Help - Search - Members - Calendar
Full Version: Mail from Spamcop being blocked!!!
SpamCop Discussion > Discussions & Observations > SpamCop Reporting Help
dcarlson
It's sort of ironic. I attempted to report some spam but have forgotten my password. I went to the page to have the password sent to me and the mail from spamcop was blocked by blackholes.five-ten-sg.com.

554 Service unavailable; Client host [64.74.133.248] blocked using blackholes.five-ten-sg.com; added 2004-03-08; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14734 / added 2004-07-31; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10031 / added 2004-07-31; spam support - transit for AS30038 whose entire 69.63.160.0/20 is on the SBL / added 2003-01-15; spam support - see http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com / added 2003-05-20; spam support - ho; from=<service[at]admin.spamcop.net> to=<removed to protect the innocent> proto=ESMTP helo=<vmx1.spamcop.net>
GraemeL
QUOTE(dcarlson @ Oct 1 2004, 05:00 PM)
It's sort of ironic.  I attempted to report some spam but have forgotten my password.  I went to the page to have the password sent to me and the mail from spamcop was blocked by blackholes.five-ten-sg.com.

I'm surprised that your ISP is using five-ten-sg. I find it much too extreme to use for blocking. Even using it for tagging has a high false positive rate.
DavidT
QUOTE(GraemeL @ Oct 1 2004, 09:19 AM)
I'm surprised that your ISP is using five-ten-sg. I find it much too extreme to use for blocking. Even using it for tagging has a high false positive rate.

Indeed. You need to find a new email provider, dcarlson.

DT
dcarlson
QUOTE(DavidT @ Oct 1 2004, 11:26 AM)
Indeed. You need to find a new email provider, dcarlson.

DT
*




Or maybe I should disable the use of five-ten-sg. laugh.gif
GraemeL
QUOTE(dcarlson @ Oct 1 2004, 05:35 PM)
Or maybe I should disable the use of five-ten-sg.    laugh.gif

You probably should. I have a couple of boxes I use SPEWS L1 on and I wouldn't even think of using five-ten on them. wink.gif
Merlyn
Anyone that uses blackholes.five-ten-sg.com does not want to receive mail from everyone on the web.
dcarlson
QUOTE(GraemeL @ Oct 1 2004, 11:39 AM)
You probably should. I have a couple of boxes I use SPEWS L1 on and I wouldn't even think of using five-ten on them.  wink.gif
*



Well it doesn't really matter. The server is used for home/family only. I hate spam and that's why I use many RBL's, including five-ten as well as a couple of country blocks.

It seems much of the spam my family had been receiving was Korea and China based and using the cn.countries.nerd.dk list has eliminated the majority.

Using all the RBL's and Spamassassin, I've eliminated about 98% or more of the spam. A stray one gets through every now and then, but I'm pleased with the results.
Merlyn
I find a good combo is:

Blocklists:

sbl.spamhaus.org
opm.blitzed.org
cbl.abuseat.org
china.blackholes.us
cn-kr.blackholes.us
cn.rbl.cluecentral.net
hk.rbl.cluecentral.net
id.rbl.cluecentral.net
jp.rbl.cluecentral.net
kr.rbl.cluecentral.net
my.rbl.cluecentral.net
sg.rbl.cluecentral.net
th.rbl.cluecentral.net
tr.rbl.cluecentral.net
tw.rbl.cluecentral.net
vn.rbl.cluecentral.net
zombie.dnsbl.sorbs.net
hongkong.blackholes.us
id.rbl.cluecentral.net
japan.blackholes.us
korea.blackholes.us
malaysia.blackholes.us
relays.ordb.org
singapore.blackholes.us
dul.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
taiwan.blackholes.us
thailand.blackholes.us
turkey.blackholes.us
Wazoo
It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>
dra007
QUOTE(Wazoo @ Oct 1 2004, 03:11 PM)
It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>
*




merlyn.cluein.net?
Merlyn
I thought it was assumed???????

