Jump to content

gnarlymarley

Memberp
  • Content Count

    521
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    Reporting problems today?

    Could it be divided out that your slow ones were in the RIPE area?
  2. gnarlymarley

    Reporting problems today?

    The sad thing is that the SCBL is not getting populated with new stuff during the downtime. I would think that would hurt ironport more than it would help their own software.
  3. gnarlymarley

    Reporting problems today?

    Yea, Looks like it might be still broke.
  4. gnarlymarley

    Reporting problems today?

    I believe this is somewhat normal as one spam can be sent to more than one email. I believe each of those sent out count separately.
  5. gnarlymarley

    Reporting problems today?

    This is new. Maybe we are getting somewhere.
  6. gnarlymarley

    Reporting problems today?

    Ping is not completely a good test with the default settings. I have worked with switches that only let through 122 bytes. Ping by default is 80 bytes. The diagnosis too longer until we made the ping packet size closer to the MTU. I can say that the front-end server are responding perfect, but seem to be timing out when trying to contact the backend servers. Both the spam emails and the whois information will be stored and cached in the database. The issue could be either along the lines of the database, or also could be when it tries to go out and perform an external query such as whois or DNS from abuse.net. I believe we would see something different if this was a brute force on the Akamai servers.
  7. gnarlymarley

    Reporting problems today?

    You mean the news page http://mail.spamcop.net/news.php. The status page is in the upper right corner in the link found by the white, blue, and green image: http://forum.spamcop.net/forums/index.php?...&page=stats
  8. gnarlymarley

    Reporting problems today?

    FYI, once I get my first gateway timeout, it is about 30 minutes for it to work. From what I see, it times out at each mail message hop. The database could be affecting the whois lookups too. Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.76a7ab41.1341778670.13a8e432
  9. gnarlymarley

    Reporting problems today?

    This tracker goes with all of the following: http://www.spamcop.net/sc?id=z5366876323z2...e538cb80f83f3cz -> 2600:6:340:1::41ab:a77a
  10. gnarlymarley

    Reporting problems today?

    Still working here and the "reports sent" on the stats page is going up a little. We have two days from the time spam was received to go back and report if anyone has those.
  11. gnarlymarley

    Reporting problems today?

    Just a quick note that I got the following from 2600:6:340:1::41ab:a791, if it helps. Gateway Timeout The proxy server did not receive a timely response from the upstream server. Reference #1.76a7ab41.1341613235.10034406 EDIT: It appears to be working again.
  12. gnarlymarley

    Reporting problems today?

    This is an issue. From the stats page, I noticed that is has dropped considerable. From my time on a university helpdesk, the hardest problems to diagnose were the intermittant ones. Since this works at the high usage times of the day and stops at other times, it is much more difficult to diagnose. If I knew how to help, I would start gathering information. This I know, the problem is the same between me and both IPv6 and IPv4 frontend servers. This looks like a backend server issue. I wonder if the frontend servers are trying IPv6 to the backend servers and failing?
  13. gnarlymarley

    Reporting problems today?

    It is odd that this is only certain times of the day where the issue arises. When the issue does happen, both the mail host section and the reporting section on the only place that I have been able to detect the issue.
  14. gnarlymarley

    error: Headers not found

    Well, all is working again and I am not able to duplicate it with the received lines. I noticed that gmail puts a bunch of spaces at the beginning of the RFC822 message, but the "Return mailhost configuration" screen still accepts it. The only wait I can get the error to duplicate is to start the headers with "Hello SpamCop user,". It could have been related to the partial outage. Don will find something when you forward the message to him.
  15. gnarlymarley

    error: Headers not found

    Ouch on my part, as "Show Original" was called "View Source" on the last gmail template. If I recall right, there is a body box and a header box. It sounds like you are pasting the whole thing as one message into the header section as expected. I am not able to test it as I have a permanent "Gateway Timeout". As soon as it comes back, I can try this myself.
  16. gnarlymarley

    error: Headers not found

    Ah, when you copied out the mail host email out, did you use the drop-down option on the right for "show original"? Gmail has the headers hidden there. SpamCop needs these headers to see all servers that test message goes through.
  17. gnarlymarley

