BAd REP IP

Welcome to MagicSpam Pro for cPanel WHM! A better spam protection in an easy to use cPanel WHM Module. Visit here for support, frequently asked questions, wishlists and discussion groups on this great module to make life with cPanel WHM that much simpler.

Moderators: wizard, magicspam

Post Reply
jin
Posts: 4
Joined: Sun Jul 05, 2020 3:17 am

BAd REP IP

Post by jin » Sun Jul 05, 2020 3:22 am

Hello,

I received a notice from Outlook that my IP is blocked, I also receive notices from Magicspam that my IP reputation is low.

The problem is how do I see who is sending spam? I see no way of finding outgoing spammers. Reports are not very helpful they give you stats but no way to dig down into those stats.

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: BAd REP IP

Post by magicspam » Mon Jul 06, 2020 2:13 pm

Hello Jin,

Thank you for your post.

For early detection of compromised accounts sending large amount of emails in a short period of time, MagicSpam has an advanced Outbound Rate Limiter.

If the compromised account has not trigger the MagicSpam Outbound Rate Limiter, it could be that they are sending less messages than the current Outbound Rate Limiter threshold, in which case you might want to adjust the "Outbound Message Limit:" in:

Anti-Spam / System / Options / Advanced Options

section to better suit your needs.

Also, it might be possible to determine which account is sending large amount of messages from the "5 Highest Senders (Address)" section in the "Stats / Outbound Stats" section in MagicSpam admin-interface panel.

In addition, you can check MagicSpam logs for senders that are sending increased amount of emails and check if those customers are authenticating from foreign countries. To find this information you can use both MagicSpam mail logs as well as authentication logs from the "Logs / Logs Search" and "Logs / Authentication Log Search" sections in MagicSpam admin interface panel.

To help preventing any compromised accounts from being logged in from countries that your customers are not usually logging in from, you can block such countries from the "Security / Country Authentication Restriction" section.

Lastly, we would also recommend checking and making sure that your server is not configured with an open relay, which would allow the message relay via your server, without the use of authentication.

We hope this information helps in troubleshooting compromised accounts and preventing such accounts from sending large amount of emails without being noticed.
-- MagicSpam Support Team --

jin
Posts: 4
Joined: Sun Jul 05, 2020 3:17 am

Re: BAd REP IP

Post by jin » Mon Jul 06, 2020 9:55 pm

Hello,

Thanks for that but that's all for someone sending bulk, this isn't about bulk sending it's about slow sending of unwanted emails to Outlook which are being reported and giving the IP a bad rep. It is not a user from some outside country it is a user with an account.

Even doing generic logs search for things like *@outlook.com doesn't return any results.

And no of course my server is not an open relay.

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: BAd REP IP

Post by magicspam » Tue Jul 07, 2020 9:29 am

Hello Jin,

Thank you for your reply.

Please note that even though this is one of the valid user accounts, if an account is compromised, it would most likely be accessed from an IP address that the does not belong to your customer.

That said, if the email from the compromised account is slowly sending spam, MagicSpam can not easily detect such accounts. While MagicSpam can help with detection of compromised accounts in certain cases, it's primary function is to detect and block incoming spam emails to your customers.

Please note that Outlook recipients can be hosted on multiple domains, e.g: hotmail.com, live.com, msn.com, passport.com, etc... and not only to outlook.com.

We hope this additional information helps in troubleshooting the compromised account issue in your server.

Please let us know if you have any further questions.
-- MagicSpam Support Team --

jin
Posts: 4
Joined: Sun Jul 05, 2020 3:17 am

Re: BAd REP IP

Post by jin » Thu Jul 16, 2020 7:55 am

Hello,

I'm not even sure what to say to your reply except, really? That's your reply?

As stated it --->IS A USER<---, it isn't some compromised account not to mention even if it weans what am I supposed to do ask all my users to send me their IP's then look for some IP they didn't send me?

I mean seriously what's the deal.

So a paid for system can't tell me which accounts are sending to outlook? I can't search the logs for Outlook emails? Although I can search the logs of the server and find Outlook although it isn't helpful.

Maybe you should consider this issue and find a solution giving your product some value for money. Because as it stands I don't see much value in it, yes it stops a few spam emails from being received that's about all.

magicspam
Posts: 1563
Joined: Tue Oct 28, 2008 2:27 pm

Re: BAd REP IP

Post by magicspam » Thu Jul 16, 2020 11:07 am

Hello jin,

Thank you for your post.

Please note that MagicSpam is designed mainly for inbound anti-spam; however, as we mentioned in our previous replies it also provide certain outbound protection via Rate Limiters and Country Authentication Restrictions.

That said it is mainly up to the administrators of the server to enforce Best Practices for their customers when sending through their server. It also up to the administrator to make use of the logs provided by the mail server as well as MagicSpam logs.

Please note that MagicSpam will show you top senders and top recipients (domains) in the 'Stats' section in MagicSpam admin-interface panel. Also, you have the option to search for emails sent to recipients on the outlook.com domain in the MagicSpam logs - but please be aware that outlook reputation list is not only based on deliveries to outlook.com domain but also for number of domains we mentioned in our previous response (e.g: hotmail.com, live.com, msn.com, passport.com, etc...). In addition, MagicSpam logs will provide you country codes of the countries from where your customers are logging in from, which can help with identification of compromised accounts - as per our earlier response, most of the compromised accounts are usually accessed via IPs located in countries other than what your customers are most frequently logging in from.

You also have an option of reaching out to the Outlook postmaster and inquiring why your server has been listed on their IP reputation list.

That said, we would be more than happy to work with you and assist you with troubleshooting compromised accounts in your system (or valid users sending spam) which caused your sending IP address to be listed on number of IP reputation lists.

As you mentioned that MagicSpam has also notified you of issues with your IP reputation, could you please provide us your server IP address and we can check with maintainers of the BMS lists enabled in MagicSpam if they have more information as to why your IP was listed on such lists. If you do not feel comfortable posting your IP address on the forum, please emails us directly at support@magicspam.com.

If possible, could you please provide us the notification email you have received from MagicSpam stating your IP reputation is affected?

Please let us know if you have any questions.
-- MagicSpam Support Team --

Post Reply

Return to “MagicSpam Pro for WHM/cPanel”

Who is online

Users browsing this forum: No registered users and 7 guests