Author |
Message |
steve74
Doesn't have much of a life
Joined: Fri Apr 24, 2009 12:43 pm Posts: 1798 Location: Manchester
|

Our company has its own internal email server, running Kerio Mailserver. Just lately, things seem to have slowed down so I checked the error logs and noticed that we're getting bombarded by a load of incoming emails from the same IP address. I've looked up the IP address in question, here... http://whois.domaintools.com/213.83.85.181Basically, there are well over 4000 emails for yesterday and they seem to be going through the alphabet starting with alfonso@____ and using all possible first names you can think off - it's quite amusing to see some of the names they've come up with!! As far as I know they've all been rejected by our mail server, but I guess some will get through eventually when they get the first names correct. Anyway, does anyone know of a site where I can report this IP address and get it blacklisted? I've looked in Kerio itself but can't see anything obvious, so I'm thinking is there a website that I can put that IP address into and add it to a blacklist? As far as I know, we've not used this company before, so I'm guessing it's a virus that's sending these out - they're probably not even aware of it.
_________________ * Steve *
* Witty statement goes here *
|
Mon Mar 12, 2012 12:45 pm |
|
 |
steve74
Doesn't have much of a life
Joined: Fri Apr 24, 2009 12:43 pm Posts: 1798 Location: Manchester
|
Hmm, interestingly, on that domain register details page linked to above, there's an email address listed - now, I'm not going to email that, just in case they are a spammer! But, if I put in the last part of that email address into a web browser, opal-solutions.com then I get redirected to the TalkTalk Business website! Now, what does that tell you? 
_________________ * Steve *
* Witty statement goes here *
|
Mon Mar 12, 2012 12:52 pm |
|
 |
tombolt
Spends far too much time on here
Joined: Fri Apr 24, 2009 8:38 am Posts: 2967 Location: Dorchester, Dorset
|
I suspect someone's running an open relay on their mail server. I'd email talk talk, so they can inform their customer.
|
Mon Mar 12, 2012 12:55 pm |
|
 |
Linux_User
I haven't seen my friends in so long
Joined: Tue May 05, 2009 3:29 pm Posts: 7173
|
If you're company's not too large (so that it's free/cost is low) I'd highly recommend Google's Mail solution for private domains, it's exactly like Gmail and the spam filtering is industry-leading in my experience - you would be able to set the spam folder to clear regularly to keep the speed up.
|
Mon Mar 12, 2012 11:19 pm |
|
 |
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm Posts: 8767 Location: behind the sofa
|
Or if your company is of any size, you could just IP ban at the firewall.
_________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
Tue Mar 13, 2012 1:09 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
We get around 25,000 spam emails a day coming down our pipe.  You could try blocking, but it is porbably a bot machine on their network and it will move elsewhere, if you block it.
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Tue Mar 13, 2012 5:10 am |
|
 |
steve74
Doesn't have much of a life
Joined: Fri Apr 24, 2009 12:43 pm Posts: 1798 Location: Manchester
|
Well, our IT support company has been in and blocked that IP address at the router level and on the Kerio Mailserver software too. They also contacted the company whose IP address it is, Moonraker Books, and they were aware that their email was running slowly but didn't know they had a virus so they said thanks for letting them know!!
Not to self, and others, don't buy anything online from Moonraker Books!
_________________ * Steve *
* Witty statement goes here *
|
Tue Mar 13, 2012 11:46 am |
|
|