Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About amenex

  • Rank
  1. DavidT wrote: > Your question about the addressing is easily explained....a lot of spam gets > sent out using the BCC (blind carbon copy) method, so anyone's address > could appear in the "To" box and yet your address was on a BCC list that > you're not seeing. Arghhh. > However, the message in question should have wound up in the Held mail > folder...not in your Inbox, unless perhaps you haven't got all of the Blacklists > selected in your options? I've got the relocation to Held Mail on hold - I checked the "Tag Only" box so my filters will intercept the stuff that's guaranteed to be spam. > I'd also recommend a SpamAssassin setting of 4, rather than the default of 5. > That should help route more stuff to your Held folder as well.....but do go into > your options and make sure that all of the Blacklists are turned on. They're all on - but just tag the spams. I'm trying to design the filters so they don't mis-identify legitimate emails. I've got mail coming from several domains, and they all receive this BCC junk, so I'm filtering mail to "[at]domain" that has a SpamAssassin rating of ***** and worse. If I relax that, then a playful email might end up in my PsuedoHeldMail box. Is there any other way of catching BCC mail with a filter setting ? Thanks, George Langford amenex
  2. Here are the headers: > Return-Path: <rampartsm9[at]oaline.com> > Delivered-To: spamcop-net-[munged][at]spamcop.net > Received: (qmail 7207 invoked from network); 3 Feb 2009 11:59:12 -0000 > X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade4 > X-spam-Level: **** > X-spam-Status: hits=4.5 tests=MIME_QP_LONG_LINE,RDNS_NONE,TW_WT,URIBL_SBL version=3.2.4 > Received: from unknown ( > by blade4.cesmail.net with QMQP; 3 Feb 2009 11:59:12 -0000 > Received: from unknown (HELO PHRRDKTQ) ( > by mx70.cesmail.net with SMTP; 3 Feb 2009 11:59:10 -0000 > Received: by VKQCR.nmroqoauvrd.com (Postfix, from userid 80) > id KK42SRAP3M; Tue, 3 Feb 2009 19:59:09 +0800 > To: shinybluegrasshopper[at]spamcop.net > Subject: Give your couple some heat wtvoxu boeih > Reply-to: rampartsm9[at]oaline.com > From: "Noe Grimes" <31tcmcfq2723[at]oaline.com> > Message-ID: <527032188.70702468046195[at]rampartsm9> > MIME-Version: 1.0 > Content-type: text/plain; charset=windows-1251 > Date: Tue, 3 Feb 2009 19:59:09 +0800 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: PHP > X-MimeOLE: Produced By phpBB2 > Content-Transfer-Encoding: quoted-printable > X-SpamCop-Checked: > X-SpamCop-Disposition: Blocked cbl.abuseat.org I'm not grumbling about the fact that it's been tagged as blocked by cbl.abuseat.org. It's the addressee: shinybluegrasshopper[at]spamcop.net - my spamcop username appears only in the [munged] second line of the headers: > > Delivered-To: spamcop-net-[munged][at]spamcop.net Why am I receiving this email ? It's not been filtered because I've set the filter trigger at five *'s (*****) and this spam has only four. There seems to be no hint as to why my Inbox is the lucky recipient. The first "received by" is nmroqoauvrd.com, a nonexistent domain ... George Langford amenex
  3. 'Farelf' wrote: > Thanks for advising on the wash-up George, marking this resolved. Followup: Worked like a charm, but I had to mark spamassassin as tag-only, or it would gobble up all the stuff intended for the "HeldMail02" folder and cram it into the standard "HeldMail01" folder. So far today, 100% of the spams in the "HeldMail02" folder are addressed to "myusername" or "almostmyusername" [at]spamcop.net. George Langford amenex
  4. StevenUnderwood wrote: > You should be able to setup a client filter for that. If you set it up in webmail, it is only activated when you are logged into webmail. Log into webmail and click the filter button at the top. OK - After considerable effort, which included eliminating all my blocklists and emptying my 2200-entry blacklist file, I managed to set up a simple series of filters which send the spam that is addressed to my primary SpamCop account to a new "HeldMail02" folder. This was an elegant solution that StevenUnderwood suggested. However, getting the filters to function correctly was tricky. Evidently, if I check the box to stop filtering after a rule is satisfied, the S/W stops filtering altogether, even if the rule isn't satisfied. After I unchecked all such boxes in my train of filter steps, I achieved the desired results. Now the bad stuff ends up where