Logout

Alt-N Discussion Groups > Discussions > Help with SPAMBOT

 [F] Alt-N Discussion Groups  / Discussions  /

Help with SPAMBOT

[Karpas, Andrius]
Andrius Karpas
Newbie
Newbie
Posts: 21
Andrius Karpas - 09:54am, Jul 1 2022

Hello,
I have spambot detection enabled with default values:
Max different IP's per given time. Max 10
Time: 10 min and all the rest settings blocking return path and IP's
All worked fine for a long time while recently GMAIL users started reporting that emails sent to our server being blocked and are getting default bounce back email with error 551 5.5.1 too many IP's seen within time.

Logs are showing that spambot detection does it job by blocking some gmail emails. Bur i really cant find and get answer why our mail server is blocking gmail and is considering as a spambot?
Can someone bring in more light on how return path works on Mdaemon?

Would increasing Max IP's and Time values solve the problem? Would increase of values would weaken spambot detection?
I appreciate for any help in advance!

Warm regards!

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron Caruth - Jul 1, 2022 10:35 am (#1 Total: 5)  

Guest User  

Photo of Author
Posts: 1
>Logs are showing that spambot detection does it job by blocking some gmail emails. Bur i really cant find and get answer why our mail >server is blocking gmail and is considering as a spambot?
 
Its considering it a spam bot because it is using 10 different IPs within 10 minutes to send emails to your server.  In MDaemon under Security / Security Manager / Screening / Spambot Detection.  When you set the max different IPs allowed during time interval to 10, then when the same return path is used to send email from more than 10 IP addresses in 10 minutes, MDaemon blocks the IP.
 
The return-path is used to process bounces from your emails and is set in the email header. It defines how and where bounced emails will be processed. The return-path can also be referred to as a bounce address or a reverse path, and is an SMTP address that is separate from your sending address.
 
Messages sent from one user to another will typically use the sender's email address as the return path.  The fact that google IPs are ending up on the spambot detection list, indicates to me that somebody from google is sending more than 10 emails to your server in less than 10 minutes.  
 
If you have specific google email addresses that you typically receive a lot of email from, I'd suggest adding them to the Exempt list.  
 
Increasing the number of IPs allowed is another potential solution, but as you point out, it also reduces the effectiveness of spambot detection.

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server
 
On Fri, 1 Jul 2022 09:54:46 -0500, "lists-discuss@mdaemon.com (Andrius Karpas)" <lists-discuss@mdaemon.com> wrote:
Hello,
I have spambot detection enabled with default values:
Max different IP's per given time. Max 10
Time: 10 min and all the rest settings blocking return path and IP's
All worked fine for a long time while recently GMAIL users started reporting that emails sent to our server being blocked and are getting default bounce back email with error 551 5.5.1 too many IP's seen within time.

Logs are showing that spambot detection does it job by blocking some gmail emails. Bur i really cant find and get answer why our mail server is blocking gmail and is considering as a spambot?
Can someone bring in more light on how return path works on Mdaemon?

Would increasing Max IP's and Time values solve the problem? Would increase of values would weaken spambot detection?
I appreciate for any help in advance!

Warm regards!


View/reply at Help with SPAMBOT
--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@mdaemon.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
-----------------------------------------------------------------------

--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@mdaemon.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
-----------------------------------------------------------------------

Replies to this message
  • Andrius Karpas (Jul 2, 2022 6:25 am)


  • Andrius Karpas - Jul 2, 2022 6:25 am (#2 Total: 5)  

     

    Photo of Author
    Andrius Karpas
    Newbie
    Newbie
    Posts: 21
    Replying to: Arron Caruth (Jul 1, 2022 10:35 am)
    &gt;Logs are showing that spambot detection does it job by blocking some gmail emails. Bur i really cant find and...

    Hello Arron, thank you for your reply.
    I went via logs again and I don't see more than 10 messages sent at the same time from other Gmail users then one of the users gets blocked. Usually what gets blocked is a return path for just 10min so I can sport what is this return path next is a range of 10 IP addresses are blocked as well for a much longer time. IPs blocked are from the same IP block (ex. 209.54.12.10 - 19). And going via logs I may see the same IPs on PTR look-up and SFP checkup. Could this PTR look up and SFP checkup be a problem than sending server service has more 10 or more than 10 IPs. And while information is exchanged spambot detection is considering it as a spambot?
    If this is the case then yes I have to start whitelisting or individual emails or *@domain.xxx

    Warm Regards!!



      (newer msg:3)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



     Content:

    Read New | Search

     Guest:

    Email to Admin



    You are visiting as a Guest user.