derrick.hansen Posted October 11, 2006 Share Posted October 11, 2006 Hello, looks like a new wave of spaming viruses is going around. We have had our mail server; 208.98.210.10 blacklisted again. While we can shut down the hosts that are using thier own mail server to spam with, trying to find out who is spamming with our mail server is a little more dificult. Any of the spam warriors want to help us slay the virused host or hosts? We were hitting the spam traps so little info is given back. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 11, 2006 Share Posted October 11, 2006 Hello, looks like a new wave of spaming viruses is going around. We have had our mail server; 208.98.210.10 blacklisted again. While we can shut down the hosts that are using thier own mail server to spam with, trying to find out who is spamming with our mail server is a little more dificult. Any of the spam warriors want to help us slay the virused host or hosts? We were hitting the spam traps so little info is given back. Well, it looks as if someone cleared the list. You say it was spamtraps. Was that all it was? Did it mention anything about misdirected bounces? Have you tried to email deputies[at]spamcop.net to get more info (if you are an administrator of that IP address)? Viruses are not the only way for a host to get listed. In August, at least one spam message was reported. Submitted: Tuesday, August 22, 2006 5:51:39 PM -0400: Bachelors, Masters, MBA, PhD can be yours in 4 weeks if you qualify. Link to comment Share on other sites More sharing options...
turetzsr Posted October 11, 2006 Share Posted October 11, 2006 ...Paying members may be able to dredge up a bit more information. However, information about stuff hitting SpamTraps is only visible to the SpamCop Deputies (deputies[at]admin.spamcop.net). Please be sure to provide all relevant information and include evidence that you are an admin for the machine being blocked (208.98.210.10). ...Good luck! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 11, 2006 Share Posted October 11, 2006 ...Paying members may be able to dredge up a bit more information. I should have mentioned there is no new information available to paying reporters. Link to comment Share on other sites More sharing options...
derrick.hansen Posted October 11, 2006 Author Share Posted October 11, 2006 I am in the support dept at sun country cable which owns the blocked IP. The system administrator did find some old auto reply's that were getting hit with spam and bouncing. We killed those. Hopefully that was all. Yes the report for 208.98.210.10 was saying that there were 2 spamtrap hits since last night. I figured it was a virused host because I have had to shut down about 6 so far this week. most of the time they set up thier own mail server, but the odd time we get it going thru the mail server. The last time that happened the spamcop forums helped us conferm the source. I thought it may have been similar. So yeah, hopefully it was just the old auto-reply's. Link to comment Share on other sites More sharing options...
Telarin Posted October 12, 2006 Share Posted October 12, 2006 Hi Derrick I'm wondering if perhaps your mail server software could be configured to filter some of the more common virus distribution subject lines, as most of them only have a handful of subjects that they use. If you could then log those filtering actions, it should make tracking down the infected hosts relatively easy. Unfortunately, until there are some manual reports on the IP, there is not much we users will be able to find for you. Your best bet is to send an email to deputies[at]admin.spamcop.net. Do your mail servers add a received: from line to the headers for the IP address of the originating client computer? If so, you might be able to get the deputies to give you that IP and an approximate time, then you should be able to determine who it is based off your DHCP logs. Link to comment Share on other sites More sharing options...
turetzsr Posted October 12, 2006 Share Posted October 12, 2006 ...An off-topic "reply" was split off from this thread and moved to the Lounge with title "Off-topic Post from Thread "virused hosts again!" PM sent to relevant individuals to advise of split and new location of those replies (Off-topic Post from Thread "virused hosts again!"). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.