Jump to content

IrvSp

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About IrvSp

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. No, I saw what I posted above on Nov. 26th. Reports waiting for me to finish. I assumed it was due to the possible IP Address of the SMTP server so I added the SMTP sever, and it finally started to work again. It sent the return e-mails to GMAIL.COM, but I've since edited that to go where I wanted it.
  2. OK, finally got an email back: Came in @ 1:47 today for 5 reports: ================== SpamCop is now ready to process your spam. Use links to finish spam reporting (members use cookie-login please!): https://www.spamcop.net/sc?id=z6595502395z99137f909f34abead83e******** https://www.spamcop.net/sc?id=z6595502396z2b08a7a687036075a0********* https://www.spamcop.net/sc?id=z6595502397z1602155e053b61c66********** https://www.spamcop.net/sc?id=z6595502399z8e0fa71bc6ff1b5b********* https://www.spamcop.net/sc?id=z6595502400z635a14efd462a8a6ffb******* The email which triggered this auto-response had the following headers: Return-Path: <my email address> Received: from vmx.spamcop.net (prod-sc-smtp6.sv4.ironport.com [10.8.129.216]) I do have some there now, ============= Submitted: 11/26/2019, 1:43:17 PM -0500: Are you looking for savings on your car insurance? No reports filed Submitted: 11/26/2019, 1:43:17 PM -0500: =?UTF-8?B?UHJvdGVjdCBZb3VyIENhciAmIFdhbGxldCB3aXRoIGFuIEF1dG8gV2FycmFudHk=?= No reports filed Submitted: 11/26/2019, 1:43:17 PM -0500: =?UTF-8?B?V2UgaGF2ZSBhIHN1cnByaXNlIGZvciBLaG9scyBTaG9wcGVycw==?= No reports filed Submitted: 11/26/2019, 1:43:17 PM -0500: Compact and lightweight-TL900 headlamp No reports filed Submitted: 11/26/2019, 1:43:17 PM -0500: =?UTF-8?B?V2UgaGF2ZSBhIHN1cnByaXNlIGZvciBLaG9scyBTaG9wcGVycw==?= No reports filed Submitted: 11/26/2019, 11:20:06 AM -0500: =?UTF-8?B?NzAlIG9mIEFtZXJpY2FucyBxdWFsaWZ5IGZvciBoZWFsdGggY2FyZSBkaXNjb3VudHM... 7015568**** ( 3.8.157.6 ) To: abuse#amazonaws.com@devnull.spamcop.net ===================== Only the LAST one has a link? So it seems it was my problem not setting the MailWasher to a working SMTP site. Yes, it is on Road Runner too but I though it needed to be added as the 'name' was different? Thanks, it seems to be OK, other than I'm not getting the return mail in a timely manner nor any notification from this forum most of the time, probably Spectrum...
  3. OK, got ONE problem solved, and it was MY fault partially. I use Mail Washer Pro as a pre-screener for mail. It is the one that will send my spam to SpamCop. Today it hit me, I didn't change my SMTP server in it. So I did that and it seems by its log the spam was sent: ********************************************************************************************* Firetrust Mailwasher 2010 version: 843 Created 11-26-2019 ********************************************************************************************* 11-26-2019 11:15:26.841 SMTPprotocol SMTP Transaction Error Dump 11-26-2019 11:15:26.841 SMTPprotocol 220 Welcome to Road Runner. WARNING: *** FOR AUTHORIZED USE ONLY! *** 11-26-2019 11:15:26.841 Unknown 220 Welcome to Road Runner. WARNING: *** FOR AUTHORIZED USE ONLY! *** 11-26-2019 11:15:26.841 Unknown EHLO IRV8700<CRLF> 11-26-2019 11:15:26.841 Unknown 250-dnvrco-cmomta03 hello [184.88.29.70], pleased to meet you 11-26-2019 11:15:26.841 Unknown 250-HELP 11-26-2019 11:15:26.841 Unknown 250-AUTH LOGIN PLAIN 11-26-2019 11:15:26.841 Unknown 250-SIZE 30000000 11-26-2019 11:15:26.841 Unknown 250-ENHANCEDSTATUSCODES 11-26-2019 11:15:26.841 Unknown 250-8BITMIME 11-26-2019 11:15:26.841 Unknown 250-STARTTLS 11-26-2019 11:15:26.841 Unknown 250 OK 11-26-2019 11:15:26.841 Unknown NOOP<CRLF> 11-26-2019 11:15:26.841 Unknown 250 2.0.0 OK 11-26-2019 11:15:26.841 Unknown MAIL FROM:<email address is here><CRLF> 11-26-2019 11:15:26.841 Unknown 250 2.1.0 <email address is here> sender ok 11-26-2019 11:15:26.841 Unknown RCPT TO:<submit.cjgROtGXz29hJbGP@spam.spamcop.net><CRLF> 11-26-2019 11:15:26.841 Unknown 250 2.1.5 <submit.cjgrotgxz29hjbgp@spam.spamcop.net> recipient ok 11-26-2019 11:15:26.841 Unknown DATA<CRLF> 11-26-2019 11:15:26.841 Unknown 250 2.0.0 ZdUqitFhDpRIkZdUsiLOJT mail accepted for delivery So today it was sent to SpamCop using my change SMTP server and the one I added, got confirmed email back that is was added, but doesn't show? It is now 25 minutes later and I have NOT gotten a response back? What could be wrong? EDIT 12:15PM Went to SPAMCOP.NET, found this: ========== Submitted: 11/26/2019, 11:20:06 AM -0500: =?UTF-8?B?NzAlIG9mIEFtZXJpY2FucyBxdWFsaWZ5IGZvciBoZWFsdGggY2FyZSBkaXNjb3VudHM... No reports filed =========== Never got an e-mail and can't figure out what to do with the above?
