Jump to content

SpamCop approving spam!


Outernaut

Recommended Posts

All very generic old-style Viagra, Fat Burners, free energy scams, sunglasses - the usual stuff flogged by affiliates whose owners don't care how their product get's out, so long as they make a $ are inundating one email address. I have reported the IPs to SpamCop for 2 weeks now. The IP is always the same except last octet goes up or down a number or 2. But they are still coming, and I WAS still adding them, today I think about 20 of them before I decided I need some time for myself.

I tested and pasted the full IP of several of those bits of wasted time into https://whatismyipaddress.com/blacklist-check and they all come out by SpamCop as being A-OK. 

I can't be the only one that gets these. So, how is SpamCop a good thing? I've been manually posting the messages here , then copying the IP and going to my mail server and adding them in to Global Email Filters, which has decided that it no longer likes the asterisk  in addresses (170.130.207.*) and does  nothing about blocking them. 

My own ISP, not affiliated with my other mail server, has decided not to use SBLs and insists customer can take the time to dig out the headers and paste it into a email to the ISP. I did this, and 2 weeks later received a email saying the spam was too old. They tell me they have their own "team" now reviewing copies sent to them. I think that support fella is too stoned.

I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them?

~o~

Link to comment
Share on other sites

9 hours ago, Outernaut said:

I have asked this before and got loads of technical gobbledygook. But, is there a way to use the SBLs at my mail server, without root access, just cPanel, to block or send these spams IP addresses and really, truly see them worked into the system to block them?

I believe the option you are looking for is RBL check (realtime blacklist).  This is also known as dnsbl.

Link to comment
Share on other sites

At this point, I just do not believe in those block lists anymore.

 

I feel the spamcop one is too light on reports (many offenders never even get on the list), and some others are too heavy (never forgets).

 

I also feel some lists are compromised.  One of them is SORBS. When I was using it, and making reports to spamcop, I would see the offender on the SORBS block list, but still making it into my inbox. Then one day I was wondering why I stopped getting legitimate emails from reputable big companies,   I looked in the maillog to see they were being blocked by SORBS.

 

I think the best thing to do if you are running your own email server, is to get a full blown server, and block the IP addresses yourself when you keep seeing spam coming from the same provider after sending many reports.

 

A week ago, I had to rebuild my email server. On that IP address block was the massive IP range of EONIX.net.

I have not blocked their IP addresses yet, as I seem to be no longer getting any more spam from that provider.

 

 

 

Link to comment
Share on other sites

1 hour ago, KNERD said:

At this point, I just do not believe in those block lists anymore.

This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin.  The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.

Link to comment
Share on other sites

On 4/1/2021 at 10:53 AM, gnarlymarley said:

This is in part why I got my own email server and changed it from blocking lists in the server to spamassassin.  The Spamassassin plug-in allowed me to setup weighting and a threshold for all blocklists so I could block if it is on more than one blocking list, but not if the are on only one.

I use spammassassin. Trouble is, even set at 2.5, so much crud still gets through - same spam, same IP. So I also use "Global Email Filters" and toss IP addresses in there. I don't care if I forget to check and  remove them the list. Most come from Google, or passed through Outlook, or via OVH. 

That's a manual task I'd rather get rid of, each domain has it's own cPanel, so what I add is not system-wide through all my clients.  Ergo, my question about SBL > RBLs. Now I've come across extortion without a IP. Separate post on that.

Oh well, the battle goes on.

~o~

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...