Jump to content

jhg

Members
  • Content Count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jhg

  • Rank
    Member

Recent Profile Visitors

901 profile views
  1. @Lking That worked. Does anyone want the full email to figure out why it breaks the SpamCop web UI?
  2. I have a pending report https://www.spamcop.net/sc?id=z6482169832z1c8bdddf658335f33b7b4b8abdb15f13z I cannot submit it because the page stops half way through the analysis output and does not include any of the reporting buttons. The attached image shows the bottom of the page. I looked at the page source and it ends there as well (i.e. there is no unrendered content in the HTML).
  3. https://www.spamcop.net/sc?id=z6451656800zc64dcd7f5a3bc6377aa0d0284d2eba3bz The system won't let me submit this, saying "This email contains no date", which is clearly not true ... Received: from 18.219.110.235:9276 by cmpweb31.aul.t-online.de with HTTP/1.1 (Lisa V5-1-1-0.14292 on API V5-10-0-0) Received: from 172.20.102.126:42757 by spica07.aul.t-online.de:8080; Sun, 11 Mar 2018 20:53:24 +0100 (CET) Date: Sun, 11 Mar 2018 20:53:24 +0100 (CET) From: John Dashwood <mario.riedel@t-online.de> Sender: John Dashwood <mario.riedel@t-online.de> ... AFAICT this email doesn't look any different structurally from other emails the system accepted. What's up?
  4. Abuse contact for cloud.promodeals.nl [109.237.218.48] is abuse@mihos.net This is one of those entries in RIPE where the reporting address is an inline image and not parseable from the text whois.
  5. Any chance of getting SpamCop to add a dynamic "additional reporting address" so that we can manually enter the address at reporting time?
  6. https://www.spamcop.net/sc?id=z6396626348z83eec1a7ee976570e7ece110f3a27b86z Return-Path: <RalphLauren@wolved.info> X-Original-To: x Delivered-To: x X-Greylist: delayed 00:06:28 by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.jhmg.net 937B2403AA Authentication-Results: smtp.jhmg.net; dkim=pass (1024-bit key) header.d=wolved.info header.i=@wolved.info header.b="DpuNugtc" Received: from smoking.wolved.info (smoking.wolved.info [185.202.173.233]) by smtp.jhmg.net (Postfix) with ESMTP id 937B2403AA for <x>; Tue, 8 Aug 2017 13:08:43 -0400 (EDT) Here's the SC interpretation... Tracking message source: 185.202.173.233: Display data: "whois 185.202.173.233@whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 185.202.173.233@whois.ripe.net" (Getting contact from whois.ripe.net) Lookup fdl258-ripe@whois.ripe.net Display data: "whois fdl258-ripe@whois.ripe.net" (Getting contact from whois.ripe.net) fdl258-ripe = whois.ripe.net 185.202.173.233 (nothing found) No reporting addresses found for 185.202.173.233, using devnull for tracking. HOWEVER... see the attached image. The issue is that the reporting address is an image and not text. Are there any solutions? It would be really helpful if we could add an ad-hoc destination on the analysis results screen to cope with this issue.
  7. https://www.spamcop.net/sc?id=z6333092862z684f4e65bbaa470376d81782694ccf39z Spamcop reports: Tracking link: http://terais.cloner.wedn.us/unsubscribe?g=fDExMTgwNzI4fDUyMDAwMA&u=x No recent reports, no history available Host terais.cloner.wedn.us (checking ip) IP not found ; terais.cloner.wedn.us discarded as fake. terais.cloner.wedn.us is not a routeable IP address Cannot resolve http://terais.cloner.wedn.us/unsubscribe?g=fDExMTgwNzI4fDUyMDAwMA&u=x However [jhg@smtp ~]$ dig terais.cloner.wedn.us ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 <<>> terais.cloner.wedn.us ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6341 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;terais.cloner.wedn.us. IN A ;; ANSWER SECTION: terais.cloner.wedn.us. 599 IN CNAME ragg.pregit.com. ragg.pregit.com. 299 IN A 155.94.65.6 and [jhg@smtp ~]$ ping terais.cloner.wedn.us PING ragg.pregit.com (155.94.65.6) 56(84) bytes of data. 64 bytes from 155.94.65.6.ngprobd.com (155.94.65.6): icmp_seq=1 ttl=53 time=24.1 ms 64 bytes from 155.94.65.6.ngprobd.com (155.94.65.6): icmp_seq=2 ttl=53 time=24.0 ms 64 bytes from 155.94.65.6.ngprobd.com (155.94.65.6): icmp_seq=3 ttl=53 time=23.9 ms 64 bytes from 155.94.65.6.ngprobd.com (155.94.65.6): icmp_seq=4 ttl=53 time=23.9 ms Why does Spamcop think it's not a routeable address? Curiously, upon revisiting the report I see: If reported today, reports would be sent to: Re: 85.206.173.211 (Administrator of network where email originates) williamsdesigndk@gmail.com Re: http://terais.cloner.wedn.us/unsubscribe?g=fDEx... (Administrator of network hosting website referenced in spam) abuse@nodesdirect.com However, Spamcop did not send send to the nodesdirect.com address originally.
  8. Lking

