Jump to content

GusB

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About GusB

  • Rank
    Member
  1. To recap, the original incidents involved checking SC's CBL-related filtering versus the "real" CBL list from CBL's website, and double-checking each time with the CBL organisation. This showed that SC's source for CBL listing was out of date, and JT stated that SC had taken steps to resolve this. Tests for verifying the resolution were then done on the original (not re-mailed) emails, and SC's output from the final test was:- (a) "82.110.105.65 not listed in cbl.abuseat.org" for one original email, and "88.144.66.221 not listed in cbl.abuseat.org" for the other; whereas... ( SC had originally given false positives (posted earlier) to these IPs, by outputting "blocked.cbl.abuseat.org" messages and placing the emails into "held mail". Your comment suggests in effect that the output at ( a) above was from a subsystem of SC different to the one which produced (, so that: - each subsystem may have used a base version of CBL different to the other - the subsystem producing ( was not in fact verified by this test - the test was thus not conclusive If so, thanks for pointing this out. Either way, I'll have to leave this now as the test was an "optional extra" - as much as I could devise as a user armed with the original emails only.... Please note that " smiley face" in my view of the above posting should read as ""...
  2. Good news! I recreated the original incidents today (by resubmitting for SC parsing the emails sent to me which SC had CBL-blocked before); and SC reported the relevant IPs as "not listed", in line with the real CBL.
  3. Can we please know the ongoing approx target time for changes in CBL's listing to be picked up by SC? - The original incidents failed again just now (I'll repeat each day or two) but, without SC's approx target refresh time, it's not clear whether this observation is bad or just indifferent....
  4. Will report back when ok against the original incidents. In the meantime, as the problem affects both CBL's & SC's reputations but its 3rd party origin means it can occur any time without SC or CBL knowing it has, I suggest that SC could usefully be asked:- - the target time for changes in CBL's listing to be picked up by SC. - whether it's feasible for SC to pick up CBL data from CBL rather than from a 3rd party.
  5. As posted above, I'm a Spamcop email service user and so new to the web parsing interface, which in my usage I now require only for producing tracking URLs for non-spam emails e.g. for a forum. So I was new too to the 2-screen interface needed for Outlook, and to munging friendly senders' details from tracking URLs. Many thanks for the enabling help with several of these! It looks like a quick solution to the substance of the CBL/Spamcop discrepancies. CBL updated me that they'd established with Spamcop that SpamCop was retrieving their copy of the CBL from a 3rd party, whose "copy of the CBL hasn't updated in months"...
  6. Noted, & thanks for the guidance throughout. CBL came back today after my enquiry to them to say they'd approach Spamcop about the problem, so hopefully it'll get resolved shortly.
  7. Will do. Here are two better tracking URLs (the emails are not spam, so the local-names in "from" and "return path" addresses are munged):- RE INCIDENT 1 http://www.spamcop.net/sc?id=z1019538452z1...b5c37b72f49b3bz Spamcop flags "blocked. CBL.abuseat.org". This is not as per CBL's list, as CBL Support confirmed in two emails (posted) that none of the IP addresses have been listed by CBL since June 29 (to July 31, and a check at their website today confirms this status). RE INCIDENT 2 http://www.spamcop.net/sc?id=z1019888603z4...c060161142c3eaz Same problem as Incident 1. CBL Support confirms in an email (extract posted below) that none of these IP addresses have been listed since March 2006. RE INCIDENT 2 - new email from CBL Support:- "From: CBL Team [mailto:cbl[at]cbl.abuseat.org] Sent: 04 August 2006 15:24 To: Axxx Cc: 'CBL Team' Subject: Re: Listed in Spamcop but not listed in CBL - 2 Of the IPs listed below, only 88.144.66.221 has ever been on the CBL, and that was almost 5 months ago. At that time, it behaved as if it was infected with a virus." >> X-SpamCop-Checked: 92.168.1.101 82.110.105.33 212.67.121.107 >> 88.144.66.221 >> X-SpamCop-Disposition: Blocked cbl.abuseat.org
  8. Yes, Steven's right. From the unmunged versions run just now: Incident 1 X-SpamCop-Checked: 192.168.1.101 82.110.105.33 82.110.105.65 X-SpamCop-Disposition: Blocked cbl.abuseat.org Incident 2 X-SpamCop-Checked: 192.168.1.101 82.110.105.33 212.67.121.107 127.0.0.1 127.0.0.1 127.0.0.1 88.144.66.221 X-SpamCop-Disposition: Blocked cbl.abuseat.org
