Jump to content
Sign in to follow this  
Dilbertic

Incorrect trace I GUESS - Someone help

Recommended Posts

I have been a spamcop.net users for years now and I really like the filtering, but this new mail host stuff is a PAIN.

Starting a few days ago, I login into my spamcop.net account like normal, look at my held messages for something that shouldn't have been caught and then report the remaining spam like normal. All my mail hosts are setup and everything has worked till a few days ago!!

Now it seems the spam I am reporting is being sent to my ISP saying I am reporting myself. I now have 4 messages which trace back to my email address.

Since I get like 100 to 400 spams a day, reporting each spam as a single report would take hours. So I am guessing someone found a way to fool the spamcop trace.

What should I do?

Here is one of the spamcop report links...

http://www.spamcop.net/sc?id=z617279343z3e...c75008f2b27c85z

Thanks,

Owen

Edited by Dilbertic

Share this post


Link to post
Share on other sites

In your previous Topic over in Help http://forum.spamcop.net/forums/index.php?showtopic=2442 .. it was suggested that you try to look at, analyze, correct, modify, finish, complete ... something .. your Mail-Host configuration. All I see here is that you switched over to the Mail-Host Forum and started your same query again. What happened with looking at your Mail-Host stuff, re-doing some of it, fixing it .. etc. .... ??????

OK, seeing as you edited yours while I'm typing stuff in ... and now you've provided a sample that's different than those you provided over in Help .... what's the problem with this sample? .... First glance says it recognised your ISP this time ...

Share this post


Link to post
Share on other sites

I deleted all my mail hosts and started over again just to see if it would fix the issue.

1. Since I have never had any problems till 2 days ago that would be the 1st issue, since I didn't touch any of the mailhost settings until now. Thats a issue

2. Since you said it was a mailhost issue I posted it here

3. Since I don't live on this site, I am trying my best to post what is needed since I have been a spamcop.net members for many many years, things have changed over the years and instead of getting back a simple, this is only whats needed or did you try this like most help forums, I didn't expect someone to bite my head off becuase I didn't meet their standard and still not answer my question.

The old days we would just write an email, yes the the guy that started the site!!

Thanks..

Share this post


Link to post
Share on other sites

What question at this point in time? As I pointed out, the sample that you edited in while I was composing my intial response shows that things are OK now ... so one could make the assumption that you in fact did re-do your mail-host configuration prior to making the first post "here" and neglected to mention that. All I had to go on was that the parsing results offered in the Tracking URL here don't match the results of the Tracking URLs "there" .. so something obviously changed. Again, from the results of the parse "here" .. the problem is now fixed.

Let me also state that I did not tell you to post over here ... my remarks in Help went to a problem with the configuration of your Mail-Host setup, suggesting that something be looked at there. That you did apparently make some changes but forgot to mention that in your 'new' posting in this Forum is the part that I was objecting to. Some folks only look at one Forum, others might look at a couple ... so the issue I saw was that if someone (say Ellen perhaps) came directly into this Forum, you offered no indication of previous work, previous answers, changes in configuration since the problem (and again, the Tracking URL provided in this post worked just fine) .. this person would be starting from scratch, researching a (now) fixed issue .. and wondering what the problem actually was ....

Share this post


Link to post
Share on other sites

as found in a PM, and agree that this is a possible issue, I am bringing it out into the light;

I guess the issue for me is everything was working fine, then Bang, reported held email is reporting me as the spammer when I am reporting it.

Thats the parts which is scary, I didn't change any setting or mail hosts are anything and it breaks, then it my fault. Thats the issue that needs to be looked into.

I deleted all my mailhosts and re added them in order, I will see if that works, but someone need to look into why they failed in the 1st place, when they worked before!!

Thanks Much

Owen

This is in fact something that perhaps Ellen / Deputies may have some knowledge of or need the heads-up to look at. I have no input or insight into this area of SpamCop beyond that from just-another-user viewpoint (again, notice the lack of a FAQ entry from me on this stuff) That said, I'm kicking a note in their direction on this possibility of bit changes.

