Jump to content

gnarlymarley

Memberp
  • Content Count

    523
  • Joined

  • Last visited

Everything posted by gnarlymarley

  1. gnarlymarley

    MTA version parsed as IP address

    Doesn't appear to be fixed. I see line #7 has the problem still 7: Received: from process_milters-daemon.rn-mailsvcp-relay-lapp04.rno.apple.com by rn-mailsvcp-relay-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QF100500ALEFW00@rn-mailsvcp-relay-lapp04.rno.apple.com> for x (ORCPT x); Thu, 13 Aug 2020 20:24:51 -0700 (PDT) No unique hostname found for source: 8.1.0.6 mac.com received mail from sending system 8.1.0.6
  2. As much as I agree with this, I remember a company called "America OnLine" (AOL) who has sent out floppies and later CDs in the 1990s. You could use their free month, but they required a valid credit card. I didn't feel like giving it to them, so I never used the free month. My guess is that maybe why they didn't get the customer base they desired. I do not have a good replacement scheme for your suggestion and it appears it would stop the spammers.
  3. gnarlymarley

    To Bounce or Not to Bounce?

    It is correct that your IP will be showing since you started the test email. Your IP will not be showing when someone else starts the email as it will be their IP. These suggests to send bounces to a local address and look at them: https://www.spamcop.net/fom-serve/cache/380.html This suggests to check the device if it is the source of the spam: https://www.spamcop.net/fom-serve/cache/405.html
  4. That is a good question. I would almost expect abuse@microsoft.com to be on the list as well in addition to the administrator's abuse address. I think this might be microsoft's cloud and it is going to the server admin, which may or may not be the spammer.
  5. That is a good question. I would almost expect abuse@microsoft.com to be on the list as well in addition to the administrator's abuse address. I think this might be microsoft's cloud and it is going to the server admin, which may or may not be the spammer.
  6. That is a good question. I would almost expect abuse@microsoft.com to be on the list as well in addition to the administrator's abuse address. I think this might be microsoft's cloud and it is going to the server admin, which may or may not be the spammer.
  7. That is a good question. I would almost expect abuse@microsoft.com to be on the list as well. I think this might be microsoft's cloud and it is going to the server admin, which may or may not be the spammer.
  8. gnarlymarley

    Hi Spamcop, Please Unblock

    I am not sure if this could be done in Cpanel, but one thing I had done for my RBL section was to add an exclusion for certain accounts in my exim setup. It is easier if the accounts are hidden and say alias accounts to the real thing. local_parts = !postmaster : !abuse Something I have also done is to use a scoring system such as spamassassin, so that a single RBL is not able to let me mail server block email.
  9. gnarlymarley

    Hi Spamcop, Please Unblock

    I did find the following post where it appears that 50.31.49.41 has been used quite a bit in the past to sent spam.
  10. gnarlymarley

    To Bounce or Not to Bounce?

    I think some clarification needs to be around the word bounce. If you are bouncing during the smtp connection, then the bounce will not originate from your server, but will be sent from the sending server. If you accept the email, and then bounce later, it will be coming from your server. My preference is to disable anything that might show my server's IP, such as a bounce after SMTP accept, and to have my server to reject during the SMTP connection so the IP in the bounce would be the sending server's IP, not mine.
  11. gnarlymarley

    OVH.Net spam ?

    Ah, so any bounces from "postmaster@client_host.com" or from "<>" might have been rejected to your account. Also, those bounce replies would have gone to either "From: billing@anotherdomain.TLD" or to the mail__envelope_from you setup when the emails were sent. If you like, and it is visable, you can set to the mail headers "Warnings-To: billing@anotherdomain.TLD" or "Errors-To: billing@anotherdomain.TLD" to get problems, but these headers usually go out with the emails and could be visible.
  12. Ouch. That doesn't sound good. With the Received lines being replaced, the only way to find the IP is to go back to the logs on each server and look up the "id" from the received line. (That is, as long as it didn't change that too.)
  13. gnarlymarley

    how to request details on the specific complaint

    I am a volunteer too. You mentioned a summary report and ARF format. If I remember correctly those came from the "ISP Control Center" account as an hourly or daily email as "Third party interested in daily aggregate summary reports". There would have been a separate email that Lking is talking about that contain a link to the spam. This email would have been sent to abuse address as defined in your local internet registry's whois service.
  14. gnarlymarley

