Jump to content

petzl

Memberp
 View Profile  See their activity

  • Content Count

    2,500

  • Joined

  • Last visited

Posts posted by petzl

  3. Posted

    1 hour ago, Sakamoto said:

    Hi.
    I'm a 210.172.109.36 administrator.

    210.172.109.36 is blacklisted on apews.org.
    How can I remove from the blacklist?

    Search results should also be included.

    SpamCop has nothing to do with APEWS but read this

    Seems your logon passwords can be scanned pay to fix this, or spammers can steal logon/password for your email server
    https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a210.172.109.36&run=toolpage
        SMTP TLS    Warning - Does not support TLS

  4. Posted · Edited by petzl

    2 hours ago, Outernaut said:

    I just received this spam and manually applied it to SpamCop (spamcop.net)

    Hope the "Tracking URL" will help.

    https://www.spamcop.net/sc?id=z6649444921z99fe2e4ed82404e339f14c6492a2f6c3z

    Question:

    Did this come from the internal site to where it was sent?

    ~O~

    Your email provider  has not stamped a received FROM IP line
    Although a IP is mentioned 166.181.83.113 ?

  6. Posted · Edited by petzl

    On 8/29/2020 at 12:53 PM, Brian Kendig said:

    "Not stamping received IP only"? Is that a problem on my end?

    Your email server needs to stamp it's own IP  (216.53.249.115) as well as the sending IP.
    The only IP it shows is the "From" IP.
    106.75.87.56.
    This needs fixing 
    More Information About Smtp Banner Check
    The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.

    This also  needs fixing (ask your ISP) as many services will discard email from you
    More Information About Smtp Reverse Dns Mismatch
    The forward lookup (A) of the hostname hostname did not match the reverse lookup (PTR) for the IP Address. 
    Example of a correctly matching pair of records:
    (A) lookup for smtp.mxtoolbox.com resolves to 208.123.79.38
    (PTR) lookup for 208.123.79.38 reverses to smtp.mxtoolbox.com

     

  7. Posted · Edited by petzl

    11 hours ago, Brian Kendig said:

    216.53.249.115.

    https://www.spamcop.net/sc?id=z6647673526z717f1b3f9f3bda2be59f7a5a44fe732ez
    Not stamping received IP only and only the from  Botnet IP
    Your email server test
    https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a216.53.249.115&run=toolpage

    Here is a older spam I parsed, the spammer is faking a Amazon IP but SpamCop picks it up
    https://www.spamcop.net/sc?id=z6646871784z9df15b8889614b273871f0e99d31a66fz

  8. Posted

    1 hour ago, Brian Kendig said:

    What does "identified internal IP as source" mean here? The only IP in the headers is 106.75.103.146, and that's in China.

    I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong?

     

    Showing a "SpamCop tracking URL" would help
    The only IP shown is a Chinese Botnet, You Chinese?
    https://www.abuseat.org/lookup.cgi?ip=106.75.103.146

  11. Posted

    10 hours ago, fritz2cat said:

    As Eonix appears to welcome spammers, I'm a bit reluctant to report the offending spam to Spamcop.
    Each piece of spam contains too many unique patterns, that render obfuscating useless and I risk being spammed more and more, or retialated.

    Spamcop and Spamhaus both fail regularly to block all those spams.

    I end up blocking their CIDR one by one as they are offending.

    I just want to automate it now...

    As always a SpamCop tracking URL would help?

  15. Posted · Edited by petzl

    5 hours ago, gnarlymarley said:

     I am not sure if I lucked out or if I happened to report at the time someone was in their office

    I get auto-acks but no action, All the google redirects show the pornsite is down?
    https://www.spamcop.net/w3m?action=checkblock&ip=51.68.136.176

    It's important to note that most of our services are rented "unmanaged" to our customers. 
    This means that we only have physical access to the server and cannot access its content (no root, administrator, or user access). 
    We are technically unable to modify or delete content, or making an abusive behavior stop by intervening directly on the server, 
    as it is not managed by us.

