• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Spam Cop and finding offending domain.

R

rrmccabe

Guest
I have an issue where SpamCop has blacked flagged my main IP.

I have authentication set on SMTP so unless its an actual user sending mail (which I doubt), it must be a script.

How can I track this down?

Thanks in advance

Rich
 
You are probably going to need to see the headers from a piece of mail that got you flagged. There are also other ways for mail to be sent through you sever. One being a weak form mail script or webapp such coppermine or phpbb. Since php or cgi has the ability to send mail they can be exploited by the scum of the earth.

One tool I use to find which user is sending spam is qmHandle. You can use this to list mail in you remote (outgoing) mail queue. If spam is stuck there as it usually is; it's becuase spammers send mail to all kinds of addresses. Those that don't work just sit in the queue. So after installing qmHandle I use these two commans.

This lists out the messages
qmHandle -l


Then I get the message id and run the following to read it.
qmHandle -m2771291

hope that helps
 
Originally posted by inc595
You are probably going to need to see the headers from a piece of mail that got you flagged. There are also other ways for mail to be sent through you sever. One being a weak form mail script or webapp such coppermine or phpbb. Since php or cgi has the ability to send mail they can be exploited by the scum of the earth.

One tool I use to find which user is sending spam is qmHandle. You can use this to list mail in you remote (outgoing) mail queue. If spam is stuck there as it usually is; it's becuase spammers send mail to all kinds of addresses. Those that don't work just sit in the queue. So after installing qmHandle I use these two commans.

This lists out the messages
qmHandle -l


Then I get the message id and run the following to read it.
qmHandle -m2771291

hope that helps
Click to expand...

Thanks for response. I actually have 4PSA Qmail manager. I can see mail in queue but its mostly bounce stuff and did not appear to be from one place but will look again.

Not sure I am understand what your qmhandle -1 does?

Thanks again.

Rich
 
If you install qmHandle it lists out the mail in queue. If you have some of script that reads the queue then you could use that. The bounces are what you want to look for. You will want to see if they are coming from other servers that are rejecting you mail. You can then look at the mail log for clues on where to go next.
 
You must log in or register to reply here.

Similar threads

C
Issue Help needed with spam filtering
Replies
5
Views
1K
ciB
C
E
Question Is multiple HELO registration possible?
Replies
2
Views
851
emrekoc
E
C
Question Block mail if domain doesn't exist in Plesk
Replies
0
Views
568
checkinindza
C
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
3K
Kaspar
K
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
687
W4ru
W
Back
Top