Jump to content

nomorespam

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About nomorespam

  • Rank
    Newbie
  1. Just thought I'd throw this out there in case I'm not alone. I usually submit only recent spam (2 hours or less). When I submit spam for processing, I usually check the IP address through http://www.spamcop.net/bl.shtml to see its status and what else has been submitted recently. Usually the addresses aren't listed in the SCBL (since I had just received the message), but 98% of the time, there are previous reports that are shown. About a day or so ago, every IP address I check (from the spam I receive and process) indicates "No recent reports, no history available". I found this odd, considering I had just reported the IP address for spamming (and in the past, saw my report on the list), so I started to investigate. My searches of the forum came up empty, and poking around for SpamCop system notices was fruitless also. Just to ensure I wasn't going crazy, I checked out the Hall of Shame and checked the first address listed there. At the time of this writing, it is 218.9.79.59. I would expect that there would be some history for this address to support its inclusion as #1 on the HoS. For me, "No recent reports, no history available". I did check that I'm logged into my paid-for Reporting account. Even logged out and re-logged in without any difference. One thing I did just notice on the HoS, is that the Age and Duration column values ("13284.3 days" and "-318823 hours" respectively) are wacky. Has something in SpamCop's internals slipped a cog, or have I?
  2. In case you haven't found your answer, I had the same experience you had. You've got it half right with the access.db entries. Here's what I did at our site to make them override the dnsbl: In sendmail.mc add the line FEATURE(delay_checks)dnl And then re-generate sendmail.cf See Sendmail cf/README - Anti-spam Configuration Control for further details and a couple of side-effects that are easily dealt with.
  3. nomorespam

    Spam not parsing - source IP missing?

    Other than the above quoted line not being in the line #0 position, how is it substantially any different from this: Tracking url: http://www.spamcop.net/sc?id=z755543807zef...481da817adef32z which parses just fine? In this case cwc.com.au resolves to 203.30.164.4, and 216.62.211.179 is SBC Internet in Texas. I doubt Spamcop would try to match the provided hostname (from the sender) with the IP address that connected to the receiver. That hostname is almost always spoofed. To Wazoo: As for The only difference I can figure is that because you don't use my mailhost config, Spamcop needs to do the chain test (among others for validity) instead of simply making sure the handoff is to a configured mailhost.
  4. nomorespam

    Spam not parsing - source IP missing?

    Just parsed another spam, but got a different error message: hsia.telus.net does not report source IP correctly No source IP address found, cannot proceed. This is definitely an improvement in so much the error message is matching the logic, but I still can't report spam. The site in question is our secondary mx which is where 99% of our spam comes through, so I'd like to be able to file it. That site uses qmail. Sendmail is our primary mx. Does qmail just make "broken" headers, or is there a configuration we can make to qmail so Spamcop will like the headers? I'm curious to find out why this change was made to Spamcop's parser. We weren't having any trouble with how Spamcop parsed email that travelled through that path before, but now we have a 100% failure rate. The IP Spamcop identified as the source is the one I'd pick to report manually if Spamcop was out of the equation. Is it possible to soften the header parsing rules (or (gulp) make an exception for qmail) so we can report spam, or are we left out in the spammy cold? Thanks for any assistance.
  5. nomorespam

    Spam not parsing - source IP missing?

    Something has definitely changed with SpamCop. I took some spam I filed April 14th (http://www.spamcop.net/mcgi?action=gettrac...rtid=1402907806) without any issues then, and re-parsed it just now and got the same error as above. Since Spamcop is actually identifying the correct bits from the recevied line, why do you say the header data is broken? It would seem to me if Spamcop is finding what it needs, it should use it. If the header is (now) considered broken to Spamcop, then the message should say something like "This header is broken, ignoring it" rather than "IslandTech secondary received mail from sending system 211.229.225.71". At best, it's misleading how it works now. Here's another spam I just received and parsed with the same problem: http://www.spamcop.net/sc?id=z754879538z3c...cac5c0a3a9fb8bz Just my 2 cents worth.
  6. nomorespam

    Spam not parsing - source IP missing?

    Hmm... Maybe something's still a bit broke? This is the first time this has happened for me. http://www.spamcop.net/sc?id=z754650523z57...9909ad48724719z Here are the relevant lines: 1: Received: from unknown (HELO vtoy.fi) ([at]211.229.225.71) by linus.fmls.ca with SMTP; 21 Apr 2005 07:22:36 -0000 No unique hostname found for source: 211.229.225.71 IslandTech secondary received mail from sending system 211.229.225.71 2: Received: from 158.239.44.37 by smtp.espoo.fi; Thu, 21 Apr 2005 07:18:27 +0000 No unique hostname found for source: 158.239.44.37 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. It would seem 211.229.225.71 is identified as the source, but after the next fake Received line, SpamCop appears to have forgotten. Any ideas?
  7. nomorespam

    reputation points

    I was looking over the SCBL FAQ and the listing rules and something struck me. Once I recovered from the blow, I searched for an answer to no avail. In regards to "reputation points" which the FAQ states "A mail sender receives a reputation point for each SCBL query that is not reported as spam.", what constitutes a SCBL query? Does using nslookup on 61.74.65.102.bl.spamcop.net for example, or using http://www.spamcop.net/bl.shtml give reputation points out? I gather that the points are intended to be attributed based on MTA lookups, but how are these two forms of queries (MTA vs nslookup) separable on the receiving end? I regularly use the above url to investigate IPs of spam I receive, in part to determine if reporting a slightly stale spam is worth it or not. For example, if the spam was a little stale (8-24h) I'd consider reporting it if there was no other evidence against that IP, but if my lookups are handing out scooby snacks to the spammer's credit, it would work against getting the IP address listed, no? On the malicious side, couldn't a spammer use an automated lookup mechansim to hammer the bl lookup for their IP addresses artificially raising their reputation point count and potentially keeping themselves out of the SCBL? I hope I'm wrong and the non-MTA lookups don't give out reputation points, but I had to ask. Thanks.
  8. A few months ago I relocated my mailserver to a new network. Upon reporting my first spam after the move, I realised I needed to reconfigure the mailhosts so it recognised my new IP as being legitimate. The hostname remained the same, only it resolves to a new IP address now. I deleted the host from my Spamcop mailhosts config (with the previous IP address) and re-added it. The problem is when I re-added my host to the mailhost configuration, the old IP address is still on the list along with the new IP address. This old IP adress is no longer assoicated with my mail setup, so I'd like to get rid of it, but I'm not sure how. I have tried deleting the entry and re-adding it with the same results. Do I need the deputies to intervene, or do I need to delete it and then wait a while (hours, days?), or what? It hasn't been an issue here yet as the old address hasn't been spoofed on any of the spam I've receieved, but I'm not sure what the broader implications are to Spamcop as a whole having my old IP address listed as a legitimate adress in the mailhosts database. Theoretically, could a spammer could be operating from my old IP now and when people parse those spam consider my old IP as either associated with me or worse, a forged received line being treated as real? I appologise if this issue has been dealt with elsewhere in the forum. I looked around and didn't find a suitable resolution. Thanks.
×