salamandir Posted February 10, 2005 Share Posted February 10, 2005 i'm subscribed to the disinformation mailing list. have been for several years now. it has only recently started being a problem... i'd say maybe a month or so ago. someone, and i think it's spamcop, is letting the mailing list through (probably because i have whitelisted it on webmail), but it's getting flagged as spam by spam assassin, and when it arrives on my machine, instead of getting routed to the disinformation mailbox, it gets routed to the spam mailbox. i'm sure that it's not my mailserver that is flagging it as spam, because on my mailserver i have a procmail rule that makes an end run around spam assassin when it encounters a sender address at disinfo dot com. the only other place that i know of that's filtering my mail through spam assassin is spamcop. here's a tracking URL if that will help: http://www.spamcop.net/sc?id=z730077084zf0...b1bcee1184e3a7z mike easter has been very helpful on usenet, but he hasn't been able to come up with an answer. his summary of the problem is as follows: SC mail receives the item for you, finds it whitelisted, then proceeds to analyze it with SA, score it for/as spam, add the spam banner to the subject and put the Xline X-spam-Flag: YES, further examine the Received headerlines for IPs for some unknown reason, and then put it into your SC mailbox. Whereupon your procmail fetches it and passes it to your mua and the mua sees the spam subject and Junk folders it. is there something i can do to prevent this from happening? it's been happening for a month or so, and wasn't happening at all before that. Link to comment Share on other sites More sharing options...
swingspacers Posted February 10, 2005 Share Posted February 10, 2005 This is odd. Are you sure that SpamCop is adding these headers? My SpamCop mail looks very different. The SpamAssassin for my mail is always run on machines named bladex (where x is a number), never a machine called orbiter. SpamCop uses SpamAssassin version 3.0.0 for my mail, but you have version 3.0.1. SpamCop uses a X-SpamCop-Disposition: header to tell me whether something is spam or not. For you, it is *****spam***** in the subject line and the X-spam-Flag: header. Either SpamCop uses very different systems for different users or all these headers were added somewhere else. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 10, 2005 Share Posted February 10, 2005 I have to agree with swingspacers. Spamcop does not modify the subject line, only adding the disposition line and does not use a X-spam-Flag: YES line. The only headers added by spamcop are: X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5 X-spam-Level: ************ X-spam-Status: hits=12.7 tests=BIZ_TLD,MSGID_DOLLARS,URIBL_AB_SURBL, URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.0.0 X-SpamCop-Checked: 192.168.1.101 69.56.175.228 83.110.62.130 X-SpamCop-Disposition: Blocked bl.spamcop.net and possibly an X-SpamCop-(Whitelisted or Blacklisted) header. Looking at your example, do you even have SpamAssassin enabled within spamcop? X-SpamCop-Checked: 192.168.1.101 192.217.248.72 X-SpamCop-Whitelisted: alex[at]disinfo.com Link to comment Share on other sites More sharing options...