  4. Nope, I sent 3 reports off yesterday using my new SMTP server which was confirmed as OK and no response back. On top of that, I did get notice of your post: First column is when my mail server got the message, the 2nd when it was sent. 6 hour delay. Some it seems I NEVER get? It does show it was sent right after you posted it at least, Could the problem be between SpamCop and Spectrum? I've asked Spectrum and got a useless response, call SpamCop...
  5. Well I haven't had one to send off yet. Still not getting notices, but that probably Time Warner. However the spam folders do not show I have it in there either? However, as I did post yesterday @ 02:57 PM I did get that notice? I would think this is a Spectrum problem though. As I said before, there are other e-mails not getting through I suspect, I do know of a few. Still, why have my MAILHOSTS not changed on my SPAMCOP page tab as I've shown above? I tried to register them, got the emails back as well as the confirmation? Am I missing something else I have to do?
  6. OK, I have a GMAIL account, I'll change my preference to that. Spectrum it appears on Nov. 15th or so made a change to the servers. Something to do with IMAP but it caused other changes too. I think it was the implementing of RFC-2971 that I saw in the Spectrum forms complaining about e-mail.
  7. Hmm, this just came in? ================ Hi IrvSp, Lking has posted a comment on a topic, Changed Mail server, Mailhost registered, not showing? Go to this post: http://forum.spamcop.net/topic/42750-changed-mail-server-mailhost-registered-not-showing/?do=findComment&amp;comment=149438 -- SpamCop Discussion ================== Link is not good though??? Sent @ 11/22/2019 11:49:56 AM which matches probably 3rd one above... I am SURE I'm having email problems.Wife sent me email and I never got it. That was 9:20AM my time, at noon sent a 'test' message and I got it immediately... Still doesn't explain why my MailHost is no adding new ones?
  8. You have to be kidding... calling Spectrum with e-mail problems is a waste of time! Even with the need to change SMTP servers I couldn't get that answer from them but another neighbor who DID get that answer. It depends on who picks up the call. Most of the time the standard answer is 'check on Webmail'. Using an e-mail Client like Thunderbird like I do, 'call Thunderbird' or ''we do not support using Thunderbird (they did before publishing how to set it up)' Even IF they were able to ascertain that Spamcop was blocked, they would never unblock them based on my say so... especially without PROOF.
  9. The missing notifications of submitted spam is what sent me looking why and I think it was the Mailhost. Configuration, well that is the root problem for me, it isn't. I have been getting emails for submitted spam all along. Once it seems my SMTP server was change they stopped. Actually, Spectrum bought my ISP and Time Warner. Prior to that, my ISP used Road Runner, and mail passed through the TWC RR servers to my ISP, and I could also use the TWC servers with my ISP's email UID and PW. Now they are combined into one for Webmail for instance. I can check the spam folders on webmail and I have gotten no Spamcop e-mail in there either. Now it is possible they have tightened up spam, RR wasn't too good, compared to GMail for instance of stopping that before you knew about it. I'd get 4 or more spam emails a day and sometimes 10 or more. Again, I didn't even get email about your response, just saw it as I decided to check here... wonder if they 'shutdown' Spamcop emails as they get too many of them? They have done this before. I couldn't get a receipt from my Travel Agent. He swore he sent the confirmation and tried a few times and it didn't get through. Sent it to me Gmail and I got it. Called Spectrum and they called me a day later, his ISP's mail server was blacklisted due to too many spam and messages per day... Still, why wasn't my MailHost's updated? Is there somebody I should contact?
