Jump to content

halloween

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by halloween


  1. Hi, halloween,

    ...Uh-oh, IPv6 is reported to be fixed (Scheduled Service Outage)! Please post a Tracking URL.

    Yes, I had a report with IPv6 that worked - good to see. This one worked:

    Received: from oproxy11-pub.bluehost.com (unknown [2605:dc00:100:2::a3])

    by www.xxx.yyy.zzz with SMTP;

    This one did not:

    Received: from oproxy11-pub.bluehost.com (unknown [iPv6:2605:dc00:100:2::a3])

    by www.xxx.yyy.zzz with SMTP;

    This is more a problem with the mailer adding the IPv6: bogus part I believe, but it's worth mentioning in case others hit this issue. I don't know what mailers add that tag, but it may be worth adding something to be defensive in the spamcop processor - perhaps with warnings in the report summary.


  2. I don't mean to imply that 'black hole' (/dev/null) is a legitimate configuration for postmaster[at] mail... just that a lack of response to every email going to postmaster[at] is not a listable offense. Certainly in this day and age using a spam filter on postmaster[at] email is a fact of life. So if some postmaster[at] email doesn't get through to a human, that has to be expected.

    That said, even if one did bounce email to postmaster[at] (and violate the RFC), it'd be better to reject it at the SMTP session level rather than accept it and respond to [potentially forged] 'from' addresses, thus propagating the backscatter problem.


  3. I don't think you need to respond to postmaster email. You just shouldn't [normally] bounce it. It can be a black hole, and you won't be listed by rfc-ignorant.org just because of a lack of response. In fact the policy specifically mentions inbound-only postmaster[at] in the context of a legitimate configuration (http://rfc-ignorant.org/policy-postmaster.php). It also describes situations where bouncing postmaster[at] email, in certain circumstances, is okay.

    In fact, the policy specifically says that auto responders to postmaster[at] email _are_ a listable offense...

    Further, if a postmaster address contains a "redirecting auto-acknowledgement", such that it is obvious that the message will not be received by a human (as specified in the RFCs), that shall also be considered a listable offense. Auto-acks suggesting "better places" to send e-mail are certainly useful and encouraged, however, it must be clear that the e-mail that generated the auto-ack will in fact be dealt with.


  4. I just got backscatter spam from spamcop. Perhaps spamcop should be holding the smtp connection while evaluating whether to accept a report or not?

    Subject: WARNING: spam NOT PROCESSED - Welcome to SpamCop

    The attached email headers in the automated response show that a forged From and Return-Path.

    Here are the attached email headers if anyone at spamcop wants to check it out...

    Return-Path: <XXX-real-address-removed>

    Received: from sc-smtp8-inbound.soma.ironport.com (sc-smtp8-inbound.soma.ironport.com [204.15.82.102])

    by sc-app10.soma.ironport.com (Postfix) with ESMTP id 5660FFDD2

    for <abuse-ack[at]cmds.spamcop.net>; Wed, 8 Oct 2008 08:32:00 -0700 (PDT)

    Received: from c62.cesmail.net ([216.154.195.54])

    by vmx2.spamcop.net with ESMTP; 08 Oct 2008 08:31:59 -0700

    Received: from unknown (HELO blade5.cesmail.net) ([192.168.1.215])

    by c62.cesmail.net with SMTP; 08 Oct 2008 11:31:25 -0400

    Received: (qmail 3182 invoked by uid 1010); 8 Oct 2008 15:31:59 -0000

    Delivered-To: spamcop-net-postmaster[at]spamcop.net

    Received: (qmail 3157 invoked from network); 8 Oct 2008 15:31:56 -0000

    X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade5

    X-spam-Level: **

    X-spam-Status: hits=2.9 tests=DOS_OE_TO_MX,RDNS_DYNAMIC version=3.2.4

    Received: from unknown (192.168.1.107)

    by blade5.cesmail.net with QMQP; 8 Oct 2008 15:31:56 -0000

    Received: from host197-186-dynamic.51-82-r.retail.telecomitalia.it (82.51.186.197)

    by mx70.cesmail.net with SMTP; 8 Oct 2008 15:31:56 -0000

    Message-ID: <000701c9295a$0697a276$01f2908d[at]qikvlsct>

    From: "ferris vlad" <XXX-real-address-removed>

    To: <postmaster[at]spamcop.net>

    Subject: =?koi8-r?B?7MDC2cUsIMTB1sUg08HN2cUgx9LR2s7ZxSDTxcvT1cHM2M7F2SDGwQ==?=

    =?koi8-r?B?ztTB2snJLCDP1snXwcDUINrExdPY?=

    Date: Wed, 08 Oct 2008 13:44:32 +0000

    MIME-Version: 1.0

    Content-Type: text/plain;

    charset="koi8-r"

    Content-Transfer-Encoding: 8bit

    X-Priority: 3

    X-MSMail-Priority: Normal

    X-Mailer: Microsoft Outlook Express 6.00.2720.3000

    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300


  5. Because that would be the server adding the IPv6 header (at least for that mail route) and would be one path to follow to get your reporting working again.

    As I stated earlier, I don't recall ever seeing IPv6 headers on a connecting source, only ones further up the chain.

    You can't say that anymore, since you've seen one now. ;)

    Note that it's not an IPv4 compatible address that was IPv6-ified, but an actual IPv6 address.

    Anyway, it's not a lot of spam that does this yet. I have seen a few, so I just thought I'd get the discussion rolling.


  6. Based on that sample, the real question would be .... do you have any e-mail collected from mx1.freebsd.org that is not showing IPv6 addresses?

    Yes. Most of the email I get that passes through mx1.freebsd.org is IPv4.


  7. Can you provide a TrackingURL for some of these? I can not ever remember seeing one where the source or remote servers were using IPv6. Everyone I have seen, only the local mail server was using it and converting everything it received to the IPv6 representation.

    Here's an example that I just resubmitted (I altered the date since the original was from Aug 17 and spamcop rejects messages more than a couple days old):

    http://www.spamcop.net/sc?id=z1401588636zc...4935e50837085cz


  8. I am starting to get more spam from ipv6 space. It's not a flood yet, but I've noticed it. Maybe 1 in 50 that get through my spam filters is from a spammer in ipv6-land. That is relatively insignificant at the moment, but it's not going to go away.

    Is there any ongoing work to make spamcop grok ipv6 addresses?


  9. I am starting to get more spam from ipv6 space. It's not a flood yet, but I've noticed it. Maybe 1 in 50 that get through my spam filters is from a spammer in ipv6-land. That is relatively insignificant at the moment, but it's not going to go away.

    Is there any ongoing work to make spamcop grok ipv6 addresses?

    [The 'New Feature Request' forum appears to be for webmail beta features. I reposted this at the 'Reporting Help' forum. It's probably more appropriate to follow up there. Sorry about the confusion]

×