Jump to content

chazz

Members
  • Content Count

    6
  • Joined

  • Last visited

Everything posted by chazz

  1. chazz

    Sluggishness

    I am having a problem in that, if I send email to Spamcop to report spam, it hits the Ironport servers within minutes; sits two hours within the first (sc-smtp1-bulkmx.soma.ironport.com, 01:13:45 -0700 to 03:55:10 -0700), before it gets forwarded to the second (sc-appl.soma.ironport.com); that one processes it in about a minute and a half and then sends it back out. But then sc-smtp2-bulkmx.soma.ironport.com sits on it for six hours (03:56:31 -0700 to 16:33:06 -0000) before dropping it into mx53.cesmail.net. Once it gets into the cesmail chain it's pretty quick, getting to me within minutes. It is difficult to make a timely report on spammers if the information I need to make the report is sitting in a mail queue for literal hours, going stale... I have been using Spamcop for years. Literally. I stopped using the reporting email because of this sort of sluggishness, then found that immediately after the Ironport takeover it became useful again. It is really handy to get that report back quickly, and I can't say how sorry I am to see this slowdown appear again.
  2. One quick note: If you were logged in to the SpamCop reporting system (via cookie login) while the update was happening, and you go to the Held Mail tab, the reporting system will find nothing to report. If you log out and back in, you'll be good to go.
  3. chazz

    Sluggishness

    Thank you. Recall, I'm just a noob... a happy and long-term user, but I don't know all the ins and outs of how things work... and yes, things have started working again, about a two-minute turnaround this morning. I don't know where I'd look to see the previously-made comments that mail submission is a background task, but even if I did see that, that still wouldn't explain the multi-hour delay in the Ironport servers; it would explain a delay once the mail got to the parsing engines, but there is no real delay there at all.
  4. chazz

    Sluggishness

    Does Ironport monitor these forums, or is there some way we can contact them? For what it's worth, my latest submission to the processing address shows this (redacted my identiying info only) in the message proper: The email which triggered this auto-response had the following headers: Return-Path: <xxxx[at]xxxx.com> Received: from sc-smtp2-bulkmx.soma.ironport.com (sc-smtp2-bulkmx.soma.ironport.com [204.15.82.125]) by sc-app7.soma.ironport.com (Postfix) with ESMTP id B912B2F918 for <submit.xxxx[at]spam.spamcop.net>; Tue, 14 Aug 2007 13:30:08 -0700 (PDT) Received: from mail.xxxx.com (HELO mail1.xxxx.com) ([209.53.210.249]) by sc-smtp2-bulkmx.soma.ironport.com with ESMTP; 14 Aug 2007 08:23:07 -0700 Received: from mail1.xxxx.com ([10.0.0.190]) by mail1.xxxx.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 14 Aug 2007 08:29:58 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C7DE87.F9153E7E" Subject: spam Report Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Tue, 14 Aug 2007 08:29:36 -0700 Message-ID: <ADCD5FB38EF5F644B7DF52F7ABB97F41335478[at]cinnamon.xxxxx.local> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: spam Report Thread-Index: Acfeh/MOCuKiNiiyR3GTaKooGfQJCQ== From: "xxxx" <xxxx[at]xxxxx.com> To: <submit.xxxxxx[at]spam.spamcop.net> X-OriginalArrivalTime: 14 Aug 2007 15:29:58.0656 (UTC) FILETIME=[F938F800:01C7DE87] showing that it sat for 5 hours in sc-smtp2-bulkmx; and the headers of the message proper are: Received: from xxxx.xxxx.com ([10.0.0.254]) by mail1.xxxx.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 14 Aug 2007 17:27:04 -0700 Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49]) by xxxx.xxxx.com (8.13.8/8.13.7) with ESMTP id l7F0JcMk000970 for <xxxx[at]xxxx.com>; Tue, 14 Aug 2007 17:20:00 -0700 Received: from unknown (HELO blade4.cesmail.net) ([192.168.1.214]) by c60.cesmail.net with SMTP; 14 Aug 2007 20:19:38 -0400 Received: (qmail 12729 invoked by uid 1010); 15 Aug 2007 00:19:37 -0000 Delivered-To: spamcop-net-xxxx[at]spamcop.net Received: (qmail 28408 invoked from network); 15 Aug 2007 00:05:21 -0000 X-spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on blade4 X-spam-Level: X-spam-Status: hits=-100.0 tests=DRUGS_MUSCLE,USER_IN_WHITELIST version=3.2.0 Received: from unknown (192.168.1.101) by blade4.cesmail.net with QMQP; 15 Aug 2007 00:05:21 -0000 Received: from sc-smtp3-bulkmx.soma.ironport.com (204.15.82.124) by mailgate.cesmail.net with SMTP; 15 Aug 2007 00:05:17 -0000 DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns; b=XwzrRRZxMib1tpEqyXFX13lggAV4L4wVyqCE2UibgPDp2gUc0NltAf2d30ZKXiRVCAFTz4dqdkqtnnXbSfvIhafWFAFL6iIUoyREw9kh7deFx+iyKECCgi7fi4KegxH7; Received: from sc-app7.spamcop.net ([204.15.82.116]) by sc-smtp3-bulkmx.soma.ironport.com with SMTP; 14 Aug 2007 13:34:14 -0700 From: SpamCop AutoResponder <spamcop[at]devnull.spamcop.net> To: xxxx[at]spamcop.net Subject: [SpamCop] has accepted 15 emails for processing Date: Tue, 14 Aug 2007 20:34:15 GMT Message-ID: <spamid1394761214[at]msgid.spamcop.net> Content-type: text/plain In-Reply-To: <ADCD5FB38EF5F644B7DF52F7ABB97F41335478[at]cinnamon.xxxx.local> References: <ADCD5FB38EF5F644B7DF52F7ABB97F41335478[at]cinnamon.xxxx.local> X-SpamCop-Checked: 192.168.1.101 204.15.82.124 204.15.82.116 X-SpamCop-Whitelisted: spamcop[at]devnull.spamcop.net X-XXXX-MailScanner-OpenProtect-Information: Please contact the ISP for more information X-XXXX-MailScanner-OpenProtect: Not scanned: please contact your Internet E-Mail Service Provider for details X-XXXX-MailScanner-OpenProtect-MCPCheck: X-XXXX-MailScanner-OpenProtect-From: spamid.1394761214[at]bounces.spamcop.net Return-Path: spamid.1394761214[at]bounces.spamcop.net X-OriginalArrivalTime: 15 Aug 2007 00:27:06.0671 (UTC) FILETIME=[029DCBF0:01C7DED3] showing that it sat for almost 4 more hours in sc-smtp3-bulkmx.
  5. chazz

