Jump to content
Sign in to follow this  
Windrider6

Just reported my own server!

Recommended Posts

With changes to my mailserver, I redid the Spamcop mailhost configuration TWICE in the past few days (just to be sure).

Today, one of the spams I reported as spam through Spamcop webmail, created report 6079155339, identifying my own mailserver as a spammer, and reported it to my hosting company. Also, my mailserver is now in the Spamcop Black List.

I checked the headers of the spam, and it was all normal. Nothing malformed.

I checked my Spamcop mailhost configuration, and it has my mailhost IP address listed as OK.

I did everything right and Spamcop still screwed up!

What's worse, I just noticed that for that particular spam, Spamcop never created a report for the originating IP address, which is the real spammer!

GRRRRRRR!

Share this post


Link to post
Share on other sites

>- Received: from 192.168.0.53 ([192.168.0.53])

The problem is caused by the odd characters in that "Received" line. I don't know why.

If you remove them, the spam will process properly.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

>- Received: from 192.168.0.53 ([192.168.0.53])

The problem is caused by the odd characters in that "Received" line. I don't know why.

If you remove them, the spam will process properly.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Sounds like a good way for spammers to screw with Spamcop and those who report spam with Spamcop. All they have to do is insert a fake "Received" line in the headers of their spam, and put odd characters in the front.

Fixing this should be a the top of Spamcop's To-Do list, before mass chaos ensues.

Obviously I should stop using the "Report as spam" in Spamcop webmail, or Spamcop change that function so we have to see & approve the reports that will go out.

See here.

My hosting company (thus the owners of my mailhost), have already been a pain about my wanting to get my spams forwarded to Spamcop. Now they have real ammunition to stop it, courtesy of Spamcop.

Edited by Windrider6

Share this post


Link to post
Share on other sites

I have the same problem that Bruce reports here--this defect caused my own server to be reported, despite proper mailhost configuration. I find that the SCBL is less and less relevant in spam-filtering recipes anyway, so unless this gets fixed on SpamCop's end, I'd recommend just skipping reporting in general.

More details here:

unicode sequence knocks out spamcop processing

DT

Share this post


Link to post
Share on other sites

CESmail support would like examples of the spam messages with "goofy characters" causing SpamCop to parse them incorrectly.

They asked that we create a separate webmail folder, put the offending spam messages in it, then email support with the SpamCop account name (I suppose that means the email address) and the folder name and explain what the problem is, and they will look at it.

Please send an email directly to SpamCop Support (support-cases at spamcop.net> and use "Re: (Case 55538) [Problem Report] SpamCop parser affecting Quick Reporting" as the subject line.

Thanks!

Share this post


Link to post
Share on other sites

Cisco/SpamCop sent me a reply saying that they are aware of the problem and working on it. They would like to figure out how the characters are getting into the headers in the first place and prevent that, but their engineers are trying to get the parser to handle them anyway.

CESmail (SpamCop webmail) indicated that they will be looking at any examples we send to be sure the characters are not coming from the CES servers.

Share this post


Link to post
Share on other sites

Please send an email directly to SpamCop Support (support-cases at spamcop.net> and use "Re: (Case 55538) [Problem Report] SpamCop parser affecting Quick Reporting" as the subject line.

Done, thanks! Now, if the Deputies would be so kind as to delete the false report against my own server IP, I'd be much happier! (and yes, I CCd them on the message mentioned above)

DT

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×