Jump to content
Sign in to follow this  
freejack

Our mail servers keep getting blacklisted

Recommended Posts

I'm not entirely sure this is the right place to ask. If it isn't could the mods please move it to the appropriate place.

My employer has 2 outbound mail servers and several times a year they get blacklisted for spam. We have taken several steps and gotten it down immensely but in order to get it to near 0 has us stumped.

From what I understand if we get blocked because spamcop got a spam mail on their secret accounts we will get no information from spamcop why we are blocked. So this means the only way for us to find out who the spammer was is to summarize our logs.

One thought has been to try and track what users are sending to whom and keep a tally of who is sending to whom. The idea is to have an idea of who is sending massive amounts of email a day and then look at those customers to see if they are spamming people. The problem is the logs the mail server generates are huge. Our daily logs range from 40 to 100megabytes. My boss wrote a query that would summarize these logs but because of the way the logs are it's a multiple step query and we estimated it would take a box costing 5 figures just to process the logs into a summary format.

I know there is no budget for a 5 figure cost system so we have to find another solution. Has anyone else gone through this or have any suggestions on how to do this within our limited budget?

Share this post


Link to post
Share on other sites

First impressions .... no one at your company has read any of the data provided .. including "here" .... no data is provided, so there's no way to offer any research results. There is a FAQ or two available 'here' .. there are literally thousands of previous postings from other folks that offer data in those previous discussions ... you make no mention of doing much research yourself, other than what really seems to be a search for the "magic" address ....

Share this post


Link to post
Share on other sites

Hi, freejack,

...If your servers are sending spam to SpamTraps, you may want to politely ask the SpamCop deputies (deputies [at] spamcop [dot] net) for help. The deputy will probably require some information that validates that you are an authorized mail server administrator for the servers (IP addresses) about which you are asking.

...IIUC, likely culprits are "blowback" and zombied machines.

...Good luck!

Edited by turetzsr

Share this post


Link to post
Share on other sites

Using the address you posted from, I am going to guess that you are talking about:

address hostname

209.23.116.94 outbound2.logical.net

209.23.116.93 outbound1.logical.net

Which senderbase shows the first as listed even though spamcop directly does not (indicating it probably just dropped off and mirrors are still updating).

Both of those IP addresses indicate there have been reports against them but since both report listings are blank, indicates it is likely only spamtrap reports were hit. Please look at the following web page and read/evaluate the 4 most common causes of blocking systems not intending to spam: http://www.spamcop.net/bl.shtml?209.23.116.94

As mentioned, to get limited information about the spamtrap hits, contact deputies<at>spamcop.net

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×