  10. My ISP has made some changes to their POP3 mailserver and that has caused me some problems (Spectrum). They directed me to change SMPT server, and that 'broke' Spamcop from sending me back e-mails for ones I sent it. So I followed the process to add new mailhosts, but it isn't happening. Here is my MAILHOSTS, take today, and the same it has been for a long time: I got TWO of these for differences and I followed the instructions: I then got 2 of these back: Still, my MAILHOSTs were not updated? I also have 'Notify me of replies' checked but I'm not getting notices? Found your reply when I came in here?
  11. I had to change my SMTP server. Noticed I was NOT getting return e-mails from submission and realized I had to register the new SMTP server. Did that, and got the confirmation back that it was a success... ========= Hello SpamCop user, Thank you for registering your mailhost (TWC) with spamcop. ========= Well, I send in a few today (it was registered yesterday) and I'm not getting the responses back? Look at MAILHOST tab, the only the original 2 are showing? Is there a limit on how many you can have?
  12. I keep getting stuff 2 or 3 a day. SPAMCOP reports go into DEVNULL so it probably is worthless reporting it? Spammer does use other ISP occasionally. The header IS forged like this from a few from last week: Received: from [138.128.73.39] ([138.128.73.39:60440] helo=cystolgrantlamhell.com) Received: from [144.168.154.248] ([144.168.154.248:44809] helo=mcmarsbachmcguizeshunt.com) Received: from [85.217.132.83] ([85.217.132.83:36534] helo=rochstaeusstritrelph.com) Received: from [104.144.114.7] ([104.144.114.7:39204] helo=kraekdorfhmonsgermfeldt.com) Received: from [23.250.48.158] ([23.250.48.158:33696] helo=chuchtabhywzornfrees.com) Received: from [85.217.138.125] ([85.217.138.125:41478] helo=moanpeakjezshiftbrook.com Received: from [185.5.119.252] ([185.5.119.252:55850] helo=lomslncermannlouan.com) Received: from [104.144.122.129] ([104.144.122.129:55391] helo=labwetchquicjel.com) Received: from [50.3.123.91] ([50.3.123.91:50110] helo=kraekdorfhmonsgermfeldt.com) Received: from [188.191.150.163] ([188.191.150.163:38151] helo=skeadungthiefjephiatt.com) What the root problem is that I don't know what the payload is? I get 2 types, the BITLY and the ones I can't even figure out? BITLY is just a link. The few times I used the iPad to see it it was something to purchase and appeared to be a real PNG copied over, but those links using the PNG links on it also appeared to be real? Couldn't really tell as I never took any. Suspect they are using the 'from' to get a partial cent for referring you to the site. The worrisome one is this, from the last line email above in RED: ============ <a href="http://spurtvilsnogdpierdrach.tk/20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address"> <img src="http://spurtvilsnogdpierdrach.tk/images/6633815925.png" border="0" /> </a> ========== I know from the last line above it translates into 188.191.150.163 where it will go to. However what exactly is the rest of the line, 20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address, and why is my e-mail address on it? I can't find ANY information on that? Since it is in HTML code when Thunderbird sucks it in it well basically execute that code, and I'll see the PNG file. I'm worried about some malware coming it with it due to the href?
  13. I looked at a few of these today. All have the SAME info at the bottom. Yes, I know it is part of the JPG it seems, and it does link off to a slightly different ending on the URL line, but I googled part of it, " 8123 Interport Blvd Englewood, CO 80112" and added spam to it. I was SURPRISED at all the HITS I got... it seems to be the 'home' for many different companies posting. Why can't this information help stop this? Of course that link it does go to might not be them at all either???
  14. Well, something must have got to them? About a week ago it stopped.... 2 weeks ago I started sending them to my ISP's spam Handler... well it was short lived... started up again yesterday. About all I can tell is they changed the end part of the URL from .party/ to .stream/. I guess it is hard to stop whomever it is? Shut them down and they come right back... Sigh... Surely there must be a way? Even adding SERVERHUB to a black list maybe?