    Invalid certificate of forum.spamcop.net

    My firefox showed invalid certificate until I made a permanent exception. Some of the providers use multiple ssl certificates for a connection, but this is not one of those sites.
  15. gnarlymarley

    Reply-To abuse

    That is why I either use the imap downloading offered in email client downloads, or if I have my own server, I use fetchmail. This way, I do not abandon the old account and replies can come from the new account.
  16. The date in the receive line should be added by Yahoo's servers, and the spammer should not be able to trick the server into putting in the wrong date. As it is possible that there could be a bug in Yahoo's servers that they might need to fix, it is more likely that Yahoo has either the wrong date or a problem with their server's ability to deliver email. Yahoo should be the one to fix such a bug, queue processing, and the time on the servers.
  17. gnarlymarley

    spam with no sender source? How is that?

    Hmmm, I wonder if it works for you if you wait without doing anything. Such as revising a tracking URL that didn't work after an hour or two. If so, might be some other issue.
  18. gnarlymarley

    Spam by SMS?

    sounds like something tied to the US Federal Trade Commission.
  19. gnarlymarley

    Disappointed in links

    I found some of the pages are still there, but when they upgrade the forum a few years back the links changed. Trying to search for the pages seem to bring the up for me. I don't like how the links don't always work after that upgrade.
  20. gnarlymarley

    OVH.Net spam ?

    I am curious if you are not getting bounces or if the invoice emails are going to their spam folders and they are not paying attention to it. Google has made some changes to their spam folders a few years back and now I have to check the spam folder on a daily basis for non-spam email.
  21. gnarlymarley

    Unusual

    Also good to know is that some people would make their own blacklist or point it to spamhaus, but leave the "data response" section indicating it was done by SpamCop. The following is one configuration that was found a few years back and you can see that there can be more than one blacklist on the message. reject_domains: deny message = rejected because $sender_host_address is in a black list at bl.spamcop.net dnslists = bl.spamcop.net : sbl.spamhaus.org : xbl.spamhaus.org I do not like how someone people left their configurations blaming SpamCop if (such as this example) the IP is on a blacklist at SpamCop or spamhaus. If your mail server IP is not listed in bl.spamcop.net, either it was for a small time or the email provider has their own blacklist and is blaming SpamCop. Those, I have to use my hotmail email to ask them why since they could be blocking my other address.
  22. gnarlymarley

    SpamCop Emails To Me Bounce

    If they cannot remove the filter, maybe one possible option is for them to whitelist the mfrom domain of SpamCop.net or give it a non-spam score. It would be nice to not use the word "spam" in a filter. But then what kind of spammer would actually use the word "spam" in their emails?
  23. gnarlymarley

    Reply-To abuse

    Spammers started using Reply-To a few decades ago because they could mask the from as an invalid and prevent bounces. Yep, and SpamCop does not send a report for the "from:" address either. Only the source IP, any relay IPs, and the URLs are reported. This is an interesting idea, but the from and reply-to could be spoofed to catch innocent people. I think I almost vote to have a feature like this added, if it were not for the possible spoofing.
  24. Eventually you should start to recognize the external and internal headers and might be able to shorten step 3.
  25. gnarlymarley

    spam with no sender source? How is that?

    One question that I am not sure if you know, you can revisit any of your tracking URLs and from my experience they will get any mailhost changes you make. You have about 48 hours from the time the email was received by your border server to report. My email provider's IP is dynamic and I have never had a problem reporting or using mailhosts. Then I use exim and KNERD seems to be using postfix. Maybe SpamCop might be parsing the headers from different servers differently?
×