Jump to content

How do I report a spamming IP that I'm blocking?


Recommended Posts

My smtp relay server (private relay, not open, running postfix) is receiving hundreds of messages a day from sonic.hosts.com. The messages violate RFC's by using my domain name in the HELO instead of their own, so postfix is bouncing the message, and reporting that bounce to me. Even if I were to temporarily remove the check_helo_access check, the messages are to a non-existent account in my domain, which is in a recipients ACL, so I'd still be blocking the message, and if I removed that, I'd have to create an account to receive the spam, just so I could forward it to spamcop. Further, the from address is spoofed each time, so postfix will catch it based on that. There's got to be a better way.

Here's a typical report from my server (my domain name replaced with mydomain.com for the sake of privacy):

Transcript of session follows.

Postfix SMTP server: errors from sonic.hosts.com[]

Mail Delivery System [MAILER-DAEMON[at]smtp.mydomain.com]

Out: 220 smtp.mydomain.com ESMTP Postfix - UCE Trespassers will be pursued

In: EHLO mydomain.com

Out: 250-smtp.mydomain.com


Out: 250-SIZE 10240000

Out: 250-ETRN

Out: 250 8BITMIME

In: MAIL FROM:<aegis_cg[at]mindspring.com>

Out: 250 Ok

In: RCPT TO:<jimh[at]mydomain.com>

Out: 554 <mydomain.com>: Helo command rejected: You are not mydomain.com

Session aborted, reason: lost connection

Note: I have already complained to postmaster[at]hosts.com, abuse[at]hosts.com (address doesn't exist), administrator[at]hosts.com (address doesn't exist), and 'desheley[at]HOSTSCORP.COM' (The technical contact for hosts.com) - all with no response.

Link to comment
Share on other sites

I think where you want to go to get really good answers to your question is the spamcop.geeks newsgroup. There are lots of people who run servers who frequent that newsgroup.

Here, many of the posters are non-technically fluent (like me).

Miss Betsy

Link to comment
Share on other sites

Please try abuse[at]xo.com (where SpamCop would report spam from that IP Address due to XO's ownership of, postmaster[at]hostscorp.com, and abuse[at]hostscorp.com. Also, please report those "address doesn't exist" situations using RFC-Ignorant.Org. Thanks!

Link to comment
Share on other sites

I got an automated response from abuse[at]xo.com, and this result from abuse[at]hostscorp.com:

Your message did not reach some or all of the intended recipients.

Subject: FW: Abuse report

Sent: 4/9/2004 12:18 PM

The following recipient(s) could not be reached:

abuse[at]hostscorp.com on 4/9/2004 12:19 PM

The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.

< smtp.mydomain.com #5.0.0 X-Postfix; host mx.hosts.com[] said: 501 Invalid recipient address (no such address at this site) (in reply to RCPT TO command)>

I would still like to find a way to have spamcop add sonic.hosts.com[] to the BL...

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...