    I merged your post with the earlier related post, "500 internal Server error"

  9. jhg

    500 Internal Server Error

    I'm seeing fairly consistent server errors when submitting spam via the web interface. I get the "500 Internal Server Error" message on submitting an email for parsing as well as for sending the spam notifications. If I retry it will eventually work after 2 or 3 tries.
  10. Also seeing this on an email report that clearly contains lots of dates, on every "Received" line, as well as in the message headers.
  11. Just a heads-up... Some abuse contact info is appearing in "%" comment lines in returned whois info, and this isn't beeing seen by SpamCop. I submitted a spam message, received from the address in the whois output below, and SC used nomaster (https://www.spamcop.net/sc?id=z6150159699zf64fd115c02b2d6e1cf28dbf87b528e4z) [jhg[at]www ~]$ whois 79.142.60.67 [Querying whois.arin.net] [Redirected to whois.ripe.net] [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '79.142.60.0 - 79.142.60.255' % Abuse contact for '79.142.60.0 - 79.142.60.255' is 'nic[at]smartnet.kz' inetnum: 79.142.60.0 - 79.142.60.255 netname: SMARTNET descr: P2P address for clients in Almaty country: KZ admin-c: BU909-RIPE tech-c: BU909-RIPE remarks: INFRA-AW status: ASSIGNED PA mnt-by: MNT-SMARTNET created: 2011-09-14T04:44:54Z last-modified: 2011-09-14T04:44:54Z source: RIPE # Filtered person: Baurzhan Ussunov address: Almaty, Al-Farabi av, 73/2 address: Republic of Kazakhstan phone: + 7 727 356 01 33 fax-no: +7 727 356 01 10 nic-hdl: BU909-RIPE mnt-by: MNT-SMARTNET created: 2008-10-23T06:55:51Z last-modified: 2008-10-23T08:13:09Z source: RIPE # Filtered % Information related to '79.142.60.0/24AS43994' route: 79.142.60.0/24 descr: SMARTNET descr: Almaty block origin: AS43994 mnt-by: MNT-SMARTNET created: 2011-04-22T10:35:40Z last-modified: 2011-04-22T10:35:40Z source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.80.1 (DB-2)
  12. I just moved my mailhost to a new server and wanted to update my SpamCop mailhost config. I deleted the old one and went through the test email process ("Add new host"). After returning the test email via the web page I find that, rather than replacing the old mailhost configuration, SpamCop has merely added the new mailhost to the old list. The old hostname and IP addresses no longer exist and I really want to get rid of them. What do I need to do?
  13. Never mind, I see that the messages are being forwarded from SpamCop to me, not directly from the ISP.
  14. I have "spam Munging" set to "Obscure identifying information", but recently (in the last week or so) have started receiving emails from ISPs for many of my SpamCop reports. This would indicate to me that my email address is not munged. Has something changed?
×