Jump to content

petzl

Memberp
  • Content count

    2,005
  • Joined

  • Last visited

Posts posted by petzl


  1. 20 hours ago, showker said:

    Life is short.   I'm concentrating on what I can change, and ignoring all that I cannot change!

    I'm hitting Chinese spam all fed by Botnet probably from outside China  but Chinese writing same as "our"  Forum spammer just something to disrupt

    Chinese spam need to be forwarded as attachment to abuse [at]12321 [] cn  include what you can in report

    For unknown reasons China has a lot of providers with "Port 25" open

    Sample auto-ack with report

    112.112.13.114 is an open proxy   BOTNET
    (Botnet is IP hopping)  spewing spam
    anti-spam [ ] ns.chinanet cn net
    SEE https://www.abuseat.org/lookup.cgi
    
    SEE ALSO CisCo sites REPUTATION IP LOOKUP
    https://www.talosintelligence.com
    
    If Microsoft Windows Defender is available to your customers, they need to  use it!
    THEN Change Password
    https://www.spamcop.net/w3m?action=checkblock&ip=112.112.13.114
    In the past 88.9 days, it has been listed spewing spam 28 times for a total of 34.6 days
    BLOCK OUTBOUND PORT 25, 
    https://www.spamhaus.org/pbl/query/PBL340179
    >

     


  2. 10 hours ago, RobiBue said:

    btw, what do you mean with the quote below the SBL link? I don't get the connection...

    Just the blurb I copy and paste into reports, seemed to me a compromised computer.
      I did not know that CocaCola  no longer owned that IP but as it's not on spamtrap addresses makes me wonder if that IP has not scraped email addresses from it?

    You though had it nailed by being in touch with CocaCola. It has already been disabled😎


  3. 7 hours ago, RobiBue said:

    info [AT] cert. gov. au  and  consumer_information [AT] ccamatil .  com
    They have no abuse contact but a Australian IP belongs to CocaCola
    167.103.35.178
    https://www.spamhaus.org/sbl/query/SBL247801
     

    compromised/forged web and or email accounts
    If Microsoft Windows Defender is available to you, use it
    Scan for Malware! 
    THEN
    Change log-on to a more secure password-Phrase! 
    
    
    >

     


  4. On 8/28/2018 at 11:11 AM, lemj3 said:

    I may be misunderstanding your response, but there is no problem with reporting spam.  The issue is the SpamCop AutoResponse messages are being blocked.  Somewhere

    No problem for me but I cut and past. Sometime you have to work out your problem yourself.
    Firstyou have to work out who is blocking/bouncing your SpamCop  AutoResponse look at the bounce headers it should tell you


  5. 7 hours ago, billcole said:

    Yeah, I had pretty much reached the same conclusion.

    Which is more generally described as: 

    
         If you have 2 accounts, Me@Provider1 and Myself@Provider2, 
         both with SpamCop Mailhosts configured on the same reporting account, 
         then SpamCop won't target Provider2 with reports when Spammer@Provider2 spams Me@Provider1. 

    Even more generally:

    
         It is harmful to add a Mailhost config for a retail mailbox provider 
         to a SpamCop reporting account which has any other Mailhost config.

     

    With Gmail just report spam as phishing then delete! Gmail seem confident this will kill spam?


  6. 9 hours ago, Jonas Mellergård said:

    webb server (193.0.253.30/ 2001:67c:2b58:1:0:0:0:30) forwards everything to log/externalmail/server at 193.0.253.39.

    193.0.253.39 has multiple ip numbers in the 193.0.253.0/24 net

    Seems it was removed from the  blocklist by ISP

    Quote
    Parsing input: 193.0.253.39

    [report history]
    ISP believes this issue is resolved 193.0.253.39

     

    ISP believes this issue is resolved: 193.0.253.39 - no date available

     


  7. Gmail seem to be the ONLY loons doing this?

    presently gmail headers 2nd line needs deleting before submitting. Trouble is ISP's need FULL headers as evidence so past deleted line in comments

    Delivered-To: x
    Received: by 2002:a9d:21b7:0:0:0:0:0 with SMTP id s52-v6csp2028874otb; DELETE
            Sat, 28 Apr 2018 09:00:41 -0700 (PDT)

  8. 7 hours ago, goodnerd said:

    Maybe this is related to the iana.org default reporting address...

    SpamCop often gets reporting address wrong or can't find them. I use a freeware windows program to check.
    Direct link for instalation download here  http://www.nirsoft.net/utils/ipnetinfo_setup.exe it's hard to find on webpage

    http://www.nirsoft.net/utils/ipnetinfo.html but it's at the bottom/end of page


  9. 29 minutes ago, PARCO Innovation said:

    I have see that.

    What is the ISP's ? In fench we said "l'hébergeur web". It's that ?

    Because it's very problematic for us and we need a solution. We are totaly alone in this situation... 

    ISP means "Internet Service Provider". Whoever receives your email seems to be blocking OVH who once had a bad name for dealing with spammers. You maybe can contact recieving provider to ask them to "whitelist" your email.

    SpamCop is like a radar, if it gets spam over normal volume in it's spamtrap  and reporting submissions by members it blocks IP for 24 hours after last spam message.
    You should maybe consider Gmail in emergency situations. It is not SpamCop blocking you. Also do not publish your full email address in public like here. 
    Use "commercia [AT]parco-innov[DOT]com" to hide from Bot's who scrape email address's.


  10. 2 hours ago, PARCO Innovation said:

    You are a spam blocker, you need to soluce us for that.

    It's not listed I see no evidence it ever was? the link below shows you the IP is not blocked.

    Some times ISP's use their own blocklist and blame SpamCop for it!

    https://www.spamcop.net/w3m?action=checkblock&ip=151.127.13.142

    Cisco also gives your IP a clean spam report if it was ever listed it would give it a "poor" rating

    https://www.talosintelligence.com/reputation_center/lookup?search=151.127.13.142

     

×