  15. I'm getting 3 to 5 of these a day for 2 months now. They have fake YAHOO.COM e-mail addresses, the subjects are about products. Every one of them when I look at the contents are for images that have many different letting combinations but ALL have .party/ as the last part of the image location. For instance, this one: http;\\peltbangswiestdaunt,party/up0hlwvwsaae/19915641k140e2002308/t5s0gbrvgx7j Others inside have other confusing ones to me but do INCLUDE my e-mail address: <img src="http;\\peltbangswiestdaunt,party/19915644k140e2002308?eb=i******@****r.com" /> I assume that is how they can track me? A typical SpamCop report always comes back as it is coming from SERVERHUB.COM? Don't know how it made that connection? After the report is sent, I can see this on SPAMCOP: https://www.spamcop.net/sc?id=z6354566965z58e6e1b554cd81aafb9894c99b1451dcz The HEADER for that one is: ================ Return-Path: <yunkovalcik8829@yahoo.com> Authentication-Results: cdptpa-imsmta06 header.DKIM-Signature=@yahoo.com; dkim=pass Received: from [98.138.207.12] ([98.138.207.12:34600] helo=smtp105.biz.mail.ne1.yahoo.com) by cdptpa-imsmta06 (envelope-from <yunkovalcik8829@yahoo.com>) (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTPS (cipher=DHE-RSA-CAMELLIA256-SHA) id 0F/76-13528-E3EED885; Sun, 29 Jan 2017 13:29:34 +0000 Received: (qmail 97002 invoked from network); 29 Jan 2017 13:16:18 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1485695778; bh=gGfWdN6RC3yXfNbEMYT3J+OEY8eZa0S9LXQ4MtN0QVY=; h=Message-ID:Date:From:To:Subject:Content-Type; b=MITSLzafvddVfXxZCb7cwA4j2noD18AN7IoQ+1gf8W7p0zo7M1RDln3fMcaPvl9434ALsXOzCMbiMKbygmOouEW5f+TBx1pAsN9s5fRLi81qB5ktGuJO4SyxvhzZ/1gk+AtmiOWWyrUAyua/8aaPVC3lXihvbFsYPe/jBMlChno= Message-ID: <55380.49272.qm@smtp105.biz.mail.ne1.yahoo.com> Date: Sun, 29 Jan 2017 13:16:18 +0000 (UTC) X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: tqWQH_YVM1n8jsE2uLp2bRKDjph5McZuBA63MHzD_EY_TtK 3x5eO5aPw53w8JZO4G4EWoyQYYmxTvWMU1I0uXo4buv4Ee0plV2JYbTIeHnU Opt_bzFyw8EK3urTAU2ahvEMaYVs3KkzOwCa4KlHMvev2g2Xt_XfGxNzTpI8 cCY56Hn3Zd.fWk._MXTMtFtzI5sFSGwrd18ecUW3DbXJEWHEG83gRCePh0.I hT0.Ve6YOLTUPWofgYzH.VLTOoDvDuf.oz1cPPWGP5.MSsxoRB1b0wHcQkX. Voq6uw.XORME1VS9SwKWNUNuUHrR1Y5CotefCKcSQ8KBTUmwPF_J7Unh5McW a2PxjhulT3Wstmj73ULIQyQu4Zdnj4ZK8E6NmegsKYC2ryOwyBFJmdfx1hI6 YPBvlAa4lsD1RAIo.gzeMHIKKYNAi.lznal7XEAS1XV.hgtxnMFI.if3NONn bKPezPEQCGcKTWpj5gXvFFLH8LScx6P96D9I4KzCbxL_DEtmUf2LP_Ux1eIj TQdQXLRuEv.y19UAmhqwAYGM1TRt4Tdh23QbD59mUqBAcmxOnj7IkWEjE4DA - X-Yahoo-SMTP: LoI572yswBCSbUI_5YkmxJmLSAqIHsv.SzvTWEeVrl.eSN.23aXFE9aQAQqZOiS5QKhCox0- From: Senior Living <yunkovalcik8829@yahoo.com> To: ispalten@cfl.rr.com Subject: Looking for 55+ living in 2017? Content-Type: text/html; charset=UTF-8 X-Authority-Analysis: v=2.1 cv=WtfWSorv c=1 sm=1 tr=0 a=IXwzD+xon/F+YVC+ra/VSA==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=79YnABSCSewA:10 a=IgFoBzBjUZAA:10 a=FD_G_oyTAAAA:8 a=ayC55rCoAAAA:8 a=fhRY4CD02UBmV23WEHMA:9 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=jf6ifqx8wrbFtL1ejoTd:22 a=B_RyunTPg8udlmYm5Cu2:22 X-Cloudmark-Score: 0 X-RR-Connecting-IP: 107.14.168.212:25 ================= Body contains: ============= <center> <a href="http://robhelzlattmoor.party/cdo8ihcq5gai/19915506a176o1118741/k779tlpvbmwx"> <img src="http://robhelzlattmoor.party/lfyi137qxx3f/mT/g1aa5ie3k95c" border="0" /> </a> <br /> <a href="http://robhelzlattmoor.party/bge3j39ogj6a/19915507a176o1118741/k0o8j79nl86x"> <img src="http://robhelzlattmoor.party/9fs59t0qbwrv/6l/59neeq17kf67" border="0" /> </a><img src="http://robhelzlattmoor.party/415501a176o1118741.gif" /><img src="http://robhelzlattmoor.party/19915508a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915509a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915510a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915511a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915512a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915513a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915514a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915515a176o1118741?eb=i*******@*****.com" /> ============== So basically I have 2 questions? 1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too? 2) Why are the reports being ignored? I've even used my ISP's spam REPORTING and it still had not stopped? My ISP does have spam Filters, but only back on FROM and blocking all YAHOO.COM doesn't help me.
×