Merlyn Posted February 10, 2005 Share Posted February 10, 2005 Hmmmm same thing happening to Rev. Guido S. DeLuxe, DD, LDD, OGG, OHS, ST, MI, MSU in the spamcop.mail newsgroup. Are you and the Rev the same? I thought Mike Easter had it all figured out already. Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2005 Share Posted February 10, 2005 Hmmmm same thing happening to Rev. Guido S. DeLuxe, DD, LDD, OGG, OHS, ST, MI, MSU in the spamcop.mail newsgroup. Are you and the Rev the same? I thought Mike Easter had it all figured out already. Same person, based on use of the same problem, description, and Tracking URL. And like you (as I just posted over there) ... having watched this thing move between newsgroups and Mike E. beating the tar out of it, I wasn't paying too much attention over there either .... (was actually laughing a bit at reading what briught this Topic over here ... after hoisting the flag that there should be no mentioning/pointing to this Forum in the newsgroups, he states: It's too bad this discussion or at least your presentation of the problem isn't taking place in the forum. I never go over there. You must have the same aversion or something And amazingly enough, after seeing all the work Mike E. put into this, it is a bit amazing to see this "new" information provided 'here' <g> Thanks folks! Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 This is odd. Are you sure that SpamCop is adding these headers? My SpamCop mail looks very different. The SpamAssassin for my mail is always run on machines named bladex (where x is a number), never a machine called orbiter. SpamCop uses SpamAssassin version 3.0.0 for my mail, but you have version 3.0.1.24156[/snapback] well, as i said, it has to be either spamcop or my email server. and not only do i have procmail making an end run around spam assassin, but the machine isn't named orbiter... i don't know who else could be handling it. SpamCop uses a X-SpamCop-Disposition: header to tell me whether something is spam or not. For you, it is *****spam***** in the subject line and the X-spam-Flag: header. Either SpamCop uses very different systems for different users or all these headers were added somewhere else. 24156[/snapback] who else could be running my mail through spam assassin? Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 Hmmmm same thing happening to Rev. Guido S. DeLuxe, DD, LDD, OGG, OHS, ST, MI, MSU in the spamcop.mail newsgroup. Are you and the Rev the same? I thought Mike Easter had it all figured out already. 24160[/snapback] yep... Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2005 Share Posted February 10, 2005 well, as i said, it has to be either spamcop or my email server. and not only do i have procmail making an end run around spam assassin, but the machine isn't named orbiter... i don't know who else could be handling it. who else could be running my mail through spam assassin? The only other IP showing in your sample comes from verio; Received: from ganja.terabolic.com (192.217.248.72) by mailgate.cesmail.net with SMTP; 8 Feb 2005 11:34:50 -0000 02/09/05 20:55:39 IP block 192.217.248.72 Trying 192.217.248.72 at ARIN Trying 192.217.248 at ARIN OrgName: Verio, Inc. OrgID: VRIO Address: 8005 South Chester Street Address: Suite 200 City: Englewood StateProv: CO Though noting that this does not match your posting IP here ... and I haven;t bothered trying to chase down your source of this newsletter ..??? Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 I have to agree with swingspacers. Spamcop does not modify the subject line but spam assassin does. Looking at your example, do you even have SpamAssassin enabled within spamcop? 24159[/snapback] yes. Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 and I haven;t bothered trying to chase down your source of this newsletter ..??? 24166[/snapback] it's the disinformation newsletter - http://www.disinfo.com Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2005 Share Posted February 10, 2005 OK, correction here .... I was looking for input to the SpamCop server .. then re-looking (after a bit of research on your newsletter) .. there is another IP/server involved; Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49]) by drizzle.com (8.12.11/8.12.11) with ESMTP id j18BZ18u016155 for <x>; Tue, 8 Feb 2005 03:35:01 -0800 Is this your server (under your control) or ISP? (based on IP Block, I'm going with ISP) (agreeing with Steven in that I don't see the SpamCop stuff .. maybe being stripped/overwritten by the "orbiter" machine?) Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 it's spamcop... when i hit www.cesmail.com, i'm taken to a spamcop homepage... it's not the same one as when i hit www.spamcop.net, but i've been under the impression that spamcop and cesmail were the same thing for a long time now... is it time to re-evaluate that desicion? Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2005 Share Posted February 10, 2005 it's spamcop... when i hit www.cesmail.com, i'm taken to a spamcop homepage... it's not the same one as when i hit www.spamcop.net, but i've been under the impression that spamcop and cesmail were the same thing for a long time now... is it time to re-evaluate that desicion? sorry, but the question was about drizzle.com .... I followed the newsletter from the source (my first post) .. through JT's servers .. then apparently sent to drizzle.com, which is where I'd say the "orbiter" system is based .... and your SpamAssassin issues at present ... 1. edited your post, as there is no reason to quote my entire response when it's already on the screen (please see the "button confusion" entry over in the "How to use ... / Forum" section .. thanks .. 2. This data is all over the place, but once again .... www.spamcop.net is Julian's/IronPort's parsing/reporting part of the system .... core hardware in California, U.S. (Julian is in Washington State) .... newsgroups, Forums, e-mail system are based on JT's hardware in Georgia, U.S. .... JT's primary business is CES .... Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 www.spamcop.net is Julian's/IronPort's parsing/reporting part of the system .... core hardware in California, U.S. (Julian is in Washington State) .... newsgroups, Forums, e-mail system are based on JT's hardware in Georgia, U.S. .... JT's primary business is CES .... 24176[/snapback] that's what i get for having a brain injury... three years slipped away from me while i was in the hospital... drizzle is my ISP, but their machine is not orbiter, it's bubbleator. Link to comment Share on other sites More sharing options...