I want it to go. > However, since it is spam and ending up in your Held Mail folder anyway, I would just report it. That wasn't the point. I was having to read through the bodies of all 200-spams-per-day, looking for legitimate email that was getting flagged by the blocklists or my blacklist. I then added them to my whitelist. New contacts might have gotten reported as spam if I wasn't extremely careful. Now my primary Held Mail folder will contain only what I choose to add to my blacklist (presently empty), and my "HeldMail02" folder will gather stuff that's guaranteed to be spam, except for stuff from the deputies ... such as my annual bill. I can modify the filter train to account for those. Thanks, George Langford amenex
  5. Wazoo wondered out loud: > I've read and re-read it a half-dozen times, and I don't really understand what you're asking. Everything in my Held Mail folder is addressed to amenex[at]spamcop.net or to [mailing-list-at] spamcop.net. That's probably the result of my persistent reporting of phishes. Perhaps some is the result of my regular spam reporting. I'm not complaining about the cause. If I could filter everything addressed to (not from) an email address at spamcop.net into my Held Mail folder and cancel all the other filters I'm presently using, then a very few spams would stay in my Inbox, and I'd have next to zero legitimate emails in my Held Mail folder. I'd still have to whitelist emails that _I_ sent to amenex [at] spamcop.net, as well as replies from the anti-phishing groups, but those are easy to spot from their Subject lines. Thanks for asking for clarification. George Langford amenex
  6. After years of reporting phishes, spam etc. with my name & spamcop.net address in the clear, it looks as though essentially 100% of the spam in my Held Mail folder is addressed directly to my spamcop.net address or to a list of spamcop.net addresses of which my address is a member. As either I alone or auto-replies from anti-phishing groups send mail to my spamcop.net address, it would appear that I could use a Held Mail folder to accumulate the spam stuff, and which I would not need to peruse for accidentally flagged mail (such as legitimate new mail from gmail, yahoo, msn, hotmail, aol, etc.). I would have to whitelist the very few exceptions, of course. I 'spose I could do this myself by turning off all spam filters and then blacklisting mail addressed to spamcop.net, but I don't see any option for doing that. George Langford amenex[at]spamcop.net
  7. Here's a tracking URL for a spam that only appeared in my Held Mail after I had placed its sender in my personal blacklist at least twice: http://www.spamcop.net/sc?id=z1526205850zf...e34fac13e5f640z I started this thread after making a search on the SpamCop forums & FAQ's for the term: "personal blacklist." There was only one hit, irrelevant to my concern. Whattaya mean, "... haven't heard of anyone plugging IP addresses into [the personal blacklist]" ? What's that list for, anyway ? I feel that I can be as draconian as I wish, even to listing partial IP addresses, in the hope of shifting blackhat stuff that somehow escapes my selection of _all_ (one exception) of the blacklists that SpamCop offers. That exception is the Spamhaus PBL which manages only to shift my own emails into Held Mail and no one else's. Greylisting does not work for forwarded emails. We already discussed that. When I find spam in my Inbox, I dig out _all_ the IP addresses and domain names that I can find associated with that spam, whether forged or not. I even dig out the spamvertised domains and _their_ ISP's. No one escapes my wrath. There has been no reduction in false positives and no increase in false negatives as yet. amenex
  8. After weeks of effort listing IP's and domains of spammers in my personal blacklist, I am finding that new spams from these sources continue to appear in my Inbox and are not being transferred to my Held Mail folder. My intent is to dig these spams out of my Inbox, where they hide amongst legitimate emails, and to move them into my Held Mail folder, where I am willing to dig out the few legitimate emails that come from the black hat domains & IP addresses and to whitelist their senders. However, many new spams continue to appear in my Inbox in spite of the listing of their domains and IP addresses in my Personal Blacklist. Is there an activation box for my personal blacklist somewhere ? amenex
  9. amenex

    How is this possible?

