Dilbertic Posted August 22, 2004 Share Posted August 22, 2004 I have been a spamcop.net users for years now and I really like the filtering, but this new mail host stuff is a PAIN. Starting a few days ago, I login into my spamcop.net account like normal, look at my held messages for something that shouldn't have been caught and then report the remaining spam like normal. All my mail hosts are setup and everything has worked till a few days ago!! Now it seems the spam I am reporting is being sent to my ISP saying I am reporting myself. I now have 4 messages which trace back to my email address. Since I get like 100 to 400 spams a day, reporting each spam as a single report would take hours. So I am guessing someone found a way to fool the spamcop trace. What should I do? Here is one of the spamcop report links... http://www.spamcop.net/sc?id=z617279343z3e...c75008f2b27c85z Thanks, Owen Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 In your previous Topic over in Help http://forum.spamcop.net/forums/index.php?showtopic=2442 .. it was suggested that you try to look at, analyze, correct, modify, finish, complete ... something .. your Mail-Host configuration. All I see here is that you switched over to the Mail-Host Forum and started your same query again. What happened with looking at your Mail-Host stuff, re-doing some of it, fixing it .. etc. .... ?????? OK, seeing as you edited yours while I'm typing stuff in ... and now you've provided a sample that's different than those you provided over in Help .... what's the problem with this sample? .... First glance says it recognised your ISP this time ... Link to comment Share on other sites More sharing options...
Dilbertic Posted August 22, 2004 Author Share Posted August 22, 2004 I deleted all my mail hosts and started over again just to see if it would fix the issue. 1. Since I have never had any problems till 2 days ago that would be the 1st issue, since I didn't touch any of the mailhost settings until now. Thats a issue 2. Since you said it was a mailhost issue I posted it here 3. Since I don't live on this site, I am trying my best to post what is needed since I have been a spamcop.net members for many many years, things have changed over the years and instead of getting back a simple, this is only whats needed or did you try this like most help forums, I didn't expect someone to bite my head off becuase I didn't meet their standard and still not answer my question. The old days we would just write an email, yes the the guy that started the site!! Thanks.. Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 What question at this point in time? As I pointed out, the sample that you edited in while I was composing my intial response shows that things are OK now ... so one could make the assumption that you in fact did re-do your mail-host configuration prior to making the first post "here" and neglected to mention that. All I had to go on was that the parsing results offered in the Tracking URL here don't match the results of the Tracking URLs "there" .. so something obviously changed. Again, from the results of the parse "here" .. the problem is now fixed. Let me also state that I did not tell you to post over here ... my remarks in Help went to a problem with the configuration of your Mail-Host setup, suggesting that something be looked at there. That you did apparently make some changes but forgot to mention that in your 'new' posting in this Forum is the part that I was objecting to. Some folks only look at one Forum, others might look at a couple ... so the issue I saw was that if someone (say Ellen perhaps) came directly into this Forum, you offered no indication of previous work, previous answers, changes in configuration since the problem (and again, the Tracking URL provided in this post worked just fine) .. this person would be starting from scratch, researching a (now) fixed issue .. and wondering what the problem actually was .... Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 as found in a PM, and agree that this is a possible issue, I am bringing it out into the light; I guess the issue for me is everything was working fine, then Bang, reported held email is reporting me as the spammer when I am reporting it. Thats the parts which is scary, I didn't change any setting or mail hosts are anything and it breaks, then it my fault. Thats the issue that needs to be looked into. I deleted all my mailhosts and re added them in order, I will see if that works, but someone need to look into why they failed in the 1st place, when they worked before!! Thanks Much Owen This is in fact something that perhaps Ellen / Deputies may have some knowledge of or need the heads-up to look at. I have no input or insight into this area of SpamCop beyond that from just-another-user viewpoint (again, notice the lack of a FAQ entry from me on this stuff) That said, I'm kicking a note in their direction on this possibility of bit changes. Link to comment Share on other sites More sharing options...
