Jump to content

daringone

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About daringone

  • Rank
    Member
  1. daringone

    PITA User

    :angry: As usual... spammers killing useful functions of the net...
  2. daringone

    PITA User

    Thanks for the help guys The de-listing should be enough to get them off my back. I long for the old days when searching the BL would result in spam samples that I could show someone that happened to be complaining to me. Where did those go I wonder?
  3. daringone

    PITA User

    I need more specific information on why 216.89.106.254 is on the list if it is possible. I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc. (By the way, can we get rid of that statement yet? SpamCop's been around quite some time ) At any rate, some sample spam would be nice to throw back at him. Thanks in advance!
  4. daringone

    Worlds first "honest" spammer...

    Thanks as well, JeffG for the pin :-) A little update now on this. As usual, I should not have doubted Rule #1. At the same time I received the SpamCop notice that my SMTP server had been canned, I got a notice from Hotmail as well. I wrote back telling them I LARTed him, and this is what they replied with... This a day after Mr. Innocent claims he didn't know he bought a mailing list with names that may not have been "clean". He better walk the line, or he's gone for sure for more TOS violations than I have time to count.
  5. Well, I've tried to use this mailhost setup, but it's just not working Something is wonked somewhere, as I have 2 domains I accept mail for. Domain A is my primary domain, and according to the response message was successfully configured. Domain B is my work domain, where I have several addresses that I get spam at. Domain B has returned success messages as well, but the Mailhosts page still only shows one email address configured. So here are my stupid questions 1 - Does the mailhost have to be configured for each email address, or each domain? 2 - If more than one domain is set up will it show up with multiple mailhosts in the Mailhost name line, or will it just show the first one. 3a - I'm not forwarding mail anywhere... does it matter in what order I put in the mailhosts, as my two domains aren't related in that way. 3b - Though I'm not forwarding mail anywhere, Domain A's mail hits Domain B's MX servers first for SpamAssassin filtering... will this cause a problem or cause me to order the mailhosts differently? Lastly a comment. Judging by reading this thread, this appears to have been a good idea, but there are so many unique configurations out there that can wonk the system that it may not be able to be automated
  6. Well, this is amusing. I sent a Behavior Modification Email or "BME" to a customer that got their IP blocked, in addition to one of my SMTP servers. Turns out it was the first bona-fide spammer I've ever had to deal with on my service. I know there is a standard "How to run a responsible mailing list" document somewhere, but I can't remember where. If you could point me in that direction, I'd appreciate it He claims he "paid for a list of people that apparently requested this information". I don't know whether to believe him and just think he's naive and give the benefit of the doubt, or just remember Rule #1.
  7. daringone

    Odd Report

    Just a note on why that appears that way. We have a load balancer in our configuration. The IP that the world sees just forwards the mail to our clusters. The balancer then gives an IP in that NAT pool to the server that wants to talk to the outside world and all is finished. This could REALLY cause some havoc with the new mailhost system, because it will go in to our system as mailout.sssnet.com (24.140.1.50), but come out as 24.140.1.121 - 150 with a different host name. (nat-xxx-sssnet.com) This same configuration applies to our incoming mail as well, but I don't think that matters nearly as much given that it ends at our domain and is directly delivered to our storage servers.
  8. daringone

    ISP account seems broke

    Well, the "issues" link did help organize all reports I'd received, (now I'll just keep them in my inbox) but I can live without it if it truely helps system performance.
  9. daringone