    Yup; however, see this Spamcop discussion: http://forum.spamcop.net/forums/lofiversio....php/t8650.html My experience with a short (four hour) test of greylisting is that it greylisted one sender six times and six more senders one time each. About thirty spams got through from mail POP'ed from my various IP's. Greylisting works only on idiotic spam sent directly to my "user'[at]spamcop.net address. I have no idea how many folks got turned away at the door. George Langford (amenex)
  10. amenex

    How is this possible?

    Let's carry this a step further. Every day I get more-or-less the same pattern of spam content. I've applied all the blocklists that SpamCop offers, and I still have to scroll through about 250 spams a day in order to find the errors and whitelist the unfortunate few friendly emails that have a listed IP address. Put 2&2 together: 1. SpamCop looks up the true senders' IP addresses and records them. 2. My Smoothwall.org hardware firewall can be set to reject any of a [very long] list of black hat IP addresses. To arrive at this conclusion: SpamCop could keep track of the IP addresses that I personally have labeled as spam; let's say, that after I have reported xxx.xxx.xxx.xx# five times, that SpamCop simply bitbucket anything further from xxx.xxx.xxx.xx#. Once xxx.xxx.xxx.x## have been bitbucketed, henceforth bitbucket everything from the range xxx.xxx.xxx.###. Carry forward until all traffic from xxx.###.###.### gets bitbucketed. RIP. Put this another way: If I have reported a given IP block umpteen times for spamming, why should anything further from that source ever get placed into my Held mail folder ? amenex
  11. Not all is at it seems. The spam comes in so frequently now that I have trouble getting it all reported before downloading to my PC's. In order to back up my emails, I have resorted to downloading twice, once to each of two PC's. It's very hard to synchronize, as new messages come in while I'm downloading to the first PC (leaving the emails on the SpamCop server) and I have to check again after downloading the first batch before downloading (and emptying the SpamCop server) to the 2nd PC. Inevitably, a few emails are missed on the 1st PC, whose backup role is thereby somewhat compromised. I also end up with a few spams that sneak by in the interim. All this would be avoided if SpamCop could just devote a few bits of coding for some extra lines in that table. Remember, hard disk storage has gotten dramatically cheaper. My ISP originally let me use 1.5 GB of disk storage ... which got upgraded to 3 GB silently ... and which now stands at 600 GB for the same price per month as I originally paid for 1/400th as much space. On that basis, how much bandwidth is devoted to those bits of coding ? amenex George Langford
  12. Forwarding does the trick - this user resists using new features of S/W because of the often bewildering ambiguity of it all. Indefinite antecedents and all that. My new ISP's CPanel made the process of "adding a forwarder" childishly simple once I bit the bullet and ventured forth. "Forward your email to a destination of your choice" would have been far clearer. All it means is telling CPanel my SpamCop email address. Thanks ! George Langford amenex
  13. While in transition from one ISP host to another, I'll be wanting to POP emails down to my SpamCop.net account in order to cleanse them of spam with your fine service. However, I need several more lines in the table listing my POP3 servers in order to cover all the email accounts that I am passing through the SpamCop.net server. That table is here: https://webmail.spamcop.net/horde/imp/spamcop/popconfig.php Is there a limit on the number of these POP3 servers, or is it a simple matter to add a few lines to that table ? Thanks, George Langford amenex
  14. Wow, this sounds good. But I pop down 99% of my mail from other accounts. Won't greylisting create hassles with my other ISP's ? The only mail I get to my SpamCop email address is spam from idiots ... or my Held Mail digest, etc. and mail from the deputies after I screw up something ... amenex George Langford
  15. When my Inbox opens, there's a number just to the right of the word, Inbox. The number is in parentheses, and its value is almost always less than the count of email messages at the top right. In Held mail, the left hand count matches the right hand count. Might the disparity be due to a number of messages getting transferred to Held mail upon opening the Inbox ? George Langford amenex