CoppinOut Posted April 27, 2018 Posted April 27, 2018 I have a small mail server for personal use, and I monitor the logs for refused mail so that I can whitelist if it is legitimate. I see a lot of attempted relays in these logs, but they are usually blocked by BLs, so I just ignore them. Today, I saw a few attempts form a single IP address that was appeared to be testing for relay-ability and was not blocked by the spamcop BL. Should I report this since it wasn't stopped by the BL, or should I only report actual spam I receive that wasn't blocked by the spamcop BL?
Lking Posted April 27, 2018 Posted April 27, 2018 1 hour ago, CoppinOut said: should I only report actual spam I receive that wasn't blocked by the spamcop BL? email that someone tries to relay through your server, is not addressed to you and should not be reported. https://www.spamcop.net/fom-serve/cache/14.html
CoppinOut Posted April 27, 2018 Author Posted April 27, 2018 I understand your answer, and that's good enough for me, but I had already read that FAQ page, and reading it again didn't give me any insight as to where your answer came from. However, I don't have headers, I have server logs, so that alone might prevent a report from going through if I were to try (which I won't). Thank you.
lisati Posted April 28, 2018 Posted April 28, 2018 It might be a good idea to make sure that your server is not configured to act as an open relay. That way, relay attempts will be blocked, and there will be nothing for you to report.
CoppinOut Posted April 30, 2018 Author Posted April 30, 2018 On 4/28/2018 at 7:27 AM, lisati said: It might be a good idea to make sure that your server is not configured to act as an open relay. That way, relay attempts will be blocked, and there will be nothing for you to report. To be clear, the server is not configured to act as an open relay, and the mail was not relayed. However, the attempt was instead blocked by the relay prevention measures because the source server was not on the BL. This seems generally indicative to me of a spammer (albeit unsuccessful in this particular instance) who is not on the BL because there is no legitimate reason for my server to see relay attempts and specifically indicative in this case because the attempted mailing used a made up address from my domain. The fact that a likely spammer is not on the BL is why I thought it might be worth reporting. However, as the previous response came from a forum admin, I'm going to operate under the assumption that he is correct and spamcop.net doesn't want that activity reported.
lisati Posted April 30, 2018 Posted April 30, 2018 If the email is being rejected by your server, you won't have any spam to report through Spamcop, which, in some ways is a good thing. If you still want to report or complain, another option would be to do your homework to find out the abuse contact for the IP address, and send them a polite note telling them what is going on. This does not have to involve Spamcop, even though it would be nice to have some data available to help them maintain their blocklist.
petzl Posted April 30, 2018 Posted April 30, 2018 couple of sites may give info on IP address are https://www.spamcop.net/w3m?action=checkblock&ip=113.173.140.51 https://www.talosintelligence.com/reputation_center/lookup?search=113.173.140.51 You can always complain to provider and or CERT of that Country
CoppinOut Posted May 1, 2018 Author Posted May 1, 2018 Thank you both for the additional advice. I actually looked up the address first, and there were a number of reasons I decided not to bother attempting to report it there including location, language, and lack of a clear abuse contact.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.