Jump to content

stevewest15

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About stevewest15

  • Rank
    Newbie
  1. stevewest15

    Please help me investigate why we got listed?

    Hi Jeff, We are currently looking at what's the best method to implement this. If anyone here has any suggestions on ways to implement this in a qmail environment, would appreciate their input. In the meantime, I have just heard back from spamcop deputies who have inquired about additional information. I provided what they asked for...and not sure why they did not check the link to this posting which was enclosed in my original request back on Feb 22nd...but in any case, I'll report back once we have more information. thx, SW
  2. stevewest15

    Please help me investigate why we got listed?

    This is exactly what we are doing: rejecting messages at the SMTP level if they fall into one of the following criterias: - User's mailbox does NOT exists - User's mailbox full (we are currently beta testing this feature but in the meantime, we are monitoring all customer's mailboxes & increasing them to prevent bounced message after mail server accepts the message due to mailbox is full) - Spamassassin (SA) filtering at the SMTP level (rather than run SA after the message has been accepted) Currently, we are working on finding a way to prevent the following 'possible' problem: Our hosting customers have a number of antispam settings to choose from which include "Delete", "Deliver" or "Move" messages that are identified as spam by SA. If they select to 'Deliver' the spam identified message, then SA is setup to re-write the subject (*****spam******), place the following info (see below) and attach the original message as an attachment prior to delivering the message to customer's mailbox: Now typically this is not a problem...but it does become a problem if our hosting customer has setup to forward all incoming mail (even messages identified by SA as spam) to a third party mail provider (ie AOL, Yahoo, personal ISP, etc.). In this case, our mail servers will forward the Spamassassin notice which contains the original email as an attachment to the address they listed to forward all incoming mail too. AOL for example, will reject the message as "containing URL reported by aol members as spam...". Once this message is rejected by aol, our mail server tries to send a rejection notice back to the original sender (which can be forged by spammers). We are working on finding away to stop these messages from being sent but in the meantime, we have always striped the original spam message and only send the following notice (incase it makes it to an inocent person who never sent the message): So, the body of the message is NEVER sent back just incase the message was spam. SW
  3. stevewest15

    Please help me investigate why we got listed?

    Hi folks, Thanks to everyone for their replies. Please see below for my response to everyones replies: I'm still waiting to hear from someone. I just sent another request because I just got another spamcop alert but I couldn't make much sense from it: IP_Address Start/Length Trap User Mole Simp Comments RDNS 209.8.232.10 new/0 0 0 0 0 delisted manually mail.beza.net We have already disabled all 'autoresponders' for all customers to prevent any possible abuse by spammers. We have also lowered Spamguard treshold from 15 emails to 6 emails in 1 minute which will cause the sender to be blacklisted (qmail badmailfrom), we have increased spamassassin to 'very aggressive' setting thereby rejecting possible spam (even though this has created way too many false positives) at the SMTP level before it could cause issues with misdirected bounces due to forged 'return-paths'. I'm not sure what you are referring to in regards to 'mailhost problem'? Are you speaking about a qmail setting or something that needs to be set in spamcop? In the meantime, we have stopped reporting any spam to spamcop until we hear back from someone at spamcop. The forwarding setting basically 'redirected' the message so it was not submitted to spamcop as an attachment. We've stopped any further reporting...it's unfortunate because we were always very keen on reporting spam as soon as we got it to help everyone else out there who queries spamcop rbl to ensure the spam doesn't get through for others. So, I'm hoping the spamcop deputies can provide us with more information as to why we got listed and if it is a problem on our end, we will correct it ASAP. thx, SW
  4. stevewest15

    Please help me investigate why we got listed?

    Hi Jeff G., Thank you for the info. I will be sending an e-mail immdediately in hope someone can help us get to the bottom of this. Thank you once again! SW
  5. stevewest15

    Please help me investigate why we got listed?

    Hi Wazoo, Thank you for your thorough response! I wish we didn't process so much mail (over 400,000/day) and over 7000 customer's forwarding rules, your suggestion would be very feasible. But then again, to locate 2 misdirected e-mails (if I'm reading the latest spamcop report correctly) will still be a very difficult task: IP_Address Start/Length Trap User Mole Simp Comments RDNS 209.8.232.10 Feb 22 04h/0 2 0 0 0 delisted manually, blocklisted mail.beza.net Before posting here, I did read the "FAQ topic: Misdirected Bounces" located here and this is why I posted our Qmail spamcontrol settings whereby qmail will not accept any messages unless a number of conditions have been met: 1. email account must be a valid account locally, otherwise message is not accepted 2. sending IP address is checked against 8 rbls including spamcop 3. message could be accepted and bounce only if the local user mailbox is full 4. message could be accepted and a customer's autoresponder replies back to a forged 'From' email header. If this occurs, the autoresponder does not enclose the original message which spammers are known to use to distribute their junk 5. greylisting is enabled and a number of other antispam counter measures Any ideas on how I can begin to go about doing this? Without knowning what e-mail account caused this, it's almost impossible. At least can we get the e-mail address that sent this message? Or maybe a date/time, anything? Once again, any help you can offer is very appreciated! Thank you, SW
  6. Hi folks, We are a hosting company and several days ago, I setup a few domains which we do not accept mail for to act as spam traps by forwarding all incoming mail to my spamcop account. Today, I got chewed out by my superiors who are blaming me that spamcop blacklisted our main mail server IP address 209.8.232.10 due to what I did two days ago. I was only trying to help report spammers and I thought that would be of benefit to everyone who hate spam...never thought it would get us listed instead. I just signed up for an ISP account and tried to get a report to see more details on why we got listed but there are no reports available. Am I doing something wrong as to why I can't see more details on what triggered this blacklisting? The only thing I found was this link by doing a lookup at Senderbase. Also, I just recieved our 1st Alert from spamcop as I'm typing this request that our IP address 209.8.232.10 has been reported again in the past 1 hour. I'm thinking maybe one of our customers has setup an autoresponder but I'm not sure without seeing more info. on why we got listed. I've also read the FAQ about "Misdirected bounces" and we are already using qmail spamcontrol addon and we have the following options enabled: userchk (checking whether the recipient mail resource such as mailbox, forward, or mailbox alias exists before accept any message) mfdnscheck (DNS check of domain name in sender's address) smdcheck (Allows only local domains in the MAIL FROM address if mail is sent remotely) noathost (Fully qualified domain email address required in RCPT TO and MAIL FROM smtp commands) Any assistance is greatly appreciated! thx, SW
  7. I'm getting the following error after I click the 'Send spam Report Now' button at spamcop.net website: Report spam to: Re: 209.66.113.62 (Silent report about source of mail) Any ideas why? thx, SW
×