    Spamcop Down?

    It looks worse than that to me. Quick report (since 1800 PDT) reports "Database error submitting spam" for every message, and when I do an email submit it comes back "Cannot find spam mails in this message". Looks like Spamcop is basically dead in the water.
  6. chazz

    URLs not reported

    Okay, this is a bug I've been seeing for a long time. SpamCop sees the embedded URLs in a message, reports them to me, but then doesn't offer to send the final LART. The spam: Here's a case in point. Resolving link obfuscation http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/ Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/ chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/ Please make sure this email IS spam: Okay, it de-obfuscated the link OK, why didn't it go on to the next step? So refresh. About 10 times. And then I see: Resolving link obfuscation http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/ Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/ chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/ host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62 host 200.149.11.62 (getting name) no name Please make sure this email IS spam: Better, but still no LART offer. Refresh some more? Don't mind if i do. About 20 times. Resolving link obfuscation http://hihsqio.org&ezibeqnbjc98odjq7m0b%2eadamasnaghk%2ecom/ Percent unescape: http://hihsqio.org&ezibeqnbjc98odjq7m0b.adamasnaghk.com/ chopping username "hihsqio.org&" from URL: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/ host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62 host 200.149.11.62 (getting name) no name host ezibeqnbjc98odjq7m0b.adamasnaghk.com (checking ip) = 200.149.11.62 host 200.149.11.62 (getting name) no name Tracking link: http://ezibeqnbjc98odjq7m0b.adamasnaghk.com/ No recent reports, no history available Resolves to 200.149.11.62 Finally, a LART offer. I find it interesting that it has to get name twice before it will go to "tracking link". This seems to be true only if it needs to chop the username. On other occasions I have seen it find three URLs, deobfuscate all three, and offer to LART none, one, two, or all three of them. On some occasions I have had to refresh about fifty times before it would generate a LART offer. I can see that this is a problem in SC, and I guess I don't really want support on it at the moment. What I am trying to do here is provide enough information about it so that Julian can locate the problem and hopefully fix it. As a programmer, I know how much harder it is to fix a bug you can't replicate.
×