Jump to content

A.J.Mechelynck

Membera
  • Posts

    240
  • Joined

  • Last visited

Posts posted by A.J.Mechelynck

  1. Hm, yes, trying to re-parse with that same tracking URL gives me the same errors, but SC also tells me that "reports have already been sent" — albeit to nomaster[at]devnull.spamcop.net — concerning that IPv6 address.

    Parsing header:

    Received: from [2a02:8420:4e46:2e00:211:32ff:fe11:32f5] (helo=favre.fr) by kaysville.yaritz.net with esmtp (Exim 4.66 (FreeBSD)) (envelope-from <admin[at]megaleecher.net>) id 1SSIGO-0007ol-Dg for me[at]yaritz.net; Wed, 09 May 2012 19:33:29 -0600

    Unable to process header. IPv6 addresses are not supported.

    No source IP address found, cannot proceed.

    Add/edit your mailhost configuration

    Finding full email headers

    Submitting spam via email (may work better)

    Example: What spam headers should look like

    Reports regarding this spam have already been sent:

    Re: 2a02:8420:4e46:2e00:211:32ff:fe11:32f5 (Administrator of network where email originates)

    Reportid: 5765414954 To: nomaster[at]devnull.spamcop.net

    ______________________________________________________________________

    Report another spam?

  2. We should face the facts that IPv6 is not human, nor code friendly. IPv4 was easy to code for because it HAD three periods. IPv6 can have any number of colons, but not more than eight. Code that matches IPv6 will always be complex and never as simple as IPv4, as seen below. I suspect this is partly why SpamCop has not fully implemented it yet.

    m/^([0-9A-Fa-f]{1,4}:){1,7}([0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|([0-9A-Fa-f]{1,4}:){1,1}(:[0-9A-Fa-f]{1,4}){1,6}$/
    

    These are some generic questions, but I believe they get to the root of the problem. How do you go about reporting IPv6 to the upsteam, which is to say the ISP? How do you add the IPv6 address to a block list?

    I believe the main reasons for the delay is that they do not need to just match IPv6, but they also need to get other underlying code updated as well. We know that they are able to find the IPv6 address now, because the page says it found IPv6 and stops. I believe that SpamCop is working on the whois, reverse DNS, blacklisting servers, and also working with the abuse.net DB to get all of it IPv6 compatible. SpamCop needs to get all of their code updated so it handles IPv6 in all of the code, not just the detector portion.

    Yes, and considering all the ways to abbreviate an IPv6 address, just converting the address-as-text (as found in the mail headers) to the address-as-128-bits (the unique value which can be meaningfully compared for equality, and so blacklisted or not) is an unobvious task, albeit well-defined.

    At least now (and unlike what happened when the first IPv6 spam appeared), when SpamCop chokes on an IPv6 spam it gives a clear message that it currently doesn't support IPv6. One could always wish for full IPv6 support; but let's not forget that even after the purchase by IronPort and the latter's purchase by Cisco, SpamCop is still cruelly understaffed and, AFAIK, the only person who more or less masters the SpamCop source is Julian, and I'm not sure how much time he can dedicate to finding (in the “mass of spaghetti†mentioned a few posts ago, and without neglecting his other duties) the relevant code for this particular problem (which probably is neither the only problem nor the most urgent one), fixing it, testing it, checking for side-effects, etc. etc. etc.

    I don't know about y'all, but the IPv6 spam messages that fall into my inbox are (still) few and far between; I believe that we still have several years before they become the majority, and I'm confident that the SpamCop code will be suitably modified in time to handle them satisfactorily before they become an unbearable nuisance.

×
×
  • Create New...