• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Spam Cop and finding offending domain.

R

rrmccabe

Guest
I have an issue where SpamCop has blacked flagged my main IP.

I have authentication set on SMTP so unless its an actual user sending mail (which I doubt), it must be a script.

How can I track this down?

Thanks in advance

Rich
 
You are probably going to need to see the headers from a piece of mail that got you flagged. There are also other ways for mail to be sent through you sever. One being a weak form mail script or webapp such coppermine or phpbb. Since php or cgi has the ability to send mail they can be exploited by the scum of the earth.

One tool I use to find which user is sending spam is qmHandle. You can use this to list mail in you remote (outgoing) mail queue. If spam is stuck there as it usually is; it's becuase spammers send mail to all kinds of addresses. Those that don't work just sit in the queue. So after installing qmHandle I use these two commans.

This lists out the messages
qmHandle -l


Then I get the message id and run the following to read it.
qmHandle -m2771291

hope that helps
 
Originally posted by inc595
You are probably going to need to see the headers from a piece of mail that got you flagged. There are also other ways for mail to be sent through you sever. One being a weak form mail script or webapp such coppermine or phpbb. Since php or cgi has the ability to send mail they can be exploited by the scum of the earth.

One tool I use to find which user is sending spam is qmHandle. You can use this to list mail in you remote (outgoing) mail queue. If spam is stuck there as it usually is; it's becuase spammers send mail to all kinds of addresses. Those that don't work just sit in the queue. So after installing qmHandle I use these two commans.

This lists out the messages
qmHandle -l


Then I get the message id and run the following to read it.
qmHandle -m2771291

hope that helps
Click to expand...

Thanks for response. I actually have 4PSA Qmail manager. I can see mail in queue but its mostly bounce stuff and did not appear to be from one place but will look again.

Not sure I am understand what your qmhandle -1 does?

Thanks again.

Rich
 
If you install qmHandle it lists out the mail in queue. If you have some of script that reads the queue then you could use that. The bounces are what you want to look for. You will want to see if they are coming from other servers that are rejecting you mail. You can then look at the mail log for clues on where to go next.
 
You must log in or register to reply here.

Similar threads

C
Issue Help needed with spam filtering
Replies
5
Views
1K
ciB
C
J.Wick
Issue External Email Stopped Working after Upgrading to Plesk Obsidian 18.0.70 Update #2
Replies
1
Views
491
J.Wick
J.Wick
E
Question Is multiple HELO registration possible?
Replies
2
Views
1K
emrekoc
E
C
Question Block mail if domain doesn't exist in Plesk
Replies
0
Views
633
checkinindza
C
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
4K
Kaspar
K
Back
Top