Wizard IT Products

Wizard Tower TechnoServices Ltd. is proud to host these public forums
https://forums.magicspam.com/

Not blocking spam

https://forums.magicspam.com/viewtopic.php?f=15&t=2093

Page 1 of 1

Not blocking spam

Posted: Mon Mar 22, 2010 1:54 pm
by coolioso
i need help understanding why these get thru. i get thousands of them
a day and they put me on every bl you can imagine. This is a sample of a few but yesterday i got 18000 of these.

2010-03-21 21:18:29 magicspam-plesk[4559]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,from
=<bbva@bbva.es>,rcpt=<a_tocar@yahoo.es> 2010-03-21 21:18:29
magicspam-plesk[4561]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_tonio_96@hotmail.com> 2010-03-21 21:18:29
magicspam-plesk[4564]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_toro_m@vodafone.es> 2010-03-21 21:18:29
magicspam-plesk[4567]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_tqm@hotmail.com> 2010-03-21 21:18:29
magicspam-plesk[4570]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_vadillo_b@hotmail.com> 2010-03-21 21:18:30
magicspam-plesk[4573]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_vanlit@hotmail.com> 2010-03-21 21:18:30
magicspam-plesk[4575]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_vasalo@yahoo.es> 2010-03-21 21:18:30
magicspam-plesk[4577]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_villarroel_s@hotmail.com> 2010-03-21 21:18:30
magicspam-plesk[4582]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_walk_to_remenber0910@hotmail.com> 2010-03-21
21:18:30 magicspam-plesk[4585]: HAM:
mua=1,ip=[212.227.159.76:s15392693.onlinehome-server.info],helo=<User>,fro
m=<bbva@bbva.es>,rcpt=<a_zamora_r@terra.es>




also these make it thru as well


2010-03-22 07:42:49 magicspam-plesk[27285]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net],
helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.shearer@xtra.co.nz>
2010-03-22 07:42:52 magicspam-plesk[27303]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.vaglieco@im.cnr.it
2010-03-22 07:42:53 magicspam-plesk[27305]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net] ,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.vanderwansem@plane
t.nl> 2010-03-22 07:42:54 magicspam-plesk[27310]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.w.1@hotmail.co.uk>
2010-03-22 07:42:54 magicspam-plesk[27313]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.werring@hetnet.nl>
2010-03-22 07:42:55 magicspam-plesk[27315]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.williams@bigpond.c
om> 2010-03-22 07:42:56 magicspam-plesk[27319]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.worboys@actrix.co.
nz> 2010-03-22 07:42:56 magicspam-plesk[27321]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m.zwander@gmx.de>
2010-03-22 07:42:57 magicspam-plesk[27324]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m-s@wp.pl>
2010-03-22 07:42:58 magicspam-plesk[27326]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.m-teo@hotmail.com>
2010-03-22 07:42:59 magicspam-plesk[27330]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.muggins@xtra.co.nz>
2010-03-22 07:43:00 magicspam-plesk[27334]: HAM:
mua=1,ip=[208.110.209.184:208-110-209-184.biz.houston.comcastbusiness.net]
,helo=<User>,from=<mrbellykensen101@yahoo.com>,rcpt=<b.mugo@bredband.net>



my settings are

Parallels Plesk Panel version 9.2.1
Operating system Linux 2.6.11-1.1369_FC4smp
CPU AuthenticAMD, AMD Opteron(tm) Processor 244
Average load 0.05; 0.10; 0.09

i have all of the Best Practice rules enabled and PSBL, RATS-NODYNA, RATS-NOPTR enabled in ip rep

Whats next?
Thanks

Re: Not blocking spam

Posted: Mon Mar 22, 2010 4:47 pm
by magicspam
Part of each of those entries is "mua=1", which means that either they're using SMTP authentication or they're part of a trusted network. You will need to review your server logs to determine whether the IPs in question are part of trusted networks, or to see which users were connected on those IPs at those times.

-- MagicSpam Support Team --
All times are UTC-07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/