Jump to content
Sign in to follow this  
shreff

legit mail to me blocked by Blocked cbl.abuseat.org

Recommended Posts

I have read FAQ and understand cbl.abuseat.org is a block list. Am I to understand that the email an organization has sent me is coming through a nasty server with lots of spam originating there too?

I assume the solution to this is to put the domain in my whitelist. Or if that domain is a risk for receiving spam, perhaps I must also include the user left of domain. But I want to know if whitelist is the proper solution for a nasty domain?

:ph34r: Here's the header, I didn't fully understand what to include from the pinned explaination, which I cannot see now.

Content-Language: en-us

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0103_01CA1526.418A3E80"

Date: Tue, 4 Aug 2009 17:08:58 -0700 [08/04/2009 05:08:58 PM MST]

Delivered-To: me [at] spamcop.net

From: AZGBC <them [at] chapters.usgbc.org>Add them [at] chapters.usgbc.org to my Address Book

List-Unsubscribe: <mailto:some code [at] lists.usgbc.org>

MIME-Version: 1.0

Message-ID: <LYRIS-18508226-959454-2009.08.04-20.23.34--me#spamcop.net[at]lists.usgbc.org>

Received:

* (qmail 9633 invoked from network); 5 Aug 2009 13:07:07 -0000

* from unknown (192.168.1.88) by filter8.cesmail.net with QMQP; 5 Aug 2009 13:07:07 -0000

* from lists.usgbc.org (64.191.214.10) by mxin1.cesmail.net with SMTP; 5 Aug 2009 13:00:54 -0000

Return-Path: <them [at] chapters.usgbc.org>

Sender: "AZGBC" <them too [at] usgbcaz.org>

Subject: August 2009 Arizona Chapter Hot Topics

Thread-Index: AcoVYO1j4voXqAFhS62eZn7+k9hg4A==

To: "my name" <me [at] spamcop.net>Add me [at] spamcop.net to my Address Book

X-Authority-Analysis: v=1.0 c=1 a=e8ZqhbnPf5UA:10 a=i8j2RIqPAAAA:8 a=wItniZhCAAAA:8 a=GtyeyTBGAAAA:8 a=jUwznEUyAAAA:8 a=AAvYLDLOAAAA:8 a=D0E7gLGeAAAA:8 a=bZubpC6RAAAA:8 a=y8I0kRxo58fHy9MV16wA:9 a=fn4KMekD9_QFveZFJaQA:7 a=rsFEytSwQTWJDBPQQOYlypS9ER0A:4 a=AnPQJl_LLbYA:10 a=cBY1HIx_dgUA:10 a=WjJal50LLiUA:10 a=vVRRvJnwi4IA:10 a=p2ikTtrZeIMA:10 a=tP_JIJnmG-0A:10 a=s2loLT2QvaoA:10 a=6Tv62J74zuAA:10 a=xX4ChL36oxYA:10 a=qoc59kaA1K8A:10 a=mF_JCN53VhjDcN5_:21 a=mG_cfGIjfYH-TkNl:21 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=d77Vm_4nfleKYYGAdDgA:9 a=qG6NE0mSNoCotnO2omEA:7 a=D6rGT4mo4n2LI_r0iEJWbWi2BEwA:4 a=TnagoCwi2LmBXNuH:21 a=JLCCALe2RF-hvjE2:21

X-CM-Score: 0.00

X-IronPort-Anti-spam-Filtered: true

X-IronPort-Anti-spam-Result: ArwCALZqeEpE5vEtkWdsb2JhbACCKhMYl1sBAQEBCQsKBxMDqXQJj2yCNxSBTQWEHiE

X-Mailer: Microsoft Office Outlook 12.0

X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter8

X-spam-Level: *

X-spam-Status: hits=1.8 tests=DATE_IN_PAST_12_24,HTML_MESSAGE version=3.2.4

X-SpamCop-Checked: 64.191.214.10

X-SpamCop-Disposition: Blocked cbl.abuseat.org

Share this post


Link to post
Share on other sites

It looks to me like the SpamAssassin rule set is simply tagging the message as likely spam, hence dropping it into your held mail folder. That originating server (lists.usgbc.org [64.191.214.10]) is listed currently on both cbl.abuseat.org and bl.spamcop.net. - see http://www.senderbase.org/senderbase_queri...g=64.191.214.10 and from there you can follow the links to check the reasons for its listing. Filtering the mail in this way (diverting rather than deleting it) is the correct use of DNSBLs for the very reason you see - there may be both legitimate mail and spam coming from them at the same time. You can certainly add the sender's mail address to your whitelist to avoid having the filter divert good mail from that address while that IP is listed. Newsletters often do get blocklisted if their list management is less than perfect, it does not necessarily mean they are 'nasty'.

Does this answer your query?

The message you posted should ideally be 'munged' to further protect your email address from scraping (so too the address of the sender). One of us can do this for you if you have difficulty in editing your post.