    error: Headers not found

    A tracking URL could be also helpful. When I get a message like this, it could means that SpamCop could not see any headers. This could be that your spam came from and internal Gmail users.
  18. gnarlymarley

    discarded as a forgery

    Please note that once you get your mail host configuration setup, that you go back to the old tracking links and verify that they are picking up the setup properly.
  19. This is true for the immediate future, however, over time, if you keep up a regular schedule of reporting spam, the spammers will get fed up and leave your address alone. This took me about six years after signing up for SpamCop for my received spam to trickle down to one message every two days from twenty messages a day. Thanks to the SpamCop block list, my average rejection rate is 6 spam messages a day. Please take special note in what Don says about accept and bounce, which should never be deployed. The only true options are to either reject the message during the connection, or to send it to the bit bucket. Yes, once we all work together as a group, we can trim down the spam.
  20. gnarlymarley

    IPv6 Routing Support

    Good news to all the IPv6 folks out there. http://www.spamcop.net/sc?id=z5324131362z4...47234ee1c0da1fz There is some stuff still lacking like this tracking link I found couldn't find a person to report to, but that should be a minor fix. It is something about "Cannot find ip range in whois output". turetzsr, I think you have connections with Julian. Can you pass on the congratulations?
  21. gnarlymarley

    No Source IP Address

    A tracking URL would be most useful, but without it, I will try to answer the question. SpamCop tries to track mail-hops, but there exists in both IPv4 and IPv6 something called private (or internal) addressing. This is used when the message is behind a NAT (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, FEC0::/10, or FC00::/7) and is using one of these addresses. When SpamCop encounters one of these addresses which is not globally route-able, it cannot track the source of the spammer. If SpamCop thinks the internal mail-hops is tainted, it will stop tracking all remaining mail-hops.
  22. gnarlymarley

    [Resolved] How do I change my password?

    For reporting accounts, make sure you go to http://www.spamcop.net/ and login. Click on "Preferences" and the third option down is "Change Password".
  23. gnarlymarley

    IPv6 Routing Support

    We should face the facts that IPv6 is not human, nor code friendly. IPv4 was easy to code for because it HAD three periods. IPv6 can have any number of colons, but not more than eight. Code that matches IPv6 will always be complex and never as simple as IPv4, as seen below. I suspect this is partly why SpamCop has not fully implemented it yet. m/^([0-9A-Fa-f]{1,4}:){1,7}([0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|([0-9A-Fa-f]{1,4}:){1,1}(:[0-9A-Fa-f]{1,4}){1,6}$/ These are some generic questions, but I believe they get to the root of the problem. How do you go about reporting IPv6 to the upsteam, which is to say the ISP? How do you add the IPv6 address to a block list? I believe the main reasons for the delay is that they do not need to just match IPv6, but they also need to get other underlying code updated as well. We know that they are able to find the IPv6 address now, because the page says it found IPv6 and stops. I believe that SpamCop is working on the whois, reverse DNS, blacklisting servers, and also working with the abuse.net DB to get all of it IPv6 compatible. SpamCop needs to get all of their code updated so it handles IPv6 in all of the code, not just the detector portion.
  24. gnarlymarley

    Why Trusted?

    Trusted means that someone has tested the relay site in question. The two major requirements are that it is not an open relay and that the server is not owned by a spammer. A quick forum search returned the following: http://forum.spamcop.net/forums/index.php?showtopic=1172
  25. gnarlymarley

    IPv6 Again

    The main problem as to why IPv6 is taking so long is, how can you properly check for accurate IPv6 headers? Below is a snippet of email that I get which uses IPv6 in transit. I was not immediately able to locate the RFC that is more specific than RFC 2822. RFC 2822 does not dictate the format as exact as one would like. This can make decoding the lines by scri_pt or program more difficult to decode. Received: from hub.freebsd.org (hub.freebsd.org [iPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 22EA01587C2; Mon, 26 Mar 2012 00:37:01 +0000 (UTC) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 0C3841065675; Mon, 26 Mar 2012 00:37:01 +0000 (UTC)
×