Did mistake reporting spam :-(

[vtrain]

Dear all,

I have reported several e-mails to spamcopin the last 10 days. Unfortunally I did not know much about headers . On some of those e-mails I used a automatic forward that I have setup in my computer so they had my IP address as a relay. I reported myself and now I get blacklisted

1) They were actually spam

2) it was not a relay. It was e-mails that came from one address... and a .forward file sent them to another address (i reported the last one)

Sorry... sorry... sorry....

Is that a way of unreporting those e-mails in spamcop ?

What shall I do now ?

[Jeff G.]

You posted from a netcabo.pt / netcabo.net address.

netcabo.pt A (Address) 194.65.79.190

netcabo.pt MX (Mail Exchanger) Priority: 100 mx.netcabo.pt

netcabo.pt MX (Mail Exchanger) Priority: 10 smtp.netcabo.pt

mx.netcabo.pt A (Address) 212.113.174.8

smtp.netcabo.pt A (Address) 212.113.174.9

netcabo.net A (Address) 212.113.161.225

netcabo.net MX (Mail Exchanger) Priority: 10 tvcabo05.netcabo.net

tvcabo05.netcabo.net A (Address) 212.113.161.135

According to http://www.spamcop.net/bl, the following IP Addresses are not listed:

194.65.79.190

212.113.174.8

212.113.174.9

212.113.161.225

212.113.161.135

Please provide the IP Address of the server that is blocked and/or the complete error message.

The following text by Merlyn has helped others to understand the process in the past:

Lets go through this step by step together. Please read this carefully and

do not just scan it otherwise you will not understand the process.

1.) If you did not post the entire message you received about your email

being blocked it will be very hard to help you solve your problem.

2.) Next we will talk about why Spamcop cannot block your email.

Spamcop has no access to your email. When you send your email it goes

through your ISP's email server and travels through the Internet until it

reaches the ISP's server of the person you are sending your mail to then

their ISP's server routes it to their mailbox. Spamcop has no access to

either server or to the process between servers.

3.) Next we will discuss why you think Spamcop blocked you email.

You probably received a "bounced" email saying something like:

451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx:

or

email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net

or

Anything saying your email was "blocked" by Spamcop and they directed you to

some page on the Spamcop site.

4.) Now we will talk about who is "really" blocking your email

Remember how we discussed the way your email traveled from your computer to

the recipients computer in #2? The only person who could block your email

is the recipients ISP or the recipient themselves. Most likely the

recipients ISP is using the Spamcop List (we will discuss this in the next

part #5) and they have blocked this email because the sending ISP's server

is a known source of spam on the Internet. You should be complaining to

your ISP because they allow spammers to use their resources which in turn

caused your email to get blocked. You ISP did receive complaints. You could

also contact the recipients ISP asking them to "whitelist" you. They

recipients ISP decided on their own to incorporate this list into their

email server software. Now you say you do not send spam but before you get

upset, read the next part about how this list is compiled by Spamcop.

5.) What is the Spamcop List and why do ISP's use it?

Spamcop runs a service for reporting spam. This is a free service where

people either send their spam email or copy their spam email in a form that

parses the email to find out where it originated from. Once the amount of

spam reaches a calculated amount the originating server is placed on the

list of spammers. This list is made freely available to anyone running an

email server to use to enable them to block email originating from known

spam servers.

This list only contains IP numbers and not email addresses as email

addresses in the "From" field can be readily forged and are not reliable.

The only reliable source is the IP address the spam originated from.

for more detailed information on how Spamcop works see:

http://www.spamcop.net/fom-serve/cache/3.html

6.) Final Notes (VERY IMPORTANT)

Before you start getting upset just remember what brought you here. Your

email was blocked, not by Spamcop but the ISP of the person you were sending

your email to. Spamcop has no control over what they do with their servers.

Also, get proactive and help stop the flow of spam. Complain to your ISP

because it is their servers that are being blocked. Let them know that you

are paying for email service in your contract with them and they are not

able to provide you with this service because they allow spammers to abuse

their servers.