Dilbertic Posted August 22, 2004 Author Share Posted August 22, 2004 In any case thanks much.... Not sure why it broke, maybe my ISP changed something behind my back, but in any case I will man. report the next batch and see if it gets flagged and report back Thanks Much Owen Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 22, 2004 Share Posted August 22, 2004 That seems like a good idea. It is working now as seen here: Reports regarding this spam have already been sent: Re: 64.62.213.111 (Administrator of network where email originates) Reportid: 1187809176 To: abuse[at]he.net If reported today, reports would be sent to: Re: 202.39.10.242 (Administrator of network where email originates) hostmaster[at]twnic.net It is possile that it was a new server brought online by your ISP, but if that causes a problem reporting of your own ISP, this mailhosts config still needs some fine tuning. Handing the information to the deputies<at>spamcop.net so they can figure out wht hapened is probably the best bet. I thought that it was immune to this because of the domain names in the mailhost config, that if the IP address was not seen, that if the rDNS was in the domain that you expect to be there, that it would also be accepted. Again, deputies should try and figure this out, probably with the ISP's help. Link to comment Share on other sites More sharing options...
Wazoo Posted August 22, 2004 Share Posted August 22, 2004 This just in from Ellen .... Well that *is* curious .... there is no way for mailhosts TTBMK to vanish or detach themselves from user entries unless it is done manually -- by the user or by one of us. And I know I didn't do that. Basically the user can remove a MH from their configuration by clicking MH and then selecting the MH to remove. One of us can bring up a user's set of MH's and then can navigate to a disassociate function or login as the user and delete a MH from a user record; I think I have disassociated a MH from a user ID exactly once in 4 months and it had nothing to do with this user or this mailhost and was back at the beginning of the MH beta. The important thing is -- it takes a series of steps for one of use to remove a mailhost from a user record -- it is not possible to do that because of a random fatfinger whilst viewing the account or viewing a probe or viewing the mailhost. Owen is the only user with the emailwest MH and I can see the probe and the date is Aug 22 so he did re-add it but I have no idea what the MH entries for this ID looked like prior to that. So I have no idea what happened or when it happened. I'll be in the forum later and mention the above -- or if you get there before me and want to post this that is fine. Ellen Please include all previous correspondence with replies ----- Original Message ----- From: "Wazoo" To: "SpamCop/Ellen" Sent: Sunday, August 22, 2004 2:25 AM Subject: Mail Host situation > starts here; > http://forum.spamcop.net/forums/index.php?showtopic=2442 > > then moves to; > http://forum.spamcop.net/forums/index.php?showtopic=2446 > > user is suggesting that data in his Mail-Host configuration > changed within the last couple of days. Tracking URLs > finally provided in the first Topic show that Mail-Host was > screwed for the account, but the deletion and re-creation > of the data seems to have corrected the issue by the time > of the Tracking URL provided in the second Topic post. > > So the question seems to be .. how could SpamCop have > "lost" this user's mail-host configuration? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 22, 2004 Share Posted August 22, 2004 In response to Ellen's statements, is it possible that an addition or change at the ISP could cause the mailhost configuration to be "incomplete" and miss some messages? Link to comment Share on other sites More sharing options...
Ellen Posted August 23, 2004 Share Posted August 23, 2004 In response to Ellen's statements, is it possible that an addition or change at the ISP could cause the mailhost configuration to be "incomplete" and miss some messages? 15653[/snapback] Well yes I guess if they changed the domain name(s) and/or the IPs of the mailservers then the MH entry would not have the correct entries for the parser to compare against the spam. Assuming the mailservers have rational rDNS then new IPs and subdomains are usually picked up OK. But not knowing what the MH's looked like before I am just flinging wild assumptions around. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 24, 2004 Share Posted August 24, 2004 Thank you Ellen, the part about picking up new IP's if the rDNS is setup was the part I was wondering about. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.