Jump to content
Sign in to follow this  
DavidT

Blocking of Mailhost Probes

Recommended Posts

I don't think this has been specifically addressed, but there's something that ought to be added to the Mailhost Confirmation procedure, IMO. Due to some characteristics of the "probe" messages ("Subject: SpamCop account configuration email"), if they are received through a system that uses SpamAssassin as a filtering tool (as do SpamCop email accounts, for example), they might get blocked if a user has their SA threshold number set at 3.0 or below (mine is a 5 -- I wouldn't recommend a lower setting).

Here's the SA details line I've seen on the probes I've received:

X-spam-Status: hits=3.0 tests=FORGED_MUA_MOZILLA,FROM_HAS_MIXED_NUMS

That's a pretty high SA hits number on a desired piece of email. The "FORGED_MUA_MOZILLA" hit is due to this line from the probe's headers:

X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 via http://www.spamcop.net/ v1.371

That line should be deleted (by Julian?) which would lower the spam status. I searched the forums and found instances of people having their SA at 3 or below and having the probes blocked, which is entirely preventable.

Furthermore, it's possible that a probe can get blccked by the SC DNSBL, which is also bad....here's the the "Disposition" line from one that I had to haul out of my Held Mail:

X-SpamCop-Disposition: Blocked bl.spamcop.net

So, after that happened, I whitelisted "admin.spamcop.net" in my SC email Options, and then the probe went through with these two lines:

X-SpamCop-Disposition: Blocked bl.spamcop.net

X-SpamCop-Whitelisted: admin.spamcop.net

By doing a forum search, I found another example like this posted by another user in which their probe had been flagged/tagged/blocked/whatever by an SCBL listing. This is avoidable if a user does the whitelist procedure I mentioneed above, but this should be done before starting the mailhosts process.

So to summarize, I've identified one thing that Julian should fix, and another that should be added to the instructions shown to people who are confiruging mailhosts.

DT

Edited by DavidT

Share this post


Link to post
Share on other sites

Not sure that the X-mailer is something I can do anything about but I am curious as to why the blocked by SCbl. What IP was causing the blocking?

Share this post


Link to post
Share on other sites
Not sure that the X-mailer is something I can do anything about

But surely Julian can....and he should! Probes are getting flagged with much too high a spam scoring by SpamAssassin.

but I am curious as to why the blocked by SCbl. What IP was causing the blocking?

Well, that's a bit complicated, in that the one I have on hand went through a system that is producing defective headers. Here are the IP's checked during receipt of the message:

X-SpamCop-Checked: 192.168.1.103 64.202.166.116 63.70.201.2 63.70.201.42

It would have to be one of those (the "192" one is internal to the defective system). This is the mailhost that I gave up on, eventually nuking the account.

DT

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×