I think you would agree with me that everyone is tired of receiving mortgage

quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old

teenage sluts, Viagra, vacation, lottery, prescription drug, business

opportunities, genealogical, university degrees, gambling, get rich quick,

MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams,

pirated software and everything else that is force fed into our inboxes.

If you have any more questions please post them here, there are many people

willing to assist. And remember most people in this group are here to help

you and they did not block your email so do not take your wrath out on them.

HTH HAND

[Wazoo]

I have reported several e-mails to spamcopin the last 10 days. Unfortunally I did not know much about headers . On some of those e-mails I used a automatic forward that I have setup in my computer so they had my IP address as a relay. I reported myself and now I get blacklisted

1) They were actually spam

2) it was not a relay. It was e-mails that came from one address... and a .forward file sent them to another address (i reported the last one)

Sorry... sorry... sorry....

Is that a way of unreporting those e-mails in spamcop ?

What shall I do now ?

That you "don't know anything about headers" and appaerntly did very little research on how to use SpamCop makes it very strange that you would just jump to setting up an auto-forward to begin with. To stay within the "be nice" guidelines, that's all I'll say about that.

That you're blacklisted is interesting, as others that come in with this story also bring in tales of having their ISP all over them. Maybe yours hasn't found out about it yet?

As answered over in the newsgroups, reports are handling like any other e-mail .. you hit Send: and they're prettty much gone at that instant (speaking in general terms of course) So no, there is no way to "un-report" a sent complaint.

If you've got an IP that has in fact hit the BL, I'd suggest you get hold of your ISP pretty quick ... see if they let you remain as a customer ... You might kick a note (with a hell of a lot more info than you supplied here) to the deputies address and see if they can take a look, maybe even verify what you've said (again, impossible with what little data you've provided), and maybe, just maybe, the IP could get knocked off the list. On the other hand, if you've just been shooting the same error out for 10 days, with your system set on auto-pilot, Don might just boot you off the SpamCop tool anyway, just for GP's.

[vtrain]

You posted from a netcabo.pt / netcabo.net address.

  netcabo.pt A (Address) 194.65.79.190

  netcabo.pt MX (Mail Exchanger) Priority: 100 mx.netcabo.pt

  netcabo.pt MX (Mail Exchanger) Priority: 10 smtp.netcabo.pt

  mx.netcabo.pt A (Address) 212.113.174.8

  smtp.netcabo.pt A (Address) 212.113.174.9

  netcabo.net A (Address) 212.113.161.225

  netcabo.net MX (Mail Exchanger) Priority: 10 tvcabo05.netcabo.net

  tvcabo05.netcabo.net A (Address) 212.113.161.135

According to http://www.spamcop.net/bl, the following IP Addresses are not listed:

194.65.79.190

212.113.174.8

212.113.174.9

212.113.161.225

212.113.161.135

Please provide the IP Address of the server that is blocked and/or the complete error message.

Thank you very much JeffG,

the IP address that is blacklisted is not my ISP smtp or pop address. It's my home address:

http://www.spamcop.net/w3m?action=checkblo...=+213.22.22.124

the last e-mail wrongly reported has the following headers:

From - Fri Jan 23 17:39:25 2004

X-UIDL: AAQ8gb8BAAg50pKw4Tz2bK04w5VdFYQP

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Received: from smtp.netcabo.pt ([192.168.16.2]) by VS1.hdi.tvcabo with Microsoft SMTPSVC(5.0.2195.6713);

Fri, 23 Jan 2004 17:30:05 +0000

Received: from xxxxxx([213.22.22.124]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713);

Fri, 23 Jan 2004 17:29:46 +0000

Received: by aragao.homelinux.net (Postfix)

id 54762180F7; Fri, 23 Jan 2004 17:29:32 +0000 (WET)

Delivered-To: hf[at]xxxxxx

Received: from localhost (localhost [127.0.0.1])

by xxxxxxx(Postfix) with ESMTP id C901B180F7

for <hf[at]localhost>; Fri, 23 Jan 2004 17:28:46 +0000 (WET)