  9. I wanted to avoid information overload, but here's CBL's "very surprised" view, replying to me, of Spamcop's blocking of 82.110.105.65 a month after it came off the real list. The views in the forum so far still seem to support a false positive - no algorithm's involved, it's listed or it is isn't, and it isn't.... From: CBL Team [mailto:cxxx[at]cbl.abuseat.org] Sent: 31 July 2006 14:58 To: Axxxx[at]highup.co.uk Cc: Cxxxx[at]cbl.abuseat.org Subject: Re: CBL listing for 82.110.105.65 You write: > * Many thanks for the information in your email below. > This is very useful, but I 'm not sure what the > current status of 82.110.105.65 is - could you please > clarify whether this is actively on the the CBL list, > or whether the behavior detected last month was as > recent history of the IP which is however not now > positively listed? the listing expired on June 29, 2006. > * If it's positively listed then (as in my email) this > fact doesn't show on the CBL website, so does the > website version need updating? [i can then approach > the mail hosting service responsible for the IP] > * If it's not positively listed, then I can take this > up with my Spamcop service, which reported that it > was and put Blocked cbl.abuseat.org in several > email headers. I'd be very surprised if Spamcop reported it as listed by the CBL. The listing has been expired for almost a month, and SpamCop runs better than that. But yes, you need to take this up with SpamCop. -- Rxxx, CBL Team
  10. Apols for the dodgy etiquette & thanks for the comments! FYI I'm new to forums; also new to the web parsing interface for producing tracking URLs for non-spam (normally a Spamcop email service user) but learning fast ... Here as Steven asked are the tracking URLs. Since it's not spam, message bodies & local-names in the email addresses are munged. RE INCIDENT 1 - Here's the Tracking URL: http://www.spamcop.net/sc?id=z1019221677zf...79902bf5c4126ez . Spamcop presented "blocked. CBL.abuseat.org", which is a false positive as CBL Support confirmed in writing (also below) that none of the IP address were listed from a month before the incident till after it occurred. This is the issue I reported. RE INCIDENT 2 - Here's the Tracking URL: http://www.spamcop.net/sc?id=z1019205689z1...e8c0323bbeb71cz Similar behavior as before: in theory this one could be explained by CBL delisting just after Spamcop interrogated the list: I can ask CBL Support to look at the history of these IP addresses also, if people think that's likely to be useful. RE INCIDENT 1 - Here's email from CBL Support confirming that the IP addresses were not listed:- >From: CBL Team [mailto:xxx] >Sent: 31 July 2006 01:49 >To: xxxx >Cc: xxxxl[at]cbl.abuseat.org >Subject: Re: CBL listing for 82.110.105.65 >You write: >> X-SpamCop-Checked: 192.168.1.101 82.110.105.33 82.110.105.65 >> X-SpamCop-Disposition: Blocked cbl.abuseat.org >[Of the three, only the last IP has ever listed. The first one (192.168.x.x) is a private network IP, isn't routable on the >internet, and would never be listed.] >The IP 82.110.105.65 was detected most recently at: > 2006/06/23 08:xx UTC >sending email in such a way as to strongly indicate that the IP itself >was operating an open http or socks proxy, or a trojan spam package.
  11. Are u there, Spamcop Support? The people from CBL show Spamcop's "CBL list" giving a false positive on an email; they checked that the only IP address in its header which ever appeared in the real CBL list was delisted a month ago. How so? Another false positive has arrived (with Spamcop = "blocked" but CBL website = "not listed"), from email using other IP addresses. It's not feasible for me, a user, to keep asking CBL Support to explain why IP addresses not in their list are being shown as being in it by Spamcop .... can Spamcop please respond to the original incident? Thanks - GusB
  12. I ticked the "CBL" box on my Spamcop service. Spamcop blocked several emails arriving through IP 82.110.105.65 yesterday & the day before, on the grounds: "CBLX-SpamCop-Checked: n.n.n.n n.n.n.n. 82.110.105.65 X-SpamCop-Disposition: Blocked cbl.abuseat.org" - But, when I checked, none of the three IPs were listed on the CBL.abuse.org website. - CBL support assisted with "of the three, only the last IP has ever listed. IP 82.110.105.65 was detected most recently at: 2006/06/23 08:xx UTC sending email in such a way as to strongly indicate that the IP itself was operating an open http or socks proxy, or a trojan spam package...." - And with "the listing expired on June 29, 2006. I'd be very surprised if Spamcop reported it as listed by the CBL. The listing has been expired for almost a month, and SpamCop runs better than that... but yes, you need to take this up with SpamCop." Since CBL indicate the other 2 IPs were never listed, is the application by Spamcop of a version of the CBL which was a month+ old, or intended another purpose, likely to be the reason for this discrepancy?
×