jefft

Forum Admin
  • Content count

    338
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jefft

  • Rank
    Administrator

Recent Profile Visitors

429 profile views
  1. In fact, the problem is much stranger and obscure than that. We have very good DNS. spamcop.net DNS is handled by Akamai globally. cesmail.net DNS is handled by a set of four different nameservers, in four datacenters, in both North America and Europe. There was no problem with the internet at large reaching our DNS. The real problem was with our servers internally reaching these nameservers. We use them ourselves to resolve names used internally within the system. We have resolving cache nameservers but they ultimately look up our names on the same servers you guys do. For a time Friday evening, our caches couldn't get to our own nameservers and couldn't look up IP addresses, like the IP address of the database server. We've been informed now that upstream from our data center, one provider had problems reaching a broken connection to Level3. Apparently they were accepting traffic but it was disappearing. The upstreams went back and forth for a while before our data center did an emergency failover and took all traffic away from those guys. At that point, the problem instantly went away. My guess is that inbound traffic came in a different route and that reply packets went back out that route. So, we were mostly reachable. However, transactions that we initiated (like DNS queries) mostly went out that broken route. Anyway, this all happened several layers upstream of us so I don't have any more visibility into the problem. This is probably about all the info I'll ever get and I wasn't able to do any real network debugging while it was going on. JT
  2. I believe this problem is fixed as of a couple of hours ago. I think that everyone has had their mail POPped at least once correctly now this afternoon. We're periodically polling all of the accounts. It might take a few hours for that to stabilize and get up to the normal frequency, but I expect mail to keep flowing in normally now. Sorry about the problem. We're moving some services to upgraded systems. This one was tested, but we ran into an obscure problem that would cause it to work for a while, then quit, but only for some accounts. If you see an issue where email is not POPped today for an hour or more, or tomorrow for more than half an hour, please email me at support[at] Replies here might be seen, but email will be faster and is tracked so I can see what's open and new. Thanks JT
  3. We have several machines in a load-balancing fault-tolerant system. It looks like STLS was not enabled on at least one machine. I've changed this and I think it should work across the system now. JT
  4. This message was much larger when we delivered it to you. Thu Jun 5 04:30:39 2008 Info: MID 575557146 ready 1002 bytes from <wxxxx.bxxxx[at]pxxxx.com> Thu Jun 5 04:30:39 2008 Info: MID 575557146 Message-ID '<200805279[6' I've replaced part of the email address, but I suspect it's spam anyway. I think what's happening is that your mail server or some point in the processing of your mail after we deliver it is just cutting off the message after the first few headers. So, you're getting only the first few lines. The mail may have had illegal characters or a malformed header line, I don't know. It looks like the Message-ID line is bad, for instance. Our system had 1002 characters, which is much more than what you saw up above. I don't believe our system is simply hanging up or failing to deliver the rest of the message, because we're getting this from your mail server: Thu Jun 5 04:30:41 2008 Info: MID 575557146 RID [0] Response 'received the message, thanks' You might check the server logs and see if your server logs how many bytes it received. JT
  5. Yes, I got your message. Anything after the first error code should be ignored. It's a bug, but one that doesn't hurt anything. We'll look into fixing this, though. JT
  6. OK, I switched those zones around to use the countries.nerd.dk list. JT
  7. The system doesn't do that. In all cases, the HTML version is one click away, but it is never displayed on the main message window. JT
  8. In every message, there should be a clickable link that says "unnamed". You can click on this to view the original HTML message. If you don't see the link, check your options where it talks about where it should put attachments. You want this set to both the headers and the body. JT
  9. If you're asking for a blacklist to be created automatically from your reported spam, this will never happen. Spammers rarely reuse the same email address, so there is really no point. And, how are you going to manage this data? Over months, we'd end up with millions of email addresses on this "blacklist". Your own blacklist would have thousands of entries (assuming you report spam a lot), pretty much none of which will ever email you again. JT
  10. Thanks for your calm and measured response, Steven. Looking at your account, it appears that we are not able to POP your Yahoo using the old popgate. I see the same error that everyone else was getting. We can login, but not actually retrieve any emails. Do you see any Yahoo mails being POPped? Do you think that it was working a couple of days ago, right before we made the switch? I see that the new system has stopped. We are going to restart it and put in monitoring to make sure it stays running. That is why nobody can connect right now. JT
  11. Yes, we have an implementation very much like the reference implementation. There is a triplet of sender email address, connecting IP address, and recipient email address that we use to make decisions. We are currently using a 30 minute delay for newly discovered triplets. Petzl asked why spam is still getting through and it is simply because the spammers are retrying. For spammers willing to retry, this method doesn't help at all. However, there is evidence that a large number of spammers do not retry. JT
  12. Since all of Yahoo was failing anyway on the old server, we've moved everyone who was trying to POP yahoo over to the new popgate2.cesmail.net server. I haven't heard of any problems so far with our small beta test. We'll be monitoring the new server to make sure it seems to be functioning correctly. JT
  13. And I presume you're getting all of your good mail. This is interesting. I'd like to see more data. If this holds up, there is a possible explanation. Email from new, unknown users forwarded by your ISP will all get greylisted and delayed. Your ISP will retry, of course, so all of this spam will eventually be delivered by us. However, during this time interval all of the blacklists that we use have had time to update. Delaying delivery of your spam by 30-60 minutes might make a real difference in how much the blacklists can catch. If you actually aren't getting the spam at all, either to your inbox or the Held Mail, it might be that a lot of your spam was actually being sent directly to your SpamCop account. Greylisting will help remove a lot of that spam, even if 100% of your legitimate mail is forwarded to us by another ISP. Well, no, see my other post about delaying delivery of spam. This is theoretical. I honestly don't know how much difference it makes. I do know that the SpamCop blacklist is very real-time and new spam sources are often detected within minutes. JT
  14. Most of the usefulness of greylisting comes from email sent directly to your spamcop.net account. If it is forwarded or we POP it for you, greylisting won't help much. JT
  15. As time goes on, I think the majority of users don't ever report their spam, they just want it removed. This removes a lot of spam (and viruses) without relying on particular keywords or blacklists. If you want all your spam, though, you shouldn't enable it. We're going to be working to add some additional information. Greylisting should "just work" though. It's really not intended for you to have to go in and fiddle with. We are working on allowing addresses in your personal whitelist to pass without being delayed. That feature isn't available right now, though. That isn't on our side. That's your mail server losing your email. I'd be very interested in looking in the logs to see what happened. Can you email the address that you were emailing from and to to me at support[at] Thanks JT