Jump to content

disinformation newsletter is gettlng flagged by SA


Recommended Posts

i'm subscribed to the disinformation mailing list. have been for several years now. it has only recently started being a problem... i'd say maybe a month or so ago. someone, and i think it's spamcop, is letting the mailing list through (probably because i have whitelisted it on webmail), but it's getting flagged as spam by spam assassin, and when it arrives on my machine, instead of getting routed to the disinformation mailbox, it gets routed to the spam mailbox. i'm sure that it's not my mailserver that is flagging it as spam, because on my mailserver i have a procmail rule that makes an end run around spam assassin when it encounters a sender address at disinfo dot com. the only other place that i know of that's filtering my mail through spam assassin is spamcop.

here's a tracking URL if that will help:

http://www.spamcop.net/sc?id=z730077084zf0...b1bcee1184e3a7z

mike easter has been very helpful on usenet, but he hasn't been able to come up with an answer. his summary of the problem is as follows:

SC mail receives the item for you, finds it whitelisted, then proceeds to analyze it with SA, score it for/as spam, add the spam banner to the subject and put the Xline X-spam-Flag: YES, further examine the Received headerlines for IPs for some unknown reason, and then put it into your SC mailbox. Whereupon your procmail fetches it and passes it to your mua and the mua sees the spam subject and Junk folders it.

is there something i can do to prevent this from happening? it's been happening for a month or so, and wasn't happening at all before that.

Link to comment
Share on other sites

This is odd. Are you sure that SpamCop is adding these headers? My SpamCop mail looks very different. The SpamAssassin for my mail is always run on machines named bladex (where x is a number), never a machine called orbiter. SpamCop uses SpamAssassin version 3.0.0 for my mail, but you have version 3.0.1. SpamCop uses a X-SpamCop-Disposition: header to tell me whether something is spam or not. For you, it is *****spam***** in the subject line and the X-spam-Flag: header. Either SpamCop uses very different systems for different users or all these headers were added somewhere else.

Link to comment
Share on other sites

I have to agree with swingspacers. Spamcop does not modify the subject line, only adding the disposition line and does not use a X-spam-Flag: YES line.

The only headers added by spamcop are:

X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5

X-spam-Level: ************

X-spam-Status: hits=12.7 tests=BIZ_TLD,MSGID_DOLLARS,URIBL_AB_SURBL,

URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.0.0

X-SpamCop-Checked: 192.168.1.101 69.56.175.228 83.110.62.130

X-SpamCop-Disposition: Blocked bl.spamcop.net

and possibly an X-SpamCop-(Whitelisted or Blacklisted) header.

Looking at your example, do you even have SpamAssassin enabled within spamcop?

X-SpamCop-Checked: 192.168.1.101 192.217.248.72

X-SpamCop-Whitelisted: alex[at]disinfo.com

Link to comment
Share on other sites

Hmmmm  same thing happening to Rev. Guido S. DeLuxe, DD, LDD, OGG, OHS, ST, MI, MSU in the spamcop.mail newsgroup.  Are you and the Rev the same?

I thought Mike Easter had it all figured out already.

Same person, based on use of the same problem, description, and Tracking URL. And like you (as I just posted over there) ... having watched this thing move between newsgroups and Mike E. beating the tar out of it, I wasn't paying too much attention over there either ....

(was actually laughing a bit at reading what briught this Topic over here ... after hoisting the flag that there should be no mentioning/pointing to this Forum in the newsgroups, he states:

It's too bad this discussion or at least your presentation of the

problem isn't taking place in the forum.  I never go over there.  You

must have the same aversion or something

And amazingly enough, after seeing all the work Mike E. put into this, it is a bit amazing to see this "new" information provided 'here' <g>

Thanks folks!

Link to comment
Share on other sites

This is odd. Are you sure that SpamCop is adding these headers? My SpamCop mail looks very different. The SpamAssassin for my mail is always run on machines named bladex (where x is a number), never a machine called orbiter. SpamCop uses SpamAssassin version 3.0.0 for my mail, but you have version 3.0.1.

24156[/snapback]

well, as i said, it has to be either spamcop or my email server. and not only do i have procmail making an end run around spam assassin, but the machine isn't named orbiter... i don't know who else could be handling it.

SpamCop uses a X-SpamCop-Disposition: header to tell me whether something is spam or not. For you, it is  *****spam***** in the subject line and the X-spam-Flag: header. Either SpamCop uses very different systems for different users or all these headers were added somewhere else.

24156[/snapback]

who else could be running my mail through spam assassin?

Link to comment
Share on other sites

well, as i said, it has to be either spamcop or my email server. and not only do i have procmail making an end run around spam assassin, but the machine isn't named orbiter... i don't know who else could be handling it.

who else could be running my mail through spam assassin?

The only other IP showing in your sample comes from verio;

Received: from ganja.terabolic.com (192.217.248.72)

by mailgate.cesmail.net with SMTP; 8 Feb 2005 11:34:50 -0000

02/09/05 20:55:39 IP block 192.217.248.72

Trying 192.217.248.72 at ARIN

Trying 192.217.248 at ARIN

OrgName: Verio, Inc.