This probably belongs on the SC mail forum, the Blocklist forum is for problems with the SCbl and there are none in what you are describing. Will move it there shortly.

Share this post


Link to post
Share on other sites
X-SpamCop-Checked: 64.191.214.10

X-SpamCop-Disposition: Blocked cbl.abuseat.org

Your assumptions are correct.

The filters are diverting the email to your Held Mail folder because it comes from a server on the cbl.abuseat.org blocking list. Why 64.191.214.10 is on their list is irrelevant for your purposes, but if you want to help the list owner get his IP off the list, you can start here:

http://cbl.abuseat.org/lookup.cgi?ip=64.191.214.10

Your solution is to put chapters.usgbc.org on your SpamCop whitelist so that the list traffic will not be tagged by the filters.

- Don D'Minion - SpamCop Admin -

.

Share this post


Link to post
Share on other sites

HOLY COW such a quick replies, Thanks. Excellent support.

Your solution is to put chapters.usgbc.org on your SpamCop whitelist so that the list traffic will not be tagged by the filters.
OK, that's done. However I cannot edit the original post to clear out Emails as Farelf recommends: "The message you posted should ideally be 'munged' to further protect your email..." It seems like he must have anyway, I don't see any [at] symbols.

BTW you mention filters, there are those also on my own account. How do they interact with whitelists? Is it different/better to put a domain in my own filter rules or my personal whitelist? I assumed the latter and did so since I've had (personal) filters get ignored in the past.

Share this post


Link to post
Share on other sites
It looks to me like the SpamAssassin rule set is simply tagging the message as likely spam, hence dropping it into your held mail folder. That originating server (lists.usgbc.org [64.191.214.10]) is listed

Does this answer your query?

Uh, except for the term dropping. See in my held mail folder there where 2 kinds of reasons, and the one about being blocked w/o SpamAssassin confused me.

-------------

From: "AZGBC" <them [at] chapters.usgbc.org>

Subject: August 2009 Central Branch Announcements-

X-SpamCop-Disposition: Blocked cbl.abuseat.org

-------------

From: <someone [at] alerts.careerbuilder.com>

Subject: CareerBuilder.com Job Matches

X-SpamCop-Disposition: Blocked SpamAssassin=7

-------------

Share this post


Link to post
Share on other sites
BTW you mention filters, there are those also on my own account. How do they interact with whitelists? Is it different/better to put a domain in my own filter rules or my personal whitelist? I assumed the latter and did so since I've had (personal) filters get ignored in the past.

Personal filters are only activated when you are in the webmail client.

Share this post


Link to post
Share on other sites
Uh, except for the term dropping. See in my held mail folder there where 2 kinds of reasons, and the one about being blocked w/o SpamAssassin confused me.

-------------

From: "AZGBC" <them [at] chapters.usgbc.org>

Subject: August 2009 Central Branch Announcements-

X-SpamCop-Disposition: Blocked cbl.abuseat.org

-------------

From: <someone [at] alerts.careerbuilder.com>

Subject: CareerBuilder.com Job Matches

X-SpamCop-Disposition: Blocked SpamAssassin=7

-------------

I used 'dropping' in the sense of 'diverting', sorry to confuse.

Don't know about the two types of disposition message exactly (not a user) but it looks to me like the filter rules allow for handling as suspect spam EITHER if the spam score exceeds your SpamAssassin level, as determined by the magic tests for 'spamminess' of content, OR if the originator is sending from a blocklisted IP address.

While I'm in a confessing mood :) - I had assumed the blocklisting might be for newsletter distribution to unappreciative recipients which was a bum steer - Don (SC Admin) pointed out that the CBL is about relaying/compromised servers. Which is of no particular relevance unless you would like to give the provider/sender a 'heads up' that they have that specific problem they can address to get themselves off the list (detail per the link Don gave).

I have done some more munging on the addresses you posted. Seems this could be in excess of what you require but better safe than sorry. The personalized unsubscription link (in your original post) in particular probably should not be public, even in the (slightly) broken form automatically written when we post to the forum. Other addresses (now a little more heavily munged) are those of the senders and their thoughts about exposure are unknown - but if any of them are spammers we certainly don't want to give them a free ride and if they're not spammers we should consider they won't appreciate exposure to harvesting.

Share this post


Link to post
Share on other sites
Don't know about the two types of disposition message exactly (not a user) but it looks to me like the filter rules allow for handling as suspect spam EITHER if the spam score exceeds your SpamAssassin level, as determined by the magic tests for 'spamminess' of content, OR if the originator is sending from a blocklisted IP address.

Yes, that's correct with the added proviso that the SpamAssassin check goes first. So if the content is 'spammy' by the standards of SpamAssassin then no DNSBL checks are carried out.