Received: from mx.netcabo.pt [212.113.174.8]

by localhost with POP3 (fetchmail-5.9.0)

for hf[at]localhost (single-drop); Fri, 23 Jan 2004 17:28:46 +0000 (WET)

Received: from smtp.netcabo.pt ([192.168.16.4]) by VS2.hdi.tvcabo with Microsoft SMTPSVC(5.0.2195.6713);

Fri, 23 Jan 2004 17:20:57 +0000

Received: from portugalmail.pt ([82.140.200.244]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713);

Fri, 23 Jan 2004 17:06:33 +0000

Message-ID: <1428716-220041523164653132[at]portugalmail.pt>

From: "MaiDir" <dirmail[at]portugalmail.pt>

To: "xxxxxx" <xxxxxxxx>

Subject: Um 2004 com NOVOS CLIENTES para o seu Negocio!

Date: Fri, 23 Jan 2004 16:46:53 -0000

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_14319136262314960164653142"

X-OriginalArrivalTime: 23 Jan 2004 17:06:34.0570 (UTC) FILETIME=[414202A0:01C3E1D3]

Return-Path: dirmail[at]portugalmail.pt

[snip]

----------------------------------

Wazoo:

I asked someone to put the .forward file in the past

To stay within the "be nice" guidelines, that's all I'll say about that.

to stay within the "be nice" guidelines I won't answer more than this to your post.

regards

Helena

P.S: I know that I did a mistake ok? but my computer does not send spam or relay spam. I use it to run spamassassin.

[Jeff G.]

I fed your posted header to the parser. The results here point out the problem. From those results:

Received: from mx.netcabo.pt [212.113.174.8] by localhost with POP3 (fetchmail-5.9.0) for hf[at]localhost (single-drop); Fri, 23 Jan 2004 17:28:46 +0000 (WET)

Checking POP client chain:

Chain test:smtp.netcabo.pt =? 213.22.22.124

213.22.22.124 is not an MX for smtp.netcabo.pt

host smtp.netcabo.pt (checking ip) = 212.113.174.9

213.22.22.124 is not an MX for smtp.netcabo.pt

Chain test failed

Chain test:smtp.netcabo.pt =? 213.22.22.124

213.22.22.124 is not an MX for smtp.netcabo.pt

host smtp.netcabo.pt (checking ip) = 212.113.174.9

213.22.22.124 is not an MX for smtp.netcabo.pt

Chain test failed

host 212.113.174.8 = a212-113-174-8.netcabo.pt (cached)

host a212-113-174-8.netcabo.pt (checking ip) ip not found ; a212-113-174-8.netcabo.pt discarded as fake.

213.22.22.124 not listed in dnsbl.njabl.org

213.22.22.124 not listed in cbl.abuseat.org

213.22.22.124 listed in dnsbl.sorbs.net ( 127.0.0.10 )

