Jump to content
Sign in to follow this  
iixii

[Resolved] Blackholing China (cn.rbl.cluecentral.net) broken

Recommended Posts

I just received spam from 220.164.222.17.

However, 17.222.164.220.cn.rbl.cluecentral.net resolves to 127.0.0.2, which means that it should have been blocked. The IP is not a recent addition to the RBL, I already noticed the exact same problem a few days ago.

What's this? The RBL is not always lightning fast to respond, maybe there's a timeout which is too short?

Share this post


Link to post
Share on other sites
http://forum.spamcop.net/forums/index.php?...838entry16838 was my last attempt at identifying the various BLs available ... which ones are you using? For instance, within the last couple of weeks, Steve at Spamhaus stated that he'd widened up the China Railroad spew source to an entire /11 in the SBL/XBL list ...??? From here, that's about all I can offer ....

Share this post


Link to post
Share on other sites
http://forum.spamcop.net/forums/index.php?...838entry16838 was my last attempt at identifying the various BLs available ... which ones are you using?  For instance, within the last couple of weeks, Steve at Spamhaus stated that he'd widened up the China Railroad spew source to an entire /11 in the SBL/XBL list ...??? From here, that's about all I can offer ....

26815[/snapback]

Here is the current list available within spamcop webmail:

DNS Blacklist DNS Zone Website

SpamCop Blacklist bl.spamcop.net www.spamcop.net/bl.shtml

SPEWS level 1 l1.spews.dnsbl.sorbs.net www.spews.org

DSBL open relays list.dsbl.org dsbl.org

Spamhaus Blacklist sbl.spamhaus.org www.spamhaus.org/sbl/

South Korea (the country) korea.services.net korea.services.net

China (the country) cn.rbl.cluecentral.net www.cluecentral.net/rbl/

Nigeria nigeria.blackholes.us www.blackholes.us

Argentina argentina.blackholes.us www.blackholes.us

Brazil brazil.blackholes.us www.blackholes.us

Composite Blocking List cbl.abuseat.org cbl.abuseat.org

Spamhaus XBL xbl.spamhaus.org www.spamhaus.org/xbl/

SORBS DNSbl dnsbl.sorbs.net www.dnsbl.sorbs.net

Share this post


Link to post
Share on other sites
...the various BLs available ... which ones are you using?

I was obviously talking about cn.rbl.cluecentral.net, the Cluecentral China blackhole.

Share this post


Link to post
Share on other sites

Whereas the question was meant to suggest adding in some of the others ...????

Share this post


Link to post
Share on other sites

I received this spam from 220.164.222.17, which is a Chinese IP.

I have enabled the cn.rbl.cluecentral.net RBL to blackhole China, so the spam should have been blocked.

17.222.164.220.cn.rbl.cluecentral.net resolves to 127.0.0.2, which means that the IP is listed in the China RBL, and the error lies with Spamcop, it has not blocked the spam although it was listed in that blacklist.

I suggested that Spamcop's error might be that it's not waiting long enough for the blacklist to respond, because it is sometimes a bit slow.

Any clearer now?

Share this post


Link to post
Share on other sites

I totally understand ... thus the question / suggestion on adding other BLs into the mix.

Share this post


Link to post
Share on other sites

Thanks David ... a dozen windows open here, parse results for 5 queries from 2 other users, e-mail being created to go to Don, conversations going on in ICQ and Yahoo .... I didn't notice the placement of this discussion .. moved it.

Share this post


Link to post
Share on other sites
I totally understand ... thus the question / suggestion on adding other BLs into the mix.

A blacklist is not queried properly, and I want that fixed. I don't want to work around it by enabling other blacklists.

About posting in the wrong forum, sorry about that.

Share this post


Link to post
Share on other sites
A blacklist is not queried properly, and I want that fixed. I don't want to work around it by enabling other blacklists.

26835[/snapback]

In my Trash folder (2+ days) of spam, the cn.rbl.cluecentral.net RBL has trapped 14 spam including a couple this morning, the the list is working. Also, of the messages that have slipped through and were manually reported, I can not remember the lastone that was of Chinese origin. Perhaps there was a problem at the time that (those?) messages went through?

Share this post


Link to post
Share on other sites
In my Trash folder (2+ days) of spam, the cn.rbl.cluecentral.net  RBL has trapped 14 spam including a couple this morning, the the list is working.

Yes, usually it is, but not always. Several Chinese spams per day are blocked, but during the last few days, 5 or so went through, and when I checked the IP, it was always on that black list. Querying it can sometimes take 5 seconds or so, so I'm still suggesting that maybe Spamcop needs to relax some timeout interval.