petzl Posted February 10, 2005 Share Posted February 10, 2005 Just pop spamCop directly with your email client set your POP to pop.spamcop.net make sure you remove your instruction for SpamCop to forward to your ISP This should remove any problems from your ISP (You still have to send your email through your ISP's smtp server though Link to comment Share on other sites More sharing options...
swingspacers Posted February 10, 2005 Share Posted February 10, 2005 Petzl's advice is pretty good. Alternatively, Drizzle has a FAQ about how to enable and disable their SpamAssassin here: http://www.drizzle.com/faq/095.html On that site they say that they put the *****spam***** into the subject line. Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 okay, here's the latest... i called drizzle tech support again, and asked them if they have a server named orbiter. at first, the guy said no, they didn't, but then he thought about it a little, and said they did, but that email shouldn't be touching that server. so, i sent him the header from the most recent (spam-ulated) disinfo newsletter, and told him the problem (again), and he looked at the procmail rule and decided that it was "colonated wrong". he fixed the procmail rule, and now we wait until tomorrow to see if it happens again. not holding my breath. GSDL Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 Alternatively, Drizzle has a FAQ about how to enable and disable their SpamAssassin here lemme get this straight... a spamcop member is recommending that i disable spam assassin? this is a weird world... Link to comment Share on other sites More sharing options...
swingspacers Posted February 10, 2005 Share Posted February 10, 2005 If the SpamAssassin in Drizzle is giving you trouble, I suggest you disable it. You can enable the SpamAssassin in SpamCop by going to SpamCop Tools in webmail. The SpamCop SpamAssassin does not add *****spam***** to the subject line and the other header that was giving you trouble. I hope your procmail fix will work. Good luck. Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 The SpamCop SpamAssassin does not add *****spam***** to the subject line and the other header that was giving you trouble. 24211[/snapback] the thing is, this is the only message which is wrongly identified as spam... you're suggesting that i throw the bathwater out with the baby. i'm a lot more interested in fixing procmail, or whatever else it may be, so that this one message gets delivered correctly than i am in disabling spam assassin and making it all the more easy for the approximately 1,000,000,000,000,000 spam messages i get on a daily basis to make it through... Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2005 Share Posted February 10, 2005 It's like this .. you've spent quite a lot of time over in the newsgroups trying to get someone to tell you how to fix SpamCop's implentation of SpamAssassin. You bring that query over "here" .... The problem has now been identified as your ISP's implementation of SpamAssassin .... you asked a question, answers have been provided, some suggestions made .... if you don't like them, sorry about that ... Link to comment Share on other sites More sharing options...
salamandir Posted February 10, 2005 Author Share Posted February 10, 2005 harumph! Link to comment Share on other sites More sharing options...
michaelanglo Posted February 10, 2005 Share Posted February 10, 2005 If you want advice, then I suggest an additional procmail rule to look for the "Whitelisted" line before looking for any other line. Link to comment Share on other sites More sharing options...
swingspacers Posted February 10, 2005 Share Posted February 10, 2005 you're suggesting that i throw the bathwater out with the baby. 24214[/snapback] Wrong. If you followed my suggestion, you would filter your email based on the headers put in by SpamCop (X-SpamCop-Disposition and X-SpamCop-Whitelisted) instead of the subject line. This would filter out all email that SpamCop believes to be spam. If you filter based on the "*****spam*****" put in by your ISP Drizzle, what are you using SpamCop for other than maintaining your whitelist? Link to comment Share on other sites More sharing options...
salamandir Posted February 11, 2005 Author Share Posted February 11, 2005 If you filter based on the "*****spam*****" put in by your ISP Drizzle, what are you using SpamCop for other than maintaining your whitelist? 24228[/snapback] i get mail at this machine for more than one address. spamcop only deals with mail sent to my spamcop.net address, but not with any of the other ones... and it's the other ones that get all the spam. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.