How block and determine particular mail is sent by spambot/real man

Discussion in 'Server Operation' started by Poliman, Nov 29, 2017.

  1. Poliman

    Poliman Member

    Hi. Last time I saw on my mailbox some bounced mail:
    Nov 27 19:50:57 s1 postfix/smtp[10403]: D495513D948: to=<[email protected]>,[]:25, delay=160179, delays=160179/0.04/0.13/0.08, dsn=5.0.0, status=bounced (host[] said: 550 I cannot deliver mail for <[email protected]> (in reply to RCPT TO command))
    Earlier was 32 attempts from Nov 26 06:30:51 to Nov 27 19:50:57 like below:
    Nov 27 18:41:00 s1 postfix/smtp[7296]: D495513D948: to=<[email protected]>,[]:25, delay=155983, delays=155979/0.04/3.9/0, dsn=4.0.0, status=deferred (host[] refused to talk to me: 421 timeout)
    I checked and I found out that this email account is created under domain, which is used for sending spam. Domain is not on spamlists but IP is. Bounced mail pasted above was delivered to do_not_reply account which I use to send information/confirmation emails from my web application, so somebody should use form on website or it could be bot. Is it possible to determine it could be real man or spambot?
  2. If the emails sent from website form then its difficult to find if its man or spambot. However you can check the access logs of that website and check source IP, you may get idea about source with IP information..
    Poliman likes this.
  3. Poliman

    Poliman Member

    Access logs - do you mean mail.log file or some others? I have already checked (in main.log) the source IP of strange email - spamlists, checked domain - clear.

Share This Page