Jump to content

petzl

Memberp
  • Content Count

    2,507
  • Joined

  • Last visited

Posts posted by petzl


  1. 5 hours ago, lanny said:

    Hi @petzl I hoped the details can be kept non-public but let's look at the real details:

    https://www.spamcop.net/sc?id=z6675008964zc1dc39ff8aa771b6633043fa7cd917c5z

    The owners of these IP ranges generally are not very cooperative until they see their IPs show up on bloacklists.

    Is email from a internal server,? No IP's are showing.
    Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])


  2. On 10/10/2020 at 4:31 AM, lanny said:

    Is there a ticketing system where I can submit the raw input/output privately?

    Thanks in advance!

    Without a Tracking URL hard to workout what is happening?
    Example top of page BEFORE you submit/send report
    Here is your TRACKING URL - it may be saved for future reference:
    https://www.spamcop.net/sc?id=z6673824588z4497eb805827af26ebca08dac0cd33ccz

    From what I can guess your email provider is not stamping the/a received line?
    You can forward (as a attachment) directly to the abuse address of  the IP who sent it


  3. 4 hours ago, gnarlymarley said:

    My firefox showed invalid certificate until I made a permanent exception.  Some of the providers use multiple ssl certificates for a connection, but this is not one of those sites.

    Might refer to not being TLS?
    But I seldom use firefox but nor issues come up ?


  4. 10 hours ago, emanmb said:

    I was going to make a new post but it seems it is not needed? 

    What the heck is going on here?

    I don't come to the forums much but this issue has been going on a REALLY long time.  I may have posted about it years ago but saw this thread first.

    Just used my FireFox browser no issue?


  5. 2 hours ago, pedza said:

    Hello!

    Few days ago some mail servers started to block our messages - senders in my organization  are receiving NDRs referencing to spamcop, including link: 
    https://www.spamcop.net/bl.shtml?OUR_MAIL_SERVER_IP_ADDRESS

    I have visited spamcop site and check our mail server IP address - the result is: OUR_MAIL_SERVER_IP_ADDRESS not listed in bl.spamcop.net
     

    Now i am confused - messages are rejected and ip address is not on BL.

    How to proceed?

    Thank you in advance for any idea!

    Some mailservers run their own blocklist and blame bl.spamcop.net 
    go here to see what your email servers reputation is
    https://talosintelligence.com/reputation_center


  6. 1 hour ago, Sakamoto said:

    Hi.
    I'm a 210.172.109.36 administrator.

    210.172.109.36 is blacklisted on apews.org.
    How can I remove from the blacklist?

    Search results should also be included.

    SpamCop has nothing to do with APEWS but read this

    Seems your logon passwords can be scanned pay to fix this, or spammers can steal logon/password for your email server
    https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a210.172.109.36&run=toolpage
        SMTP TLS    Warning - Does not support TLS


  7. 2 hours ago, Outernaut said:

    I just received this spam and manually applied it to SpamCop (spamcop.net)

    Hope the "Tracking URL" will help.

    https://www.spamcop.net/sc?id=z6649444921z99fe2e4ed82404e339f14c6492a2f6c3z

    Question:

    Did this come from the internal site to where it was sent?

    ~O~

    Your email provider  has not stamped a received FROM IP line
    Although a IP is mentioned 166.181.83.113 ?


  8. On 8/29/2020 at 12:53 PM, Brian Kendig said:

    "Not stamping received IP only"? Is that a problem on my end?

    Your email server needs to stamp it's own IP  (216.53.249.115) as well as the sending IP.
    The only IP it shows is the "From" IP.
    106.75.87.56.
    This needs fixing 
    More Information About Smtp Banner Check
    The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.

    This also  needs fixing (ask your ISP) as many services will discard email from you
    More Information About Smtp Reverse Dns Mismatch
    The forward lookup (A) of the hostname hostname did not match the reverse lookup (PTR) for the IP Address. 
    Example of a correctly matching pair of records:
    (A) lookup for smtp.mxtoolbox.com resolves to 208.123.79.38
    (PTR) lookup for 208.123.79.38 reverses to smtp.mxtoolbox.com

     


  9. 11 hours ago, Brian Kendig said:

    216.53.249.115.

    https://www.spamcop.net/sc?id=z6647673526z717f1b3f9f3bda2be59f7a5a44fe732ez
    Not stamping received IP only and only the from  Botnet IP
    Your email server test
    https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a216.53.249.115&run=toolpage

    Here is a older spam I parsed, the spammer is faking a Amazon IP but SpamCop picks it up
    https://www.spamcop.net/sc?id=z6646871784z9df15b8889614b273871f0e99d31a66fz


  10. 1 hour ago, Brian Kendig said:

    What does "identified internal IP as source" mean here? The only IP in the headers is 106.75.103.146, and that's in China.

    I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong?

     

    Showing a "SpamCop tracking URL" would help
    The only IP shown is a Chinese Botnet, You Chinese?
    https://www.abuseat.org/lookup.cgi?ip=106.75.103.146


  11. 10 hours ago, fritz2cat said:

    As Eonix appears to welcome spammers, I'm a bit reluctant to report the offending spam to Spamcop.
    Each piece of spam contains too many unique patterns, that render obfuscating useless and I risk being spammed more and more, or retialated.

    Spamcop and Spamhaus both fail regularly to block all those spams.

    I end up blocking their CIDR one by one as they are offending.

    I just want to automate it now...

    As always a SpamCop tracking URL would help?


  12. 5 hours ago, gnarlymarley said:

     I am not sure if I lucked out or if I happened to report at the time someone was in their office

    I get auto-acks but no action, All the google redirects show the pornsite is down?
    https://www.spamcop.net/w3m?action=checkblock&ip=51.68.136.176

    It's important to note that most of our services are rented "unmanaged" to our customers. 
    This means that we only have physical access to the server and cannot access its content (no root, administrator, or user access). 
    We are technically unable to modify or delete content, or making an abusive behavior stop by intervening directly on the server, 
    as it is not managed by us.


  13. 18 minutes ago, Tesseract said:

    https://www.spamcop.net/sc?id=z6643995729z6c0b835925fc83fc6ac686ba27423c1fz

    The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

    this going through a internal network/intranet?

    Through email server Ecuador needs password change (no TLS)
    190.152.46.226 no abuse address  try CERT https://www.first.org/members/teams/#Ecuador
    From Botnet in India
    106.210.0.13  
    https://www.abuseat.org/lookup.cgi?ip=106.210.0.13

×