OrgID: VRIO

Address: 8005 South Chester Street

Address: Suite 200

City: Englewood

StateProv: CO

Though noting that this does not match your posting IP here ... and I haven;t bothered trying to chase down your source of this newsletter ..???

Link to comment
Share on other sites

OK, correction here .... I was looking for input to the SpamCop server .. then re-looking (after a bit of research on your newsletter) .. there is another IP/server involved;

Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])

by drizzle.com (8.12.11/8.12.11) with ESMTP id j18BZ18u016155

for <x>; Tue, 8 Feb 2005 03:35:01 -0800

Is this your server (under your control) or ISP? (based on IP Block, I'm going with ISP)

(agreeing with Steven in that I don't see the SpamCop stuff .. maybe being stripped/overwritten by the "orbiter" machine?)

Link to comment
Share on other sites

it's spamcop... when i hit www.cesmail.com, i'm taken to a spamcop homepage... it's not the same one as when i hit www.spamcop.net, but i've been under the impression that spamcop and cesmail were the same thing for a long time now... is it time to re-evaluate that desicion?

Link to comment
Share on other sites

it's spamcop... when i hit www.cesmail.com, i'm taken to a spamcop homepage... it's not the same one as when i hit www.spamcop.net, but i've been under the impression that spamcop and cesmail were the same thing for a long time now... is it time to re-evaluate that desicion?

sorry, but the question was about drizzle.com .... I followed the newsletter from the source (my first post) .. through JT's servers .. then apparently sent to drizzle.com, which is where I'd say the "orbiter" system is based .... and your SpamAssassin issues at present ...

1. edited your post, as there is no reason to quote my entire response when it's already on the screen (please see the "button confusion" entry over in the "How to use ... / Forum" section .. thanks ..

2. This data is all over the place, but once again .... www.spamcop.net is Julian's/IronPort's parsing/reporting part of the system .... core hardware in California, U.S. (Julian is in Washington State) .... newsgroups, Forums, e-mail system are based on JT's hardware in Georgia, U.S. .... JT's primary business is CES ....

Link to comment
Share on other sites

www.spamcop.net is Julian's/IronPort's parsing/reporting part of the system .... core hardware in California, U.S. (Julian is in Washington State) .... newsgroups, Forums, e-mail system are based on JT's hardware in Georgia, U.S. .... JT's primary business is CES ....

24176[/snapback]

that's what i get for having a brain injury... three years slipped away from me while i was in the hospital...

drizzle is my ISP, but their machine is not orbiter, it's bubbleator.

Link to comment
Share on other sites

Just pop spamCop directly with your email client set your POP to

pop.spamcop.net

make sure you remove your instruction for SpamCop to forward to your ISP

This should remove any problems from your ISP (You still have to send your email through your ISP's smtp server though

Link to comment
Share on other sites

okay, here's the latest...

i called drizzle tech support again, and asked them if they have a server named orbiter. at first, the guy said no, they didn't, but then he thought about it a little, and said they did, but that email shouldn't be touching that server.

so, i sent him the header from the most recent (spam-ulated) disinfo newsletter, and told him the problem (again), and he looked at the procmail rule and decided that it was "colonated wrong". he fixed the procmail rule, and now we wait until tomorrow to see if it happens again.

not holding my breath.

GSDL

Link to comment
Share on other sites

If the SpamAssassin in Drizzle is giving you trouble, I suggest you disable it. You can enable the SpamAssassin in SpamCop by going to SpamCop Tools in webmail. The SpamCop SpamAssassin does not add *****spam***** to the subject line and the other header that was giving you trouble.

I hope your procmail fix will work. Good luck.

Link to comment
Share on other sites

The SpamCop SpamAssassin does not add *****spam***** to the subject line and the other header that was giving you trouble.

24211[/snapback]

the thing is, this is the only message which is wrongly identified as spam... you're suggesting that i throw the bathwater out with the baby. i'm a lot more interested in fixing procmail, or whatever else it may be, so that this one message gets delivered correctly than i am in disabling spam assassin and making it all the more easy for the approximately 1,000,000,000,000,000 spam messages i get on a daily basis to make it through...

Link to comment
Share on other sites

It's like this .. you've spent quite a lot of time over in the newsgroups trying to get someone to tell you how to fix SpamCop's implentation of SpamAssassin. You bring that query over "here" .... The problem has now been identified as your ISP's implementation of SpamAssassin .... you asked a question, answers have been provided, some suggestions made .... if you don't like them, sorry about that ...

Link to comment
Share on other sites

you're suggesting that i throw the bathwater out with the baby.

24214[/snapback]

Wrong. If you followed my suggestion, you would filter your email based on the headers put in by SpamCop (X-SpamCop-Disposition and X-SpamCop-Whitelisted) instead of the subject line. This would filter out all email that SpamCop believes to be spam.

If you filter based on the "*****spam*****" put in by your ISP Drizzle, what are you using SpamCop for other than maintaining your whitelist?

Link to comment
Share on other sites

If you filter based on the "*****spam*****" put in by your ISP Drizzle, what are you using SpamCop for other than maintaining your whitelist?

24228[/snapback]

i get mail at this machine for more than one address. spamcop only deals with mail sent to my spamcop.net address, but not with any of the other ones... and it's the other ones that get all the spam.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...