FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Spamcop reports that 31.22.43.56(Bounce) sent spam mail usually about 10 a day but not all from just this bounce address.
Anyone know how to find the real address behind the bounce?
What is the source of the report, and what does the (Bounce) mean?
Checking with Spamcop on that IP returns
Code:
31.22.43.56 not listed in bl.spamcop.net
Note: if that's an obfuscated IP address, I'm not sure how to help you.
Spamcop lists IPs that are reported to have delivered spam. From their home page:
Quote:
SpamCop is the premier service for reporting spam. SpamCop determines the origin of unwanted email and reports it to the relevant Internet service providers. By reporting spam, you have a positive impact on the problem. Reporting unsolicited email also helps feed spam filtering systems, including, but not limited to, SpamCop's own service.
There is no other address "behind" the listed address.
stopping spam is like trying to avoid nitrogen in the atmosphere. You just can't do it. what is unclear is what you are trying to do. tracking down a spammer is pointless. They are usually on the other side of the planet and don't care that you are annoyed. In fact that tells them that they are being effective.
If you are hosting a mail server, then tighten the firewall and perhaps scan the email going thru for keywords and phrases that indicate spam. I used to do that and killed 20k to 30k per day that way.
If you are being used to send spam but you are not hosting a mail server then just disable the services and problem solved.
if you are just looking to track down an annoying spammer, good luck.
Stopping? No. Mitigating? Yes.
We use the SORBS, SBL-XBL, and SPAMCop Real-time Block Lists. We also have our own blocking in place using ucspi-tcp‘s tcpserver. We also use clamav and spamassassin to filter incoming email.
68% of email connections to our server are rejected outright. 4% of those that get through are rejected by the clamav or spamassassin filters.
Some of the spam that gets through gets trapped and reported to the delivering ISP.
Controlling incoming spam is possible, but it took me years to get all the pieces in place. Still, I get many less complaints from customers than I used to.
I don't get as much spam as I used to. There used to be loads of advertisements for Swiss watches and viagra but I haven't seen any of those for a long time now. They seem to know I'm getting old. I do get those occasional heartbreaking messages from dying philanthropists who want to use my bank account. They tend to appear in my Yahoo account, which is the one I use for commercial emails.
If I get a phishing email, I try to find out if the organisation concerned has an address for reporting these things. If so, I send it there, carefully copying in the headers. I consider that to be good netizenship. But otherwise I just delete spam and forget about it..
A large percentage are probably people trying to connect via tor?
I.e. practically all tor exit nodes are on those blocklists?
I don't know or care about what the RBLs are blocking.
I only manage/maintain my internal blocks.
We block connections from servers and networks that have delivered spam to our servers. That's what blocks the 68%, which happens before the RBLs are checked, or the virus and spam filters are used.
What we do is:
Spam/UCE is received
It's reported to the connecting ISP
The country of origin is checked.
If it's from a country we want to block (actually, if not from a country we've decided to permit) the entire netblock to which the IP belongs is blocked. Again, we do that at the smtp connect level, so we're only blocking email delivery attempts.
It's been pretty effective.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.