that IP address will be along to post additional information.

...By the way:

Query bl.spamcop.net - 74.124.217.22

(Help) (Trace IP) (SenderBase Lookup)

74.124.217.22 not listed in bl.spamcop.net

Link to comment
Share on other sites

...Hm, I'm confused -- you wrote "According to this report there were registered some email spam activity from IP 74.124.217.22" -- to what "report" are you referring if not a spam report?

I posted link on that report. If you will open it, you will see just high level resently and no addition information. It is hard for me opperate only that information.

Link to comment
Share on other sites

I posted link on that report.

<snip>

...Gotcha! Sorry, I took your mention of a "report" incorrectly. Unfortunately, I don't have the privileges necessary to answer your question but there are others who participate who do.

...It makes me curious, though: what caused you to think to look at that link?

Link to comment
Share on other sites

...Gotcha! Sorry, I took your mention of a "report" incorrectly. Unfortunately, I don't have the privileges necessary to answer your question but there are others who participate who do.

...It makes me curious, though: what caused you to think to look at that link?

SMTP error from remote mail server after initial connection:

host smtp.secureserver.net [216.69.186.201]: 554-m1pismtp01-005.prod.mesa1.secureserver.net

554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

I'm a paying member and found

http://mailsc.spamcop.net/sc?track=74.124.217.22

(report sent to abuse[at]inmotionhosting.com )

Submitted: Thu Apr 26 16:35:07 2012 GMT :

Your friend KARMA has recommended this great product from Cable Ties and More

Try if you can find that Subject in your mail log

Thank you for this, unfortunetly, I can't open the link that you provided. Anyway... I will try to find it... is this title of email?

Link to comment
Share on other sites

michaelanglo, thank you for your reply

I found this in our log, looks like a non existent user is sending this email. Anyway I know what is wrong, And I just need to fix a server setting. Thanks a lot.

I'm going to kick our hosting providers)

Edited by Vo_Vik
Link to comment
Share on other sites

michaelanglo, thank you for your reply

I found this in our log, looks like a non existent user is sending this email. Anyway I know what is wrong, And I just need to fix a server setting. ...

Aha, I've been following this in a state of incomprehension but now it has all fallen into place (too late, but for future reference ...). Another source of information would have been: http://gremlin.ru/soft/drbl/en/faq.html#howtogetout since 74.124.217.22 is listed on gremlin (checking with http://multirbl.valli.org/dnsbl-lookup/).

If you had been listed on SORBS or on CBL, both of those provide some listing data but I suppose you knew that already. Anyway, 74.124.217.22 is remarkably clean on the RBLs generally but always worth checking a multi listing service when problems arise.

A further point, SenderBase Reputation Score, when some recipient networks are using it for blocking, can be a bit of a "bear" to clear up/restore, even after you've tweaked your server. Due to your throughput volume and previous "history" on the server that may not be a problem for you (good ham:spam ratio demonstrated), but if it is, this topic - http://forum.spamcop.net/forums/index.php?showtopic=10674 - and the several others found from the links there - contains about as much as we SC users know/have found out about it.

And, one more vote of thanks for your interest and energy in getting on top of spam issues.

Link to comment
Share on other sites

All SpamCop does is attempt to advise of security issues

Glad this one fixed

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...