Jump to content

halloween

Members
  • Content Count

    13
  • Joined

  • Last visited

Everything posted by halloween

  1. halloween

    ipv6

    I am starting to get more spam from ipv6 space. It's not a flood yet, but I've noticed it. Maybe 1 in 50 that get through my spam filters is from a spammer in ipv6-land. That is relatively insignificant at the moment, but it's not going to go away. Is there any ongoing work to make spamcop grok ipv6 addresses? [The 'New Feature Request' forum appears to be for webmail beta features. I reposted this at the 'Reporting Help' forum. It's probably more appropriate to follow up there. Sorry about the confusion]
  2. halloween

    ipv6

    Yes, I had a report with IPv6 that worked - good to see. This one worked: Received: from oproxy11-pub.bluehost.com (unknown [2605:dc00:100:2::a3]) by www.xxx.yyy.zzz with SMTP; This one did not: Received: from oproxy11-pub.bluehost.com (unknown [iPv6:2605:dc00:100:2::a3]) by www.xxx.yyy.zzz with SMTP; This is more a problem with the mailer adding the IPv6: bogus part I believe, but it's worth mentioning in case others hit this issue. I don't know what mailers add that tag, but it may be worth adding something to be defensive in the spamcop processor - perhaps with warnings in the report summary.
  3. halloween

    ipv6

    I'm seeing more of these, including ipv6 spam directly to a primary mailhost.
  4. halloween

    Reporting problems today?

    I've been waiting patiently for a couple weeks now, but I guess I'll report, too...
  5. I just got backscatter spam from spamcop. Perhaps spamcop should be holding the smtp connection while evaluating whether to accept a report or not? Subject: WARNING: spam NOT PROCESSED - Welcome to SpamCop The attached email headers in the automated response show that a forged From and Return-Path. Here are the attached email headers if anyone at spamcop wants to check it out... Return-Path: <XXX-real-address-removed> Received: from sc-smtp8-inbound.soma.ironport.com (sc-smtp8-inbound.soma.ironport.com [204.15.82.102]) by sc-app10.soma.ironport.com (Postfix) with ESMTP id 5660FFDD2 for <abuse-ack[at]cmds.spamcop.net>; Wed, 8 Oct 2008 08:32:00 -0700 (PDT) Received: from c62.cesmail.net ([216.154.195.54]) by vmx2.spamcop.net with ESMTP; 08 Oct 2008 08:31:59 -0700 Received: from unknown (HELO blade5.cesmail.net) ([192.168.1.215]) by c62.cesmail.net with SMTP; 08 Oct 2008 11:31:25 -0400 Received: (qmail 3182 invoked by uid 1010); 8 Oct 2008 15:31:59 -0000 Delivered-To: spamcop-net-postmaster[at]spamcop.net Received: (qmail 3157 invoked from network); 8 Oct 2008 15:31:56 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade5 X-spam-Level: ** X-spam-Status: hits=2.9 tests=DOS_OE_TO_MX,RDNS_DYNAMIC version=3.2.4 Received: from unknown (192.168.1.107) by blade5.cesmail.net with QMQP; 8 Oct 2008 15:31:56 -0000 Received: from host197-186-dynamic.51-82-r.retail.telecomitalia.it (82.51.186.197) by mx70.cesmail.net with SMTP; 8 Oct 2008 15:31:56 -0000 Message-ID: <000701c9295a$0697a276$01f2908d[at]qikvlsct> From: "ferris vlad" <XXX-real-address-removed> To: <postmaster[at]spamcop.net> Subject: =?koi8-r?B?7MDC2cUsIMTB1sUg08HN2cUgx9LR2s7ZxSDTxcvT1cHM2M7F2SDGwQ==?= =?koi8-r?B?ztTB2snJLCDP1snXwcDUINrExdPY?= Date: Wed, 08 Oct 2008 13:44:32 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
  6. halloween

    [Resolved] backscatter from spamcop

    Hurray. Thanks for that. Now to get the thousands of other misconfigured domains to behave
  7. halloween

    [Resolved] backscatter from spamcop

    I don't mean to imply that 'black hole' (/dev/null) is a legitimate configuration for postmaster[at] mail... just that a lack of response to every email going to postmaster[at] is not a listable offense. Certainly in this day and age using a spam filter on postmaster[at] email is a fact of life. So if some postmaster[at] email doesn't get through to a human, that has to be expected. That said, even if one did bounce email to postmaster[at] (and violate the RFC), it'd be better to reject it at the SMTP session level rather than accept it and respond to [potentially forged] 'from' addresses, thus propagating the backscatter problem.
  8. halloween

    [Resolved] backscatter from spamcop

    I don't think you need to respond to postmaster email. You just shouldn't [normally] bounce it. It can be a black hole, and you won't be listed by rfc-ignorant.org just because of a lack of response. In fact the policy specifically mentions inbound-only postmaster[at] in the context of a legitimate configuration (http://rfc-ignorant.org/policy-postmaster.php). It also describes situations where bouncing postmaster[at] email, in certain circumstances, is okay. In fact, the policy specifically says that auto responders to postmaster[at] email _are_ a listable offense...
  9. halloween

    ipv6

    You can't say that anymore, since you've seen one now. Note that it's not an IPv4 compatible address that was IPv6-ified, but an actual IPv6 address. Anyway, it's not a lot of spam that does this yet. I have seen a few, so I just thought I'd get the discussion rolling.
  10. halloween

    ipv6

    By the way, why is that the real question?
  11. halloween

    ipv6

    Yes. Most of the email I get that passes through mx1.freebsd.org is IPv4.
  12. halloween

    ipv6

    Here's an example that I just resubmitted (I altered the date since the original was from Aug 17 and spamcop rejects messages more than a couple days old): http://www.spamcop.net/sc?id=z1401588636zc...4935e50837085cz
  13. halloween

    ipv6

    I am starting to get more spam from ipv6 space. It's not a flood yet, but I've noticed it. Maybe 1 in 50 that get through my spam filters is from a spammer in ipv6-land. That is relatively insignificant at the moment, but it's not going to go away. Is there any ongoing work to make spamcop grok ipv6 addresses?
×