andrew.badge Posted November 8, 2006 Share Posted November 8, 2006 Hi Guys, Background: We run a small "virtual" ISP for pharmacy (retail) businesses. Most clients are NATted behind FortiGate firewalls but some demand public IPs. Note: its currently very hard to get public IPs so NATting is an easy choice. However most SMTP traffic comes out of one IP (188.8.131.52), hence we are vulnerable to any spam from the 3000 sites behind this address. Our details: Blocked IP: 184.108.40.206 Actions performed: We changed the outgoing SMTP rules to "drop" any detected spam messages instead of just marking them as spam. Several questions: How do you register your admin details for an IP address / range? Our range is owned by a large telco (connect.com.au). the SPAMCOP "potential admin address" listed the connect.com.au address, however they don't care about our issue. How can i get SPAMCOP's list to know we're the admins for that IP range. How sensitive is the blocking?: According to the daily report, we've sent 24 messages to the trap since the 6th. I would not think this is a huge amount as we blocked about 30 a minute on the firewall. Are the details even correct? Viewing the report, the % increase changes on each refresh, although the message states SPAMCOP has not received a message in the last 4 hours. How accurate/inaccurate is this stuff??? Are detected spam counted? I noticed some reports listed "detected" spam where our severs listed [spam] in the header with an explanation? Is the only safe option to drop spam messages (not just mark the subject or MIME header)? I thought this was not good practice (for false positivies)? How can i get details of the alleged spam? I don't seem to be able to find any evidence of activity (from SPAMCOP) apart from a "count". What details can i get to help track the messages? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.