    Odd Report

    Greetings: My ISP account received a complaint against it, and lo and behold it was actually out of one of my SMTP servers. When I looked at the header information, I found something quite odd: Return-Path: <<y>[at]sssnet.com> Delivered-To: x Received: (qmail 11368 invoked from network); 22 Mar 2004 02:51:40 -0000 Received: from unknown (192.168.1.101) by blade4.cesmail.net with QMQP; 22 Mar 2004 02:51:40 -0000 Received: from mangalore.zipworld.com.au (203.12.97.48) by mailgate.cesmail.net with SMTP; 22 Mar 2004 02:51:39 -0000 Received: from mailin2.pacific.net.au (mailin2.pacific.net.au [61.8.0.81]) by mangalore.zipworld.com.au (8.12.3/8.12.3/Debian-6.6) with ESMTP id i2M2pYjT004181 for <x>; Mon, 22 Mar 2004 13:51:34 +1100 Received: from smtp-1.sssnet.com (nat-121.sssnet.com [24.140.1.121]) by mailin2.pacific.net.au (8.12.3/8.12.3/Debian-6.6) with SMTP id i2M2pWo6021744 for <x>; Mon, 22 Mar 2004 13:51:33 +1100 Message-Id: <2004___________________1744[at]mailin2.pacific.net.au> Received: (qmail 28167 invoked by uid 507); 22 Mar 2004 02:51:31 -0000 Received: from <y>[at]sssnet.com by localhost.localdomain by uid 0 with qmail-scanner-1.20rc3 (uvscan: v4.2.40/v4339. Clear:RC:1:. Processed in 1.020501 secs); 22 Mar 2004 02:51:31 -0000 Received: from unknown (HELO COMMPADD) (24.140.82.250) by 0 with SMTP; 22 Mar 2004 02:51:30 -0000 From: "x" <<y>[at]sssnet.com> Subject: Money for You As you'll note, the actual source was the address 24.140.82.250 on the first "received" line. However, an IP in our NAT pool that the mail servers use (24.140.1.121) was the one listed in the BL. Why was my mail server listed instead of the correct source? An interesting note... in my two years at this job, this appears to be the first actual spammer on our service. He's about to not like me at all :-)
  10. daringone

    ISP account seems broke

    Evidently someone found the "Issues" page, because now instead of blank, it has a message that it's been disabled due to performance issues. So that explains it :-)
  11. daringone

    The future of spoofed spam looks bad

    Not sure I entirely understand what you were trying to say, but I'll guess at it :-) Let's say we have the following conversation where a foo.com user sends a message to a foobar.com user: foo.com user -> foo.com SMTP -> foobar.com MX -> foobar.com user This would be good, since the foo.com SMTP should have a correctly configured SPF record for itself, and at foo.com, that admin should only be allowing his own users to send mail. Now, if we had a foobar.com user trying to send through the foo.com SMTP server... foobar.com user -> foo.com SMTP -> *Transaction Halted* ... it should be blocked since the foo.com SMTP server shouldn't be accepting mail from a foobar.com IP... unless as you mentioned, they're compromised, and then again it's an admin with bigger problems than spam prevention. In the meantime, you could block their domain. Ahh yes, I muddled up my SMTP and MX thoughts there. However, I know you can tell an MX server not to accept mail without valid rDNS, so the functionality to make a DNS lookup with an MX server is still there.
  12. daringone

    ISP account seems broke

    Wasn't directed at you, Steven, it was at Wazoo since she mentioneed s/he'd never seen the page.
  13. daringone

    Spam trap

    Is yourbuddy an Anti-Spamcop guy, or just really cynical?
  14. daringone

    ISP account seems broke

    Maybe I'm *really* out of the loop? On my main page, when I go to just http://members.spamcop.net and enter my ISP account info, the front page just under the SpamCop logo has the following links, in order: Help & Feedback, Site Map, Statistics, Preferences, Reports, Issues, Add routes, and Show routes
  15. daringone

    The future of spoofed spam looks bad

    Well, I just know I put them in my zone files for DNS ;-) As all mail servers had to find this anyhow, I figured it wouldn't be too hard to look for another record type. Apparently I was mistaken. As far as determining which IP to check for, wouldn't the connecting IP always be the IP to look up? If I send mail from foo.com to foobar.com, doesn't foo.com's SMTP server always talk to foobar.com's MX server? Or am I simplifying the SMTP process too greatly?
×