I shouldn't have to add it to the list.

[HKEY_LOCAL_MACHINE\SOFTWARE\BCWare\NoSPAM\Lookups\SPAMCOP]
"Enabled"=dword:00000001
"Description"="list from the prividers of SpamCop."
"DNS Domain"="bl.spamcop.net"
"Service URL"="http://spamcop.net/bl.shtml"
michaelanglo
QUOTE(Wazoo @ Oct 1 2004, 09:11 PM)
It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>
*



Actually there is. No Brazil.

Which brings me to a nerdy question.

I have brazil.blackholes.us in my smapcop mail blocklist but of late it doesn't seem to be doing anything. Some spam stopped by SpamAssassin is from Brazil and one or two a week that gets through are from Brazil (reverse DNS or Spamcop report addie). example 201.1.201.56

There has been just one day recently (2004/09/27) on which brazil.blackholes.us has had an effect.

I reported some of these missing IPs to the email address given on the blackholes.us website, but can anyone throw any light. eg, how often are updates made in the light of new ip range allocations to Brazil's ISPs ?

Thanks
GraemeL
QUOTE(michaelanglo @ Oct 1 2004, 11:33 PM)
I have brazil.blackholes.us in my smapcop mail blocklist but of late it doesn't seem to be doing anything. Some spam stopped by SpamAssassin is from Brazil and one or two a week that gets through are from Brazil (reverse DNS or Spamcop report addie). example 201.1.201.56

Brazil isn't much of a spam source. It is a significant hoster of spamvertised sites though.

Korea, several large US broadband providers and China all dwarf Brazil as spam sources.

The highest Brazillian ISP on my current spam source statistics shows up at number 27.
dra007
>50% of spam advertized sites I get are Br, often in combination with cn and kr sites, if there only was a way to connect the blocking with the spam-advertized domains. Also, most of these domains bounce the reports, so reporting them doesn't seem to do much good. I often wonder if anyone is working on a solution to this problem. Seems a lot of this kind of spam is traveling the hijacked servers so it is coming back in no time. Since these are (to me anyways) the most criminal of spammers, often listed in more than one BL, isn't there a more effective way to deal with them?
Ellen
QUOTE(Merlyn @ Oct 1 2004, 02:28 PM)
I find a good combo is:

Blocklists:

sbl.spamhaus.org
opm.blitzed.org
cbl.abuseat.org
china.blackholes.us
cn-kr.blackholes.us
cn.rbl.cluecentral.net
hk.rbl.cluecentral.net
id.rbl.cluecentral.net
jp.rbl.cluecentral.net
kr.rbl.cluecentral.net
my.rbl.cluecentral.net
sg.rbl.cluecentral.net
th.rbl.cluecentral.net
tr.rbl.cluecentral.net
tw.rbl.cluecentral.net
vn.rbl.cluecentral.net
zombie.dnsbl.sorbs.net
hongkong.blackholes.us
id.rbl.cluecentral.net
japan.blackholes.us
korea.blackholes.us
malaysia.blackholes.us
relays.ordb.org
singapore.blackholes.us
dul.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
taiwan.blackholes.us
thailand.blackholes.us
turkey.blackholes.us
*



Good grief it would be easier to whitelist :-)
Merlyn
I have thought about that :-)

Ellen. if you look at my record over the past few years you will see I started reporting a few hundred a day and now it's about 2 or 3 a week :-)

Mailing lists still work and all clients are happy :-)

Blocklists are the only way to go.......
Ellen
QUOTE(Merlyn @ Oct 2 2004, 10:07 PM)
I have thought about that :-)

Ellen. if you look at my record over the past few years you will see I started reporting a few hundred a day and now it's about 2 or 3 a week :-)

Mailing lists still work and all clients are happy :-)

Blocklists are the only way to go.......
*



I guess I was just overwhlemed by the number of lists :-)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.