Andrew

Share this post


Link to post
Share on other sites

If you have to get email from this trojan controlled email server just put

usgbc.org

in your whitelist

If you have problems with spammers getting getting through you need to remove it

Share this post


Link to post
Share on other sites
Personal filters are only activated when you are in the webmail client.
Actually Steve, this is important since you mention it.I don't need spamcop to filter my personal Email client. I only use it as web-mail for a public Email address. So I always interface via the web. But filters have been unreliable, say they filter mail, then there is nothing in the folder it was supposed to send to.

Hence my question about how the two techniques interfere (filters and whitelists)

Share this post


Link to post
Share on other sites
Hence my question about how the two techniques interfere (filters and whitelists)

As I think has been explained in different ways, all filters managed via Options, SpamCop Tools

(Manage your email forwarding, password, mail report, and greylist settings.

Select your email filtering blacklists.

Configure external POP servers.

Manage your personal whitelist.

Manage your personal blacklist.

Manage Greylist -- Pending Entries.

Manage Greylist -- Rejected Entries.)

are server level filters which act on the messages as they are received.

All filters you define manually via Options, Filters (or similar) are client level filters which act only when you log into webmail.

I very rarely use webmail any more (IMAP setup at work, POP to home) so do not have any recent experience with the filters. The only filter I have setup currently should move any Help Mail messages sent to a plussed address (underwood+) should be moved back to the Inbox, but I don't think I have ever seen a message affected by it after the first one that prompted me to setup that filter. Of course, at the time, I was getting ~100 spam messages/day. I am down to about 1-2 by dropping my most spammed address. I can get it down to 1-2/week by turning on grey listing, but I have that currently turned off to beable to report more spam.

Share this post


Link to post
Share on other sites
I am down to about 1-2 by dropping my most spammed address. I can get it down to 1-2/week by turning on grey listing....
;)

Steve, Wow. Some of that goes over my novice Email user knowledge. I leave grey listing on to simply not get spam. No more than 3/wk in the Held Mail folder. (But thanks for doing such a thorough explaination. Can I bug you on that dropped address idea?

I have been curious if it's feasable to change my address from GoK75 to K75. But that would mean dropping one to create the new one. Could you point out a FAQ where I can read about how that would occur before my $30 annual dues are up in September?

Share this post


Link to post
Share on other sites
Steve, Wow. Some of that goes over my novice Email user knowledge. I leave grey listing on to simply not get spam. No more than 3/wk in the Held Mail folder. (But thanks for doing such a thorough explaination. Can I bug you on that dropped address idea?

I have been curious if it's feasable to change my address from GoK75 to K75. But that would mean dropping one to create the new one. Could you point out a FAQ where I can read about how that would occur before my $30 annual dues are up in September?

The address I dropped was not a spamcop one so once I decided, I converted over all the legitimate email to spamcop (took me about a year, but that address had been live for over 10 years and I did not want to lose anything important.

You would need to contact JT for your change... support[at]spamcop.net should do the trick or the Problem button within webmail.

Share this post


Link to post
Share on other sites
You would need to contact JT for your change... support[at]spamcop.net should do the trick or the Problem button within webmail.

Of course, if the subscription date is approaching another option would be to simply not renew the old address and take out a new subscription for the replacement (which I think is what would be necessary if you wanted both addresses to run in parallel for a period).

Andrew

Share this post


Link to post
Share on other sites
not renew the old address and take out a new subscription for the replacement

AHHH, this FAQ seems to disagree w/ that FAQ section 7 OH oh, that seems wrong. It is how to change name used here on forum, not on webmail.

So there's a need for this replacement in parrallel to the old one by letting the current (old) one expire this month?

Edited by shreff

Share this post


Link to post
Share on other sites
You would need to contact JT for your change...

Where is the contact information to write JT? :excl: Edited by shreff

Share this post


Link to post
Share on other sites
Where is the contact information to write JT? :excl:
Steven Underwood mentioned two ways to contact JT in his earlier post (#13 above 72552[/snapback]). Generally, that information is in various places but unfortunately eludes many. If I can summarize: You can use the contact form at http://www.spamcop.net/ces/contact.shtml you can email to support[at]spamcop.net or service[at]cesmail.net or (I don't have an account), as Steven says, there is a contact/problem button on the user webmail page somewhere or there's a general-purpose contact form that is initiated from the bottom of http://www.spamcop.net/fom-serve/cache/401.html (though that one's mostly about the reporting system anything for JT should be passed on).

I would suggest the first email address, the same as Steven gave you. Using more than one method at once is unnecessary/'a bastard act' (as we say in the antipodes) just to make it clear I'm not advocating such.

Share this post


Link to post
Share on other sites
AHHH, this FAQ seems to disagree w/ that FAQ section 7 OH oh, that seems wrong. It is how to change name used here on forum, not on webmail.

Why are there so many different account names/passwords needed?

So there's a need for this replacement in parrallel to the old one by letting the current (old) one expire this month?

You say 'replacement' .. I call it 'updating' ... But yes, bouncing e-mail is a reason for getting the account 'here' Banned.

Where is the contact information to write JT? :excl:

Where to get Help

How to Contact SpamCop Staff

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×