Share this post


Link to post
Share on other sites

...Are we near the point where we volunteers can agree there's a problem that needs to be sent to those who can actually do something about it for their consideration? :) <g>

Share this post


Link to post
Share on other sites
A blacklist is not queried properly, and I want that fixed. I don't want to work around it by enabling other blacklists.

I could start with the things in life I want and the things I'd rather not have to do to get them, but .... how about if I just point out once again to a bit of text I placed into each Forum Section .... "The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)" ... From there we walk over to the sign that says "The Net is a nebulous thing" ... I know of three sites that have been / are undergoing a DoS attack starting yesterday morning, so we know that there's traffic 'out there' ... Failure to resolve one of these BL lookups is designed to fail with a 'pass' result. From this side of the screen, it's hard to say whether cluecentral was having issues (maybe even down?) or JT's machines were crunching through ton-loads of incoming at the time, or even that danged butterfly in China participating in the "theory of chaos" experiment screwed things up. You are the one that suggested a timeout with one BL, thus the suggestion to include others, expecially as you specified an IP that exists in a number of databases. You didn't bother to state that you'd reported yours, perhaps helping to get it onto SpamCop's own BL, as far as that goes. At any rate, your bit of outrage is mis-placed.

Share this post


Link to post
Share on other sites

...Something that may not be entirely clear at this point is that, last I knew, this forum was the primary way to contact JT about SpamCop e-mail matters, so this thread should be sufficient to get his attention. Hopefully, he'll actually post here to indicate his awareness of the problem and plan to address it (or announcement that it's been addressed), although past history has shown that doesn't always happen....

Share this post


Link to post
Share on other sites
The primary mode of support here is peer-to-peer

Spamcop is a service I'm paying for, and it should darn well have a possibility to report bugs in the system. As it is, this forum is the only way to do so, and so the message above, basically saying "let the other users handle this", is really, really ridiculous.

You didn't bother to state that you'd reported yours, perhaps helping to get it onto SpamCop's own BL, as far as that goes.

I thought that would be taken for granted. But if it's necessary, I will bother to state that I always report any spam, whether by quick reporting the stuff in "Held Email" daily, or by immediately submitting spam that gets through.

At any rate, your bit of outrage is mis-placed.

I honestly don't think so. For example, what about this thread? I really appreciate your efforts to help me regarding that matter, but why the hell can't any of the responsible coders at Spamcop look into that problem??

Back to the original topic, today another spam from China went through. I reported it and immediately checked the cn.rbl.cluecentral.net blacklist - surprise, surprise, the IP was on it. It took about 15 seconds for the blacklist to reply, so I still maintain my theory that some blacklist timeout at Spamcop has to be relaxed a little.

FWIW, the URL for the reported spam is

this, no idea if any of you powers-that-be can use it without my login.

Thanks for your time, sometimes I just wished that there was a less futile way to report Spamcop bugs.

Share this post


Link to post
Share on other sites
Spamcop is a service I'm paying for, and it should darn well have a possibility to report bugs in the system.

This is one avenue. I take it you've not visited the FAQ here?

As it is, this forum is the only way to do so, and so the message above, basically saying "let the other users handle this", is really, really ridiculous.

I don't follow your translation of "The primary mode of support here is peer-to-peer" .... The point is that you can get as mad as you want, but you are yelling at other users for the most part .. the same users that are voluntering their time and knowledge to try to help you out. Again, you must not have yet visited the FAQ here.

I thought that would be taken for granted. But if it's necessary, I will bother to state that I always report any spam, whether by quick reporting the stuff in "Held Email" daily, or by immediately submitting spam that gets through.

If things are taken for granted, then everything usually works out wrong. Just last night, I "assumed" that I didn't need to include the "user" data in setting up OE to read newsgroups as the user stated that he was already hitting the Microsoft newsgroups. What a surprise when the problem turned out to be the munged e-mail address he was trying to use in the set-up, and OE was complaining. There's a boat-load of folks that don't report anything.

I honestly don't think so. For example, what about this thread? I really appreciate your efforts to help me regarding that matter, but why the hell can't any of the responsible coders at Spamcop look into that problem??

