Jump to content

jseymour

Members
  • Content Count

    93
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jseymour

  • Rank
    Member
  1. jseymour

    Can cPanel/exim REJECT unknown addresses?

    Thanks. Unfortunately, I don't have access to cPanel. I believe my hosting company (Site5) uses cPanel, but the interface they provide to us is something they developed on their own. The closest analogy I see is in my "Email Forwarders" settings - where I have my wildcard address set to ":fail: No Such User Here". However, the mail server still accepts all incoming messages and then generates a bounce after-the-fact. Your reject entry above doesn't speak to me, either. I don't see a three-digit response code - which begs the question: Is this a SMTP reject or a "bounce" message? Finally, I sent a suggestion to Site5 that they should fix this deficiency, but they have (so far) ignored me. When my renewal comes up, I am considering switching to a more email-friendly host (if I can find one).
  2. jseymour

    Can cPanel/exim REJECT unknown addresses?

    Thanks. I did a search before posting and didn't see anything that looked useful. There's a lot of information available about how to set up an RBL (including the thread you pointed me to). However, I've not seen anything about rejecting based on recipient information. Part of my problem is that I'm a little out of my league. I'm familiar with mail servers in general (having run a couple of Postfix servers for several years), but I have no clue about cPanel and Exim. Based on the Exim documentation I've seen, it appears to be possible - but I don't know if cPanel provides access to the appropriate option(s).
  3. My hosting company (Site5) does not appreciate the importance of rejecting bad email addresses at the SMTP level. Instead, they accept all messages and then generate a new bounce if the recipient is unknown. I'm sure we all know the problem with this method. Site5 is running cPanel and uses the Exim mail server. Does anyone know if this combination can be made secure with regards to invalid recipients? If it can, I'm going to try to get them to set it up properly. If it can't, I'll be looking for a new hosting company... (Their response to my problem ticket was not promising: "It is fairly common behavior for a server to accept a message and then bounce it after the fact as long as the domain is configured on the server.") -Jim Seymour
  4. I don't recall seeing that before. However, I usually Quick-Report my Yahoo! messages, so I don't normally see that level of detail. Ah, yes. It took me awhile to grok what you were saying... If you follow the tracking URL and take the link to "View entire message", you can see my spamcop.net address plain as day - even though the same line is excised from the parse details. spooky. Is somebody doing something about this? I send all my messages unmunged, so I'm willing to take the risk of exposure there - but I'd rather not have my email addresses available to web crawlers...
  5. It looks like there are still some snags in this setup. On Wednesday, I reported a spam which came through Yahoo and the parser stopped at Yahoo. Here's the tracking URL: http://www.spamcop.net/sc?id=z933518046z01...7f7b5594d6c4b4z However, today it seems to be parsing properly, so I'll have to write this one off as a one-time hiccup.
  6. And thank you for helping resolve this.
  7. Sorry about the URLs. I thought the ones I had were tracking URLs. These should be better: http://www.spamcop.net/sc?id=z921034990zeb...66a415eb63ac58z http://www.spamcop.net/sc?id=z921034979z73...1ff86cf7d98e64z http://www.spamcop.net/sc?id=z920842227z1b...ff6121ade8c2b5z All three of these look to me as though the Received lines go back through Yahoo, yet Spamcop stops at the Yahoo IP since it's not on the list. I've gone through the mailhost configuration, but none of the test messages went through 216.39.53.* so nothing changed in my mailhost setup. Am I right in assuming that Spamcop maintains a list of "Yahoo" IP addresses and when a test message goes through one, it adds the list to your mailhost config?
  8. I have a Yahoo email address that is forwarded to my Spamcop account (I pay Yahoo for the account and have set up automatic forwarding). When I report spam that comes through that path, the reports often go back to Yahoo, not the true originating IP. It appears that Yahoo is sending through a series of IPs in the 216.39.53.* net and Spamcop's Yahoo mailhost does not know about them. I've seen ~50 different IP addresses used out of 63 messages in the past four weeks. What's the procedure for getting these IPs added as legitimate? Here are a couple of recent examples: Email from 216.39.53.112 / 11 Apr 2006 04:45:08 -0000 http://www. spamcop.net/w3m?i=z1716073746za...035a895230d10bz Email from 216.39.53.98 / 10 Apr 2006 13:00:42 -0000 http://www. spamcop.net/w3m?i=z1715137723zb...d545b68362fef4z Moderator Edit: link broken as they were not Tracking URLs, rather "Abuse Center" links for an ISP to take some action on the 'report' ....
  9. jseymour

    Another virus false positive?

    Thanks. That's a very cool resource!. I sent it the picture and the entire email and it found nothing (as expected).
  10. jseymour

    Another virus false positive?

    I don't think so. The subject didn't mention Michael Jackson at all.
  11. Awhile back, I posted a query about Spamcop's incoming virus filters catching (and silently discarding) phishing attempts. This was confirmed by the support folks. While this is annoying, it's not a huge deal. I keep copies of all email that my system forwards to spamcop, so I can manually drop the phishes into my "Held Mail" folder and then report them. It's an extra step - but it doesn't happen often enough to be a major hassle. However, today, a friend sent me a forwarded, tasteless picture that vanished into the Spamcop blackhole... My suspicion is that Spamcop's mail system decided it was a virus and silently deleted it, which begs the question: What criteria does Spamcop use for silently deleting a message? I understand (and agree) about deleting viruses - but this kind of false positive seems like something is misconfigured. (While the picture was tasteless, the message itself was harmless - a 2-part MIME message: one part plain text, the other part a JPG with a Michael Jackson joke). Additional technical details for those who care: I run two mail servers (one at home and one at work). Each system forwards certain messages to accounts at spamcop.net. In the case of my work email, Spamcop then filters the messages and returns the good ones back to a "secret" account on my mail server. This all works quite well - but outages in the past have made me paranoid, so I have a second copy of all such messages delivered to a special local holding account. The servers are running Mandrake Linux 9.1 and Postfix 2.0.6 and I have two different Spamcop accounts (one for each server).
  12. Indeed. I did send an email to JT back in February (with the Subject of "Phishing attempts being silently deleted?"), but saw no response. After a few more phishes went missing, I tried the deputies. I didn't mean to sound like I was complaining about a lack of response. It's true, I got no "official" response to repeated postings here and one email - but I never considered this issue to be "grave", so I tried not to make a fuss. Sorry if I breached some etiquette by going to the deputies to get a resolution...
  13. For those keeping score at home, these vanishing phish emails keep showing up. I finally contacted the deputies and got an answer confirming that they are being deleted by the anti-virus software. It's not quite what they want - but apparently, it's not something they can change. Since I don't receive a lot of these, I can live with that explanation. It's frustrating, but since I keep local copies of all messages that I forward to Spamcop, I can still manually report the ones that go into the A/V black hole.
  14. And it keeps coming... http://www.spamcop.net/sc?id=z752359153ze3...e169f4bcde127bz I just can't understand why these are being deleted. There's no active content that I can see, so I don't believe they are being rejected as viruses. It seems that either there's a bug somewhere or Spamcop has made a conscious decision to delete phishing attempts.
  15. These are still infrequent, but I've seen about four over the last couple weeks. Here's another: http://www.spamcop.net/sc?id=z737269217z42...4a5a14fbd9ee5cz My system received this phish attempt this morning at 06:39:20. It was forwarded on to my Spamcop account two seconds later. Spamcop accepted the message with a 250, but it never showed up in my Held Items (nor was it returned to me). It is as if this phish was treated as a virus and deleted silently - which (to me) is a bug. I asked support[at]spamcop.net about this, but got no response.
×