Jump to content

Should I Report IP Addresses When They Attempt To Relay Through My Mail Server


CoppinOut

Recommended Posts

Posted

I have a small mail server for personal use, and I monitor the logs for refused mail so that I can whitelist if it is legitimate.  I see a lot of attempted relays in these logs, but they are usually blocked by BLs, so I just ignore them.  Today, I saw a few attempts form a single IP address that was appeared to be testing for relay-ability and was not blocked by the spamcop BL.  Should I report this since it wasn't stopped by the BL, or should I only report actual spam I receive that wasn't blocked by the spamcop BL?

Posted

I understand your answer, and that's good enough for me, but I had already read that FAQ page, and reading it again didn't give me any insight as to where your answer came from.  However, I don't have headers, I have server logs, so that alone might prevent a report from going through if I were to try (which I won't).  Thank you.

Posted

It might be a good idea to make sure that your server is not configured to act as an open relay. That way, relay attempts will be blocked, and there will be nothing for you to report.

Posted
On ‎4‎/‎28‎/‎2018 at 7:27 AM, lisati said:

It might be a good idea to make sure that your server is not configured to act as an open relay. That way, relay attempts will be blocked, and there will be nothing for you to report.

To be clear, the server is not configured to act as an open relay, and the mail was not relayed.  However, the attempt was instead blocked by the relay prevention measures because the source server was not on the BL.  This seems generally indicative to me of a spammer (albeit unsuccessful in this particular instance) who is not on the BL because there is no legitimate reason for my server to see relay attempts and specifically indicative in this case because the attempted mailing used a made up address from my domain.  The fact that a likely spammer is not on the BL is why I thought it might be worth reporting.  However, as the previous response came from a forum admin, I'm going to operate under the assumption that he is correct and spamcop.net doesn't want that activity reported.

Posted

If the email is being rejected by your server, you won't have any spam to report through Spamcop, which, in some ways is a good thing.

If you still want to report or complain, another option would be to do your homework to find out the abuse contact for the IP address, and send them a polite note telling them what is going on. This does not have to involve Spamcop, even though it would be nice to have some data available to help them maintain their blocklist.

Posted

Thank you both for the additional advice.  I actually looked up the address first, and there were a number of reasons I decided not to bother attempting to report it there including location, language, and lack of a clear abuse contact.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...