Share this post


Link to post
Share on other sites

In any case thanks much.... Not sure why it broke, maybe my ISP changed something behind my back, but in any case I will man. report the next batch and see if it gets flagged and report back

Thanks Much

Owen

Share this post


Link to post
Share on other sites

That seems like a good idea. It is working now as seen here:

Reports regarding this spam have already been sent:

Re: 64.62.213.111 (Administrator of network where email originates)

Reportid: 1187809176 To: abuse[at]he.net

If reported today, reports would be sent to:

Re: 202.39.10.242 (Administrator of network where email originates)

hostmaster[at]twnic.net

It is possile that it was a new server brought online by your ISP, but if that causes a problem reporting of your own ISP, this mailhosts config still needs some fine tuning. Handing the information to the deputies<at>spamcop.net so they can figure out wht hapened is probably the best bet.

I thought that it was immune to this because of the domain names in the mailhost config, that if the IP address was not seen, that if the rDNS was in the domain that you expect to be there, that it would also be accepted. Again, deputies should try and figure this out, probably with the ISP's help.

Share this post


Link to post
Share on other sites

This just in from Ellen ....

Well that *is* curious .... there is no way for mailhosts TTBMK to vanish or

detach themselves from user entries unless it is done manually -- by the

user or by one of us. And I know I didn't do that. Basically the user can

remove a MH from their configuration by clicking MH and then selecting the

MH to remove. One of us can bring up a user's set of MH's and then can

navigate to a disassociate function or login as the user and delete a MH

from a user record; I think I have disassociated a MH from a user ID exactly

once in 4 months and it had nothing to do with this user or this mailhost

and was back at the beginning of the MH beta.

The important thing is -- it takes a series of steps for one of use to

remove a mailhost from a user record -- it is not possible to do that

because of a random fatfinger whilst viewing the account or viewing a probe

or viewing the mailhost.

Owen is the only user with the emailwest MH and I can see the probe and the

date is Aug 22 so he did re-add it but I have no idea what the MH entries

for this ID looked like prior to that.

So I have no idea what happened or when it happened. I'll be in the forum

later and mention the above -- or if you get there before me and want to

post this that is fine.

Ellen

Please include all previous correspondence with replies

----- Original Message -----

From: "Wazoo"

To: "SpamCop/Ellen"

Sent: Sunday, August 22, 2004 2:25 AM

Subject: Mail Host situation

> starts here;

> http://forum.spamcop.net/forums/index.php?showtopic=2442

>

> then moves to;

> http://forum.spamcop.net/forums/index.php?showtopic=2446

>

> user is suggesting that data in his Mail-Host configuration

> changed within the last couple of days.  Tracking URLs

> finally provided in the first Topic show that Mail-Host was

> screwed for the account, but the deletion and re-creation

> of the data seems to have corrected the issue by the time

> of the Tracking URL provided in the second Topic post.

>

> So the question seems to be .. how could SpamCop have

> "lost" this user's mail-host configuration?

Share this post


Link to post
Share on other sites

In response to Ellen's statements, is it possible that an addition or change at the ISP could cause the mailhost configuration to be "incomplete" and miss some messages?

Share this post


Link to post
Share on other sites
In response to Ellen's statements, is it possible that an addition or change at the ISP could cause the mailhost configuration to be "incomplete" and miss some messages?

15653[/snapback]

Well yes I guess if they changed the domain name(s) and/or the IPs of the mailservers then the MH entry would not have the correct entries for the parser to compare against the spam. Assuming the mailservers have rational rDNS then new IPs and subdomains are usually picked up OK. But not knowing what the MH's looked like before I am just flinging wild assumptions around.

Share this post


Link to post
Share on other sites

Thank you Ellen, the part about picking up new IP's if the rDNS is setup was the part I was wondering about.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×