  17. Posted

    18 minutes ago, Tesseract said:

    https://www.spamcop.net/sc?id=z6643995729z6c0b835925fc83fc6ac686ba27423c1fz

    The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

    this going through a internal network/intranet?

    Through email server Ecuador needs password change (no TLS)
    190.152.46.226 no abuse address  try CERT https://www.first.org/members/teams/#Ecuador
    From Botnet in India
    106.210.0.13  
    https://www.abuseat.org/lookup.cgi?ip=106.210.0.13

  19. Posted

    46 minutes ago, Sven Golly said:

    For some reason, I could not change my mailhosts to accommodate my provider. A SpamCop admin gave me an exemption which worked for a bit but now I'm faced with a new problem. Again, I think it's probably due to the number of different servers our webhost uses. "Mailhost configuration problem, identified internal IP as source" yet reading the headers, it seems to come from outlook.com (aka Microsoft / hotmail /365)/)

    I noticed that they frogged my domain (geldner.com).

    https://www.spamcop.net/sc?id=z6643253727zd5ae1bdabed33c527117d9381682d770z

    2a01:111:e400:7ebd:0:0:0:51 abuse[AT]microsoft[dot]com
    If your email is going through a internal network it's hard to report?

  20. Posted · Edited by petzl

    6 hours ago, LaserMoon said:

    My question is, has anyone put together a guide for how to best target spam based on origin?

    Each country has a "Computer emergency response team" (CERT) which can override abuse desks. 
    They often give a ISP a "hurry-up" order to get things fixed
    https://www.first.org/members/teams/
    The problem is a lot of these addresses are run by companies just for their company,
    This creates confusion because many are not English and hard to differentiate between business and Government!

  21. Posted · Edited by petzl

    4 hours ago, LaserMoon said:

    Hello,

    I have an email sample that makes the SpamCop web form freeze (and crash) on Google Chrome as soon as the text is pasted in the form (Mozilla Firefox doesn't have this issue, but Chromium-based Microsoft Edge does).

    By the looks of it, it has to do with specially-crafted HTML attributes. (Does SpamCop try to to any client-side parsing, other than to check the length?)

    Is there a technical contact where I can send the file for analysis?

    Thanks.

    Probably email is too large, learn to truncate below the spam headers
    look at the bottom of spam shown in link below for word "Truncated"
    https://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z;action=display

  22. Posted

    9 hours ago, Ricardo_63 said:

    Well, that is difficult to explain to ISP, I have claim about spam emails and they told it have spam protection against to spam mails, but clearly spammers can override ISP spam protection.

    That’s reason why I report each spam mail to SpamCop.

    Well I don't see the "received by"  line 
    Which should be followed with the
    "Received: from" vedicisland.com (vedicisland.com. [77.32.212.194])
    As with this example (Gmail)
    https://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z

  24. Posted · Edited by petzl

    3 hours ago, Ricardo_63 said:

    after done it appeared on the MailHosts list, but it showing nine hosts

    thats normal
    you need to contact your ISP to get it to stamp  it's own IP "received: by"?
    example below
    https://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z
      

    Delivered-To: x
Received: by 2002:a0c:9b89:0:0:0:0:0 with SMTP id o9csp1186644qve;

     

  25. Posted · Edited by petzl

    4 hours ago, Ricardo_63 said:

    I presume my mail server use one of them.

    SpamCop has them ALL whitelisted/won't report them. So your mailhosts seem ok. 
    Assuming you clicked add new hosts and received a email, to which you clicked the embedded link?
    https://www.spamcop.net/sc?id=z6642947923z6d9895034f835eced8ac22b50e215d41z

    Your ISP has not stamped it's own IP "received: by"? example below
    https://www.spamcop.net/sc?id=z6643015246zbc86c5610081722fba5bae72dba9b145z

×