Again, I don't have a clue who's involved with that specific problem. You've got IromPort hardware at one end, your system/browser at the other, and Akamai systems in the middle (Akamai won't talk to me, Deputies don't have an answer apparently, and then there's Julian. I responded there, even indicating that I'd sent it upstream before with no response. Julian is "the" coder for the SpamCop parsing and reporting tool. Of the many things on his plate, I don't have a clue where a single (known) user is having an issue with a specific browser submitting spam ... with other users stating no issues ....????

Back to the original topic, today another spam from China went through. I reported it and immediately checked the cn.rbl.cluecentral.net blacklist - surprise, surprise, the IP was on it. It took about 15 seconds for the blacklist to reply, so I still maintain my theory that some blacklist timeout at Spamcop has to be relaxed a little.

And along the same line, some other options were suggested, but met with "I don't want to" .... just a bit of a spoiler there ...

FWIW, the URL for the reported spam is

this, no idea if any of you powers-that-be can use it without my login.

Nope. A Tracking URL is the only option to share the data.

Thanks for your time, sometimes I just wished that there was a less futile way to report Spamcop bugs.

I can sympathize .. the 'support' forum for this application has me showing 160+ posts .. out of those posts are a half-dozen questions .. none of them have an actual answer .. the remaining are my replies to help other folks out that didn't take the time to look things up ot are asking things I've already figured out on my own.

Anyway, again from this side of the screen, you want an assumed timeout extended to assumedly solve your issue, yet neither you ot I have a clue as to what the system load looks like and the impact of taking more time on these lookups. A similar scenario is talked about at http://forum.spamcop.net/forums/index.php?...indpost&p=27119 Personally, I see 15 seconds as a bit of forever when talking server speed/load for thousands of users. JT's servers support this Forum, the SpamCop NNTP newsgroups, and the SpamCop E-Mail accounts are just a portion of his CES business.

That said, note sent upstream on your behalf on this one also.

Share this post


Link to post
Share on other sites
This is one avenue.  I take it you've not visited the FAQ here?

Of course I did. Under "How can I get help? How can I report a bug? How can I suggest a feature?" it says that posting here or on Usenet is the only way.

I don't follow your translation of "The primary mode of support here is peer-to-peer" .... The point is that you can get as mad as you want, but you are yelling at other users for the most part .. the same users that are voluntering their time and knowledge to try to help you out.  Again, you must not have yet visited the FAQ here.

Again, yes I did. The only channel to report bugs being "primarily peer-to-peer" is what I'm complaining about.

Of the many things on his plate, I don't have a clue where a single (known) user is having an issue with a specific browser submitting spam ... with other users stating no issues ....????

As I'm an Opera programmer, I can verify with absolute certainty that this is a problem in all Opera versions since at least Opera 6.0. I suppose the number of people manually reporting spam is quite small (as you suggested yourself), the fraction of spam bigger than 10 kB makes the probability even smaller, and the number of those people actually using Opera diminishes it even more, with the number of people actually bothering to report it probably being exactly one, me.

If it was simply an Opera-problem/incompatibility, I'd just fix it, but it's a direct violation of the RFC, so whether it affects many people or not, I really think it should be addressed.

Nope.  A Tracking URL is the only option to share the data.

OK. I've just discovered how to retrieve it from the internal report URL - by choosing to "Parse" again.

Personally, I see 15 seconds as a bit of forever when talking server speed/load for thousands of users.  JT's servers support this Forum, the SpamCop NNTP newsgroups, and the SpamCop E-Mail accounts are just a portion of his CES business.

You are quite probably right, a longer timeout value might well be impractical for Spamcop. However, that timeout was just a theory of mine, maybe there is a completely different bug, that's why I think it should at least be looked at. If it's indeed a timeout, which can't be increased, well, too bad, but I'd like to hear that from someone who knows.

That said, note sent upstream on your behalf on this one also.

Thanks a lot! I really appreciate all the work you do here. If you ask me, what's desperately needed is to separate newbie questions and general hand-holding from real bug reports. If it must happen in these forums, then there should be one titled "Bugs in the Spamcop system", with all threads that don't really report bugs being quickly moved out of it so it becomes a usable resource for Julian.

Share this post


Link to post
Share on other sites

not a bad idea. Another alternative would be a 'moderater-posting-only' forum where wazoo, et al, could move posts from the help section to the bug section, posts marked open/resolved/unsolvable/etc. That may help maintain a manageable bug/problem list with a traceable history, and make the JT/Deputy jobs at least a little easier. (I guess there's a reason Information management is a multi-million dollar industry.)

Of course, then Wazoo, et al. (is there an et al?) become the ones that people will bitch at about moving their problem post to the bug forum.

