My server is getting reported to Spamcop for spam every 3 to 4 days for the past 2 weeks, which means I am almost always listed.
The last one lists me like this :
Received: from [MY IP] by web40122.mail.yahoo.com via HTTP;
Spamcop reports :
host web40122.mail.yahoo.com (checking ip) ip not found ; web40122.mail.yahoo.com discarded as fake.
cannot find an mx for web40122.mail.yahoo.com
cannot find an mx for mail.yahoo.com
Chain test failed
But in the other cases it was different, it was thru hotmail.com.
Does anyone have an idea on how the spammer is able to send ?
I have PHPSuxec installed.
I checked my exim logs and nothing is in there.
Is it possible the spammer is making an external connection via SMTP ? Is there a firewall I can install to block him ?
Is it possible the spammer is forging my IP ?
More details :
( replaced my IP and my hostname )
--------------------------------------------------------
From [email protected] Thu Feb 5 16:40:18 2004
Return-Path: <[email protected]>
Delivered-To: spamcop-net-x
Received: (qmail 14084 invoked from network); 5 Feb 2004 13:54:03 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by blade1.cesmail.net with SMTP; 5 Feb 2004 13:54:03 -0000
Received: (qmail 354 invoked from network); 5 Feb 2004 13:54:03 -0000
Received: from MYHOSTNAME (HELO web40195.mail.yahoo.com)
(MY IP)
by mailgate.cesmail.net with SMTP; 5 Feb 2004 13:54:03 -0000
From: klpvsbmdmy yahoocom <[email protected]>
Return-Path: <[email protected]>
Message-ID: <[email protected]>
Received: from [MY IP] by web40122.mail.yahoo.com via HTTP;
Thu, 05 Feb 2004 08:54:02 EST
Date: Thu, 5 Feb 2004 08:54:02 EST
Reply-To: klpvsbmdmy yahoocom <[email protected]>
Subject: Unusual family pleasures
To: x spamcopnet <x>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------07814923CB91A4"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.6
tests=HTML_50_60,HTML_IMAGE_ONLY_08,HTML_MESSAGE,
HTML_TITLE_EMPTY version=2.63
X-SpamCop-Checked: 192.168.1.101 MY IP MY IP
The last one lists me like this :
Received: from [MY IP] by web40122.mail.yahoo.com via HTTP;
Spamcop reports :
host web40122.mail.yahoo.com (checking ip) ip not found ; web40122.mail.yahoo.com discarded as fake.
cannot find an mx for web40122.mail.yahoo.com
cannot find an mx for mail.yahoo.com
Chain test failed
But in the other cases it was different, it was thru hotmail.com.
Does anyone have an idea on how the spammer is able to send ?
I have PHPSuxec installed.
I checked my exim logs and nothing is in there.
Is it possible the spammer is making an external connection via SMTP ? Is there a firewall I can install to block him ?
Is it possible the spammer is forging my IP ?
More details :
( replaced my IP and my hostname )
--------------------------------------------------------
From [email protected] Thu Feb 5 16:40:18 2004
Return-Path: <[email protected]>
Delivered-To: spamcop-net-x
Received: (qmail 14084 invoked from network); 5 Feb 2004 13:54:03 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
by blade1.cesmail.net with SMTP; 5 Feb 2004 13:54:03 -0000
Received: (qmail 354 invoked from network); 5 Feb 2004 13:54:03 -0000
Received: from MYHOSTNAME (HELO web40195.mail.yahoo.com)
(MY IP)
by mailgate.cesmail.net with SMTP; 5 Feb 2004 13:54:03 -0000
From: klpvsbmdmy yahoocom <[email protected]>
Return-Path: <[email protected]>
Message-ID: <[email protected]>
Received: from [MY IP] by web40122.mail.yahoo.com via HTTP;
Thu, 05 Feb 2004 08:54:02 EST
Date: Thu, 5 Feb 2004 08:54:02 EST
Reply-To: klpvsbmdmy yahoocom <[email protected]>
Subject: Unusual family pleasures
To: x spamcopnet <x>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------07814923CB91A4"
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1
X-Spam-Level: *
X-Spam-Status: hits=1.6
tests=HTML_50_60,HTML_IMAGE_ONLY_08,HTML_MESSAGE,
HTML_TITLE_EMPTY version=2.63
X-SpamCop-Checked: 192.168.1.101 MY IP MY IP