Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by petzl

  1. 1 hour ago, Sakamoto said:

    I'm a administrator. is blacklisted on apews.org.
    How can I remove from the blacklist?

    Search results should also be included.

    SpamCop has nothing to do with APEWS but read this

    Seems your logon passwords can be scanned pay to fix this, or spammers can steal logon/password for your email server
        SMTP TLS    Warning - Does not support TLS

  2. 2 hours ago, Outernaut said:

    I just received this spam and manually applied it to SpamCop (spamcop.net)

    Hope the "Tracking URL" will help.



    Did this come from the internal site to where it was sent?


    Your email provider  has not stamped a received FROM IP line
    Although a IP is mentioned ?

  3. On 8/29/2020 at 12:53 PM, Brian Kendig said:

    "Not stamping received IP only"? Is that a problem on my end?

    Your email server needs to stamp it's own IP  ( as well as the sending IP.
    The only IP it shows is the "From" IP.
    This needs fixing 
    More Information About Smtp Banner Check
    The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.

    This also  needs fixing (ask your ISP) as many services will discard email from you
    More Information About Smtp Reverse Dns Mismatch
    The forward lookup (A) of the hostname hostname did not match the reverse lookup (PTR) for the IP Address. 
    Example of a correctly matching pair of records:
    (A) lookup for smtp.mxtoolbox.com resolves to
    (PTR) lookup for reverses to smtp.mxtoolbox.com


  4. 11 hours ago, Brian Kendig said:

    Not stamping received IP only and only the from  Botnet IP
    Your email server test

    Here is a older spam I parsed, the spammer is faking a Amazon IP but SpamCop picks it up

  5. 1 hour ago, Brian Kendig said:

    What does "identified internal IP as source" mean here? The only IP in the headers is, and that's in China.

    I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong?


    Showing a "SpamCop tracking URL" would help
    The only IP shown is a Chinese Botnet, You Chinese?

  6. 10 hours ago, fritz2cat said:

    As Eonix appears to welcome spammers, I'm a bit reluctant to report the offending spam to Spamcop.
    Each piece of spam contains too many unique patterns, that render obfuscating useless and I risk being spammed more and more, or retialated.

    Spamcop and Spamhaus both fail regularly to block all those spams.

    I end up blocking their CIDR one by one as they are offending.

    I just want to automate it now...

    As always a SpamCop tracking URL would help?

  7. 5 hours ago, gnarlymarley said:

     I am not sure if I lucked out or if I happened to report at the time someone was in their office

    I get auto-acks but no action, All the google redirects show the pornsite is down?

    It's important to note that most of our services are rented "unmanaged" to our customers. 
    This means that we only have physical access to the server and cannot access its content (no root, administrator, or user access). 
    We are technically unable to modify or delete content, or making an abusive behavior stop by intervening directly on the server, 
    as it is not managed by us.

  8. 18 minutes ago, Tesseract said:


    The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

    this going through a internal network/intranet?

    Through email server Ecuador needs password change (no TLS) no abuse address  try CERT https://www.first.org/members/teams/#Ecuador
    From Botnet in India  

  9. 46 minutes ago, Sven Golly said:

    For some reason, I could not change my mailhosts to accommodate my provider. A SpamCop admin gave me an exemption which worked for a bit but now I'm faced with a new problem. Again, I think it's probably due to the number of different servers our webhost uses. "Mailhost configuration problem, identified internal IP as source" yet reading the headers, it seems to come from outlook.com (aka Microsoft / hotmail /365)/)

    I noticed that they frogged my domain (geldner.com).


    2a01:111:e400:7ebd:0:0:0:51 abuse[AT]microsoft[dot]com
    If your email is going through a internal network it's hard to report?

  10. 6 hours ago, LaserMoon said:

    My question is, has anyone put together a guide for how to best target spam based on origin?

    Each country has a "Computer emergency response team" (CERT) which can override abuse desks. 
    They often give a ISP a "hurry-up" order to get things fixed
    The problem is a lot of these addresses are run by companies just for their company,
    This creates confusion because many are not English and hard to differentiate between business and Government!

  11. 4 hours ago, LaserMoon said:


    I have an email sample that makes the SpamCop web form freeze (and crash) on Google Chrome as soon as the text is pasted in the form (Mozilla Firefox doesn't have this issue, but Chromium-based Microsoft Edge does).

    By the looks of it, it has to do with specially-crafted HTML attributes. (Does SpamCop try to to any client-side parsing, other than to check the length?)

    Is there a technical contact where I can send the file for analysis?


    Probably email is too large, learn to truncate below the spam headers
    look at the bottom of spam shown in link below for word "Truncated"

  12. 9 hours ago, Ricardo_63 said:

    Well, that is difficult to explain to ISP, I have claim about spam emails and they told it have spam protection against to spam mails, but clearly spammers can override ISP spam protection.

    That’s reason why I report each spam mail to SpamCop.

    Well I don't see the "received by"  line 
    Which should be followed with the
    "Received: from" vedicisland.com (vedicisland.com. [])
    As with this example (Gmail)

  13. 3 hours ago, Ricardo_63 said:

    after done it appeared on the MailHosts list, but it showing nine hosts

    thats normal
    you need to contact your ISP to get it to stamp  it's own IP "received: by"?
    example below


    Delivered-To: x
    Received: by 2002:a0c:9b89:0:0:0:0:0 with SMTP id o9csp1186644qve;


  14. 4 hours ago, Ricardo_63 said:

    I presume my mail server use one of them.

    SpamCop has them ALL whitelisted/won't report them. So your mailhosts seem ok. 
    Assuming you clicked add new hosts and received a email, to which you clicked the embedded link?

    Your ISP has not stamped it's own IP "received: by"? example below