Edited by Jank1887

Share this post


Link to post
Share on other sites
Of course I did. Under "How can I get help? How can I report a bug? How can I suggest a feature?" it says that posting here or on Usenet is the only way.

27234[/snapback]

How about: How can I contact a SpamCop representative? There are also places where it is mentioned that contacting deputies (deputies<at>spamcop.net) is the best option. They have direct contact with Julian

but I'd like to hear that from someone who knows.

Even when things that get fixed you will not hear about it, it will simply start working. Communication is the biggest problem with spamcop and has been for more than the 2 years I have been here. This app helps the problem greatly but there are times when contact should be made from the top.

Share this post


Link to post
Share on other sites

OK, for starters .... response to last night's e-mail ...

Don't quite know what to say about this -- I can't recreate it in my version

of Opera which is fairly old. I have sent it on to Julian.

Ellen

SpamCop

Though not knowing what happened to the last upstream query or again where this will end up on Julian's to-do list, this is about all I can do for you.

"How can I get help? How can I report a bug? How can I suggest a feature?" it says that posting here or on Usenet is the only way.

The FAQ 'here' includes the link How can I contact a SpamCop representative? which actually points back to a www.spamcop.net FAQ / page entry ...

If it's indeed a timeout, which can't be increased, well, too bad, but I'd like to hear that from someone who knows.

As above, that one person has been queried.

Question about a new Forum section ... I've got PM traffic, more posts in this Topic,

postings in another section, all dealing with suggestions on this .. later remarks possible at this point.

Share this post


Link to post
Share on other sites
I just received spam from 220.164.222.17.

However, 17.222.164.220.cn.rbl.cluecentral.net resolves to 127.0.0.2, which means that it should have been blocked. The IP is not a recent addition to the RBL, I already noticed the exact same problem a few days ago.

What's this? The RBL is not always lightning fast to respond, maybe there's a timeout which is too short?

26811[/snapback]

Stock Spammer using Chinese IP 60.221.56.178

Please add this range to china block

60.220.0.0

60.223.25.255

Those logged into VER should be able to see

Share this post


Link to post
Share on other sites

Here's a whole week of "china leakers"

I have copied them to Spamcop mail support.

Here are some more China source that shouldn't have got through since I

nominally have cn.rbl.cluecentral.net selected in spamcop mail

http://www.spamcop.net/sc?id=z765006065z48...2cdcb8785878c7z

218.79.197.80 17:12 18/May/05

http://www.spamcop.net/sc?id=z765446192z21...20aca58c501b11z

219.140.28.58 21:16 19/May/05

http://www.spamcop.net/sc?id=z765446873ze4...fb829b53dc3da5z

61.186.117.147 21:19 19/May/05

http://www.spamcop.net/sc?id=z766111077z9d...2432da435ba93cz

221.10.137.15 14:57 21/May/05

http://www.spamcop.net/sc?id=z767272949ze3...7c00b9b7897699z

61.173.18.79 16:53 24/May/05

http://www.spamcop.net/sc?id=z767273813z02...8546d3e8168067z

221.201.64.214 16:56 24/May/05

http://www.spamcop.net/sc?id=z767981487z08...c12416e471e867z

222.222.143.179 16:46 26/May/05

Share this post


Link to post
Share on other sites
Here's a whole week of "china leakers"

I have copied them to Spamcop mail support.

Here are some more China source that shouldn't have got through since I

nominally have  cn.rbl.cluecentral.net selected in spamcop mail

http://www.spamcop.net/sc?id=z765006065z48...2cdcb8785878c7z

218.79.197.80  17:12 18/May/05

http://www.spamcop.net/sc?id=z765446192z21...20aca58c501b11z

219.140.28.58  21:16 19/May/05

http://www.spamcop.net/sc?id=z765446873ze4...fb829b53dc3da5z

61.186.117.147  21:19 19/May/05

http://www.spamcop.net/sc?id=z766111077z9d...2432da435ba93cz

221.10.137.15  14:57 21/May/05

http://www.spamcop.net/sc?id=z767272949ze3...7c00b9b7897699z

61.173.18.79  16:53 24/May/05

http://www.spamcop.net/sc?id=z767273813z02...8546d3e8168067z

221.201.64.214  16:56 24/May/05

http://www.spamcop.net/sc?id=z767981487z08...c12416e471e867z

222.222.143.179  16:46 26/May/05

28600[/snapback]

more Chinese leaking

58.66.103.90

Google Sightings

Range start

58.66.0.0

end

58.67.255.255

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×