Spam Question - Server Side
StormLiong
Join Date: 2002-12-27 Member: 11569Members
Join Date: 2002-12-27 Member: 11569Members
<div class="IPBDescription">How the heck do they do it???</div> I had posted previously that a server I ran had some spam troubles (causing very severe server performance).
Since then I've shut down all local mail server activitiies and for all web mail services (ie sending mail from the website itself) now I'm using an external service.
So today (amid a flood of request from ASP users who wanted the local mail server back...silly ASP users) I went and installed Mercury SMTP server.
The moment (the very second) I started it up, it reports receiving a send request from some weird email address and sending it. In other words some spammer was already using the server as a relay.
I am like "what the heck". Do these spammers constantly check my server 24/7? Luckily it was coming from one IP address (http://www.dnsstuff.com/tools/ip4r.ch?ip=222.101.168.55) which was a known Korea spam server. So blocked that down and locked down the security for only localhost to be allowed to send.
ALthough I am stil gettin reports of other spam IP addresses trying to send mail through my server (though it fails). Most of it like <a href='http://www.dnsstuff.com/tools/ip4r.ch?ip=219.248.147.164' target='_blank'>http://www.dnsstuff.com/tools/ip4r.ch?ip=219.248.147.164</a> all Korea spam servers.
Any thoughts? What else should I do? I dunno if legal action is worth it.
Since then I've shut down all local mail server activitiies and for all web mail services (ie sending mail from the website itself) now I'm using an external service.
So today (amid a flood of request from ASP users who wanted the local mail server back...silly ASP users) I went and installed Mercury SMTP server.
The moment (the very second) I started it up, it reports receiving a send request from some weird email address and sending it. In other words some spammer was already using the server as a relay.
I am like "what the heck". Do these spammers constantly check my server 24/7? Luckily it was coming from one IP address (http://www.dnsstuff.com/tools/ip4r.ch?ip=222.101.168.55) which was a known Korea spam server. So blocked that down and locked down the security for only localhost to be allowed to send.
ALthough I am stil gettin reports of other spam IP addresses trying to send mail through my server (though it fails). Most of it like <a href='http://www.dnsstuff.com/tools/ip4r.ch?ip=219.248.147.164' target='_blank'>http://www.dnsstuff.com/tools/ip4r.ch?ip=219.248.147.164</a> all Korea spam servers.
Any thoughts? What else should I do? I dunno if legal action is worth it.
Comments
Well because the mail server is primarily for web mail usage (ie for sending emails from the website), the authorisation requirement (username/password) would impede it I feel.
1. Only accept mail from your own domain. Why would someone @viagra.com need to send mail through you legitimately?
2. If it's webmail, don't allow SMTP connections at all, or require them to be authenticated.
3. Preferably, only accept SMTP connections from specified IP addresses, although this can be hard if you're providing a webmail service.
- Shockwave
It still boggles me that spammers are constantly scanning every server around. Makes me really wan to sue their **** off.