Page 1 of 1

SPAM Attack able conenct and no Spam score

Posted: 2020-01-25 16:28
by eliassal
In the log, I found the following tries to connect but it seems that all SPAN tests have failed, is my understanding correct?

"SMTPD" 836 13992 "2020-01-25 13:24:12.355" "45.143.222.113" "SENT: 250 OK"
"SMTPD" 5340 13992 "2020-01-25 13:24:12.386" "45.143.222.113" "RECEIVED: Mail from:<spameri@tiscali.it>"
"TCPIP" 5340 "2020-01-25 13:24:12.417" "DNS lookup: 113.222.143.45.zen.spamhaus.org, 0 addresses found: (none), Match: False"
"DEBUG" 5340 "2020-01-25 13:24:12.417" "Spam test: SpamTestDNSBlackLists, Score: 0"
"DEBUG" 5340 "2020-01-25 13:24:12.855" "Spam test: SpamTestMXRecords, Score: 0"
"DEBUG" 5340 "2020-01-25 13:24:13.133" "Spam test: SpamTestSPF, Score: 0"
"DEBUG" 5340 "2020-01-25 13:24:13.133" "Total spam score: 0"
"SMTPD" 5340 13992 "2020-01-25 13:24:13.138" "45.143.222.113" "SENT: 250 OK"
"SMTPD" 984 13992 "2020-01-25 13:24:13.154" "45.143.222.113" "RECEIVED: RCPT to:<spameri@tiscali.it>"
"SMTPD" 984 13992 "2020-01-25 13:24:13.154" "45.143.222.113" "SENT: 530 SMTP authentication is required."
"DEBUG" 984 "2020-01-25 13:24:13.154" "AWStats::LogDeliveryFailure"
"SMTPD" 5824 13992 "2020-01-25 13:24:13.185" "45.143.222.113" "RECEIVED: Quit"
"DEBUG" 5824 "2020-01-25 13:24:13.185" "Deleting message file."

Re: SPAM Attack able conenct and no Spam score

Posted: 2020-01-25 16:51
by palinka
eliassal wrote:
2020-01-25 16:28
"TCPIP" 5340 "2020-01-25 13:24:12.417" "DNS lookup: 113.222.143.45.zen.spamhaus.org, 0 addresses found: (none), Match: False"
Successful test. IP not listed on spamhaus zen.
"DEBUG" 5340 "2020-01-25 13:24:12.855" "Spam test: SpamTestMXRecords, Score: 0"
Successful test. Sending server has valid MX.
"DEBUG" 5340 "2020-01-25 13:24:13.133" "Spam test: SpamTestSPF, Score: 0"
Successful test. Sending server has valid spf.

Some spammers abide by the RFCs, which renders "normal" spam tests useless.

But they're not useless. If this guy is sending spam, that IP will eventually end up on blacklists.

Re: SPAM Attack able conenct and no Spam score

Posted: 2020-01-25 21:09
by jimimaseye
"SMTPD" 984 13992 "2020-01-25 13:24:13.154" "45.143.222.113" "RECEIVED: RCPT to:<spameri@tiscali.it>"
"SMTPD" 984 13992 "2020-01-25 13:24:13.154" "45.143.222.113" "SENT: 530 SMTP authentication is required."
You will see these ALL the time. Ignore them and relax that they are being stopped.

[Entered by mobile. Excuse my spelling.]

Re: SPAM Attack able conenct and no Spam score

Posted: 2020-01-25 22:18
by eliassal
OK thanks