213.22.22.124 is not an MX for smtp.netcabo.pt

213.22.22.124 is not an MX for a213-22-22-124.netcabo.pt

213.22.22.124 is not an MX for smtp.netcabo.pt

213.22.22.124 is not an MX for smtp.netcabo.pt

213.22.22.124 not listed in dnsbl.njabl.org

Possible spammer: 212.113.174.8

host smtp.netcabo.pt (checking ip) = 212.113.174.9

212.113.174.9 not listed in dnsbl.njabl.org

212.113.174.9 not listed in cbl.abuseat.org

212.113.174.9 not listed in dnsbl.sorbs.net

ips are close enough

212.113.174.8 is close to an MX (212.113.174.9) for netcabo.pt

Chain test:smtp.netcabo.pt =? a213-22-22-124.netcabo.pt

host a213-22-22-124.netcabo.pt (checking ip) = 213.22.22.124

213.22.22.124 is not an MX for smtp.netcabo.pt

host smtp.netcabo.pt (checking ip) = 212.113.174.9

213.22.22.124 is not an MX for smtp.netcabo.pt

Chain test failed

Chain test:smtp.netcabo.pt =? 213.22.22.124

213.22.22.124 is not an MX for smtp.netcabo.pt

host smtp.netcabo.pt (checking ip) = 212.113.174.9

213.22.22.124 is not an MX for smtp.netcabo.pt

Chain test failed

Cached masters for 213.22.22.124: abuse[at]tvcabo.pt abuse[at]netcabo.pt

Chain error smtp.netcabo.pt not equal to last sender received line discarded

This looks like a forgery because mailservers are supposed to report their own real names (like aragao.homelinux.net or a213-22-22-124.netcabo.pt) instead of their IP Addresses or unresolvable names (like 213.22.22.124 or localhost) in Received headers that they create.

According to Section D, Page 46 of Internet Standard #11 and RFC #822

"Standard for the format of ARPA Internet text messages" at

http://www.rfc-editor.org/rfc/rfc822.txt and

http://www.rfc-editor.org/rfc/std/std11.txt :

received = "Received" ":" ; one per relay

["from" domain] ; sending host

["by" domain] ; receiving host

["via" atom] ; physical path

*("with" atom) ; link/mail protocol

["id" msg-id] ; receiver msg id

["for" addr-spec] ; initial form

";" date-time ; time received

Also, according to Section 4.1.2, Pages 32-33 of Internet Standard #10 and

RFC #821 "Simple Mail Transfer Protocol" at

http://www.rfc-editor.org/rfc/std/std10.txt and

http://www.rfc-editor.org/rfc/rfc821.txt :

<time-stamp-line> ::= "Received:" <SP> <stamp> <CRLF>

<stamp> ::= <from-domain> <by-domain> <opt-info> ";"

<daytime>

<from-domain> ::= "FROM" <SP> <domain> <SP>

<by-domain> ::= "BY" <SP> <domain> <SP>

<opt-info> ::= [<via>] [<with>] [<id>] [<for>]

<via> ::= "VIA" <SP> <link> <SP>

<with> ::= "WITH" <SP> <protocol> <SP>

<id> ::= "ID" <SP> <string> <SP>

<for> ::= "FOR" <SP> <path> <SP>

<link> ::= The standard names for links are registered with

the Network Information Center.

<protocol> ::= The standard names for protocols are

registered with the Network Information Center.

<daytime> ::= <SP> <date> <SP> <time>

<date> ::= <dd> <SP> <mon> <SP> <yy>

<time> ::= <hh> ":" <mm> ":" <ss> <SP> <zone>

<dd> ::= the one or two decimal integer day of the month in

the range 1 to 31.

<mon> ::= "JAN" | "FEB" | "MAR" | "APR" | "MAY" | "JUN" |

"JUL" | "AUG" | "SEP" | "OCT" | "NOV" | "DEC"

<yy> ::= the two decimal integer year of the century in the

range 00 to 99.

<hh> ::= the two decimal integer hour of the day in the

range 00 to 24.

<mm> ::= the two decimal integer minute of the hour in the

range 00 to 59.

<ss> ::= the two decimal integer second of the minute in the

range 00 to 59.

<zone> ::= "UT" for Universal Time (the default) or other

time zone designator (as in [2]).

Please fix your mailserver to bring it into compliance with these Internet

Standards and RFCs.

Thanks!

[vtrain]

Thanks JeffG

Will try to ask the person that owns the linux machine to do that.

A spamcop deputy removed the ban.

H.

[Richard W]

Thanks JeffG

Will try to ask the person that owns the linux machine to do that.

A spamcop deputy removed the ban.

H.

The IP timed off the BL because the last report was for mail received 3.3 days ago. There was no manual delist done.

I have flagged your IP as a trusted relay, which is a temporary fix, but the other problems should be done as a permanent fix.

Richard

[vtrain]

Can a moderator edit the post above where an e-mail address appears (helena.ferreira AT netcabo pt) ?

Thanks,

Vtrain

[StevenUnderwood]

If it is your own message, you should be able to edit it yourself. Go to the post in question (while you are logged into your account) and there should be an edit button.

*Edit* the edit button will be below your post to the right. Then hit the "Submit Modified Post" button.