Jump to content

Should I Report IP Addresses When They Attempt To Relay Through My Mail Server


CoppinOut
 Share

Recommended Posts

I have a small mail server for personal use, and I monitor the logs for refused mail so that I can whitelist if it is legitimate.  I see a lot of attempted relays in these logs, but they are usually blocked by BLs, so I just ignore them.  Today, I saw a few attempts form a single IP address that was appeared to be testing for relay-ability and was not blocked by the spamcop BL.  Should I report this since it wasn't stopped by the BL, or should I only report actual spam I receive that wasn't blocked by the spamcop BL?

Link to comment
Share on other sites

I understand your answer, and that's good enough for me, but I had already read that FAQ page, and reading it again didn't give me any insight as to where your answer came from.  However, I don't have headers, I have server logs, so that alone might prevent a report from going through if I were to try (which I won't).  Thank you.

Link to comment
Share on other sites

On ‎4‎/‎28‎/‎2018 at 7:27 AM, lisati said:

It might be a good idea to make sure that your server is not configured to act as an open relay. That way, relay attempts will be blocked, and there will be nothing for you to report.

To be clear, the server is not configured to act as an open relay, and the mail was not relayed.  However, the attempt was instead blocked by the relay prevention measures because the source server was not on the BL.  This seems generally indicative to me of a spammer (albeit unsuccessful in this particular instance) who is not on the BL because there is no legitimate reason for my server to see relay attempts and specifically indicative in this case because the attempted mailing used a made up address from my domain.  The fact that a likely spammer is not on the BL is why I thought it might be worth reporting.  However, as the previous response came from a forum admin, I'm going to operate under the assumption that he is correct and spamcop.net doesn't want that activity reported.

Link to comment
Share on other sites

If the email is being rejected by your server, you won't have any spam to report through Spamcop, which, in some ways is a good thing.

If you still want to report or complain, another option would be to do your homework to find out the abuse contact for the IP address, and send them a polite note telling them what is going on. This does not have to involve Spamcop, even though it would be nice to have some data available to help them maintain their blocklist.

Link to comment
Share on other sites

couple of sites may give info on IP address are 

https://www.spamcop.net/w3m?action=checkblock&ip=113.173.140.51

https://www.talosintelligence.com/reputation_center/lookup?search=113.173.140.51

You can always complain to provider and or CERT of that Country

Link to comment
Share on other sites

Thank you both for the additional advice.  I actually looked up the address first, and there were a number of reasons I decided not to bother attempting to report it there including location, language, and lack of a clear abuse contact.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...