freejack Posted August 31, 2005 Share Posted August 31, 2005 I'm not entirely sure this is the right place to ask. If it isn't could the mods please move it to the appropriate place. My employer has 2 outbound mail servers and several times a year they get blacklisted for spam. We have taken several steps and gotten it down immensely but in order to get it to near 0 has us stumped. From what I understand if we get blocked because spamcop got a spam mail on their secret accounts we will get no information from spamcop why we are blocked. So this means the only way for us to find out who the spammer was is to summarize our logs. One thought has been to try and track what users are sending to whom and keep a tally of who is sending to whom. The idea is to have an idea of who is sending massive amounts of email a day and then look at those customers to see if they are spamming people. The problem is the logs the mail server generates are huge. Our daily logs range from 40 to 100megabytes. My boss wrote a query that would summarize these logs but because of the way the logs are it's a multiple step query and we estimated it would take a box costing 5 figures just to process the logs into a summary format. I know there is no budget for a 5 figure cost system so we have to find another solution. Has anyone else gone through this or have any suggestions on how to do this within our limited budget? Link to comment Share on other sites More sharing options...
Wazoo Posted August 31, 2005 Share Posted August 31, 2005 First impressions .... no one at your company has read any of the data provided .. including "here" .... no data is provided, so there's no way to offer any research results. There is a FAQ or two available 'here' .. there are literally thousands of previous postings from other folks that offer data in those previous discussions ... you make no mention of doing much research yourself, other than what really seems to be a search for the "magic" address .... Link to comment Share on other sites More sharing options...
turetzsr Posted August 31, 2005 Share Posted August 31, 2005 Hi, freejack, ...If your servers are sending spam to SpamTraps, you may want to politely ask the SpamCop deputies (deputies [at] spamcop [dot] net) for help. The deputy will probably require some information that validates that you are an authorized mail server administrator for the servers (IP addresses) about which you are asking. ...IIUC, likely culprits are "blowback" and zombied machines. ...Good luck! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 31, 2005 Share Posted August 31, 2005 Using the address you posted from, I am going to guess that you are talking about: address hostname 209.23.116.94 outbound2.logical.net 209.23.116.93 outbound1.logical.net Which senderbase shows the first as listed even though spamcop directly does not (indicating it probably just dropped off and mirrors are still updating). Both of those IP addresses indicate there have been reports against them but since both report listings are blank, indicates it is likely only spamtrap reports were hit. Please look at the following web page and read/evaluate the 4 most common causes of blocking systems not intending to spam: http://www.spamcop.net/bl.shtml?209.23.116.94 As mentioned, to get limited information about the spamtrap hits, contact deputies<at>spamcop.net Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.