Any way to prevent this?
Question asked by michael~ - May 11, 2017 at 10:25 AM
Unanswered
Heyhey..  Lately I've been noticing spammers (I guess) spoofing IP addresses, by incrementing the final octal of the IP, as shown here..  They send about once a minute, so greylisting doesn't work. Delivery logs show most of their messages contain viruses, so I'm looking to stop them before one slips thru.
 
Is there any way to prevent this?   Is it good practice to blacklist the IPs, or is it possible I'll be blacklisting valid servers?  Thoughts?
Thanks
(SmarterMail Enterprise 15.5.6222)
 
(sidenote: adding images into these posts is really difficult).

3 Replies

Reply to Thread
0
User Replied
Hi Michael. I did an IP whois lookup on the range of IPs in question and I see they belong to a company in Seattle called ServerCrate. I went ahead and contacted them to let them know that someone is using those IPs to send viruses and spam. Hopefully they will shut them down. I have seen this problem many times in the past. Normally it's alright to blacklist an entire range of spamming IPs if you see that they come from another country. However, this range is in the U.S, so I can understand why you asked the question about blacklisting valid servers. Unfortunately, there is no way to stop a spammer or bot from physically doing this. Your best bet is to blacklist the range for now and if any valid mail tries to come from those IPs and can't get through, I'm sure one of your customers will report it to you and you can reassess at that time. Also, as you surely know, it's best to have several layers of virus, malware and spam protection for your server and network. I hope this info helps.
0
michael~ Replied
Thanks for the reply, Linda. I figured as much, but was hoping there was some "secret technique" I hadn't come across. As it is, I have Bruce's antispam recommendations in place, plus Declude, ClamAV, and desktop AV thru-out the company.

I'll take your suggestion of blacklisting the IP range, and if it's from a US network, I'll email the whois contact and remove them from the blacklist after week or two.

Thanks again!
-- michael~
0
User Replied
My pleasure! Good luck!

Reply to Thread