Jump to content
Sign in to follow this  
Bernie

DJB & Spamcop

Recommended Posts

On a machine I use to read Dan Bernstein's dns list I finally got around to configuring exim to use bl.spamcop.net, and much to my surprise noticed that all the list traffic was blocked. The host in question is 'stoneport.math.uic.edu' -- Dan's list server -- which bears an eerie resemblance to 'ironport'!

Is there bad blood between spamcop and DJB?

Share this post


Link to post
Share on other sites
On a machine I use to read Dan Bernstein's dns list I finally got around to configuring exim to use bl.spamcop.net, and much to my surprise noticed that all the list traffic was blocked. The host in question is 'stoneport.math.uic.edu' -- Dan's list server -- which bears an eerie resemblance to 'ironport'!

Is there bad blood between spamcop and DJB?

40942[/snapback]

http://www.spamcop.net/w3m?action=checkblock&ip=stoneport.math.uic.edu

131.193.178.160 not listed in bl.spamcop.net

SpamCop is a bot and has no blood?

SpamCop is designed to find the IP of the computer sending the spam

have an example of what SpamCop reports when a email server is properly configured

http://www.spamcop.net/sc?id=z871249632zae6106dbbd2b364ca8a481fc16532d2az

The IP is that of my computer "203.134.9.119" which if listed by SpamCop would in seconds stop spam being sent from that computer and quickly releasing IP when spam stops being sent. The SCBL is the best and most accurate way of stopping spam getting to ones inbox (stopping spam as it's being sent not after)

Edited by petzl

Share this post


Link to post
Share on other sites
On a machine I use to read Dan Bernstein's dns list I finally got around to configuring exim to use bl.spamcop.net, and much to my surprise noticed that all the list traffic was blocked. The host in question is 'stoneport.math.uic.edu' -- Dan's list server -- which bears an eerie resemblance to 'ironport'!

Is there bad blood between spamcop and DJB?

40942[/snapback]

As petzl points out, the data you've provided is pretty useless for anyone on this side of the screen to try to offer up any insight. What is the IP address of the server used to send that list traffic? Have you looked at just about any of the FAQs available (especially here) for data on the BL, specifically What is on the Blocklist? Even the How to ask a question item identifies the need for an IP address when asking about a BL issue.

Share this post


Link to post
Share on other sites

131.193.178.160 appears to have 21-30 Spamtrap hits, and no other Report History.

Share this post


Link to post
Share on other sites
131.193.178.160 appears to have 21-30 Spamtrap hits, and no other Report History.

40947[/snapback]

I have snipped most, I hope, of the identifying info out of this example mail (I have others too, with same hit from bl.spamcop.net):

-=chomp=-

Return-path: <dns-return-28355-************[at]list.cr.yp.to>

Envelope-to: *************************

Delivery-date: Sat, 04 Mar 2006 15:58:12 -0500

Received: from stoneport.math.uic.edu ([131.193.178.160])

by ****************** with smtp (Exim 3.36 #1 (Debian))

id 1FFdpM-0000WL-00

for ***********************; Sat, 04 Mar 2006 15:58:12 -0500

Received: (qmail 7647 invoked by uid 1004); 4 Mar 2006 20:58:40 -0000

Mailing-List: contact dns-help[at]list.cr.yp.to; run by ezmlm

Delivered-To: mailing list dns[at]list.cr.yp.to

Received: (qmail 5767 invoked from network); 4 Mar 2006 20:57:00 -0000

Received: from 66-6-203-2.waymark.net (HELO hermes.walkereng.com) (66.6.203.2)

by stoneport.math.uic.edu with SMTP; 4 Mar 2006 20:57:00 -0000

Received: (qmail 18968 invoked by uid 1000); 4 Mar 2006 20:56:02 -0000

Date: Sat, 4 Mar 2006 14:56:02 -0600

From: *****************************

To: dns[at]list.cr.yp.to

Message-ID: <20060304205602.GA28693[at]hermes.walkereng.com>

Mail-Followup-To: dns[at]list.cr.yp.to

References: <2EA3C7B8-C5E2-46F4-905A-3533330591CE[at]mac.com>

Mime-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Disposition: inline

In-Reply-To: <2EA3C7B8-C5E2-46F4-905A-3533330591CE[at]mac.com>

User-Agent: Mutt/1.5.11

X-RBL-Warning: (bl.spamcop.net) Blocked - see http://www.spamcop.net/bl.shtml?131.193.178.160

Subject: [X-RBL] Re: adding a cname record

X-spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on

alison.legomenon.org

X-spam-Level:

X-spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO

autolearn=ham version=3.0.3

Status: RO

X-UID: 1558

Content-Length: 983

X-Keywords:

On Sat, Mar 04, 2006 at 02:21:49PM -0500, Gary Kahn wrote:

>

> I am trying to set up a cname record in tinydns and I am having some

> problems. It seemed to me that the way to do it was to use the add-

> alias scri_pt. I tried pointing a url like 'qt.mydomain.com' to

> 'another.domain.net'. The error I got was:

>

> tinydns-edit: usage: tinydns-edit data data.new add [ns|childns|host|

> alias|mx] domain a.b.c.d

DJB uses "alias" to mean an additional A record, not a CNAME. If you

want a CNAME, use a C line in the data file.

>From http://cr.yp.to/djbdns/tinydns-data.html

Cfqdn:p:ttl:timestamp:lo

CNAME (``canonical name'') record for fqdn. tinydns-data creates a

CNAME record for fqdn pointing to the domain name p.

Don't use Cfqdn if there are any other records for fqdn. Don't use

Cfqdn for common aliases; use +fqdn instead. Remember the wise

words of Inigo Montoya: ``You keep using CNAME records. I do not

think they mean what you think they mean.''

-=chomp=-

Thoughts?

Share this post


Link to post
Share on other sites
I have snipped most, I hope, of the identifying info out of this example mail (I have others too, with same hit from bl.spamcop.net):

???? IP address of the sending ISP/server was what was asked for.  Headers were more than sufficient.

Delivery-date: Sat, 04 Mar 2006 15:58:12 -0500

Date: Sat, 4 Mar 2006 14:56:02 -0600

X-RBL-Warning: (bl.spamcop.net) Blocked - see http://www.spamcop.net/bl.shtml?131.193.178.160

Subject: [X-RBL] Re: adding a cname record

Thoughts?

40982[/snapback]

That you "have" these copies kind of belies the "these were blocked" complaint ...???

That these were dated a number of days ago, but was already documented within this very Topic that the lisintg was 'gone' on the 5th .. (after the 4th showing in these headers) (akso noting that it is not currently listed] would then have to suggest that a configuration error on your server is at the heart of the matter.

Share this post


Link to post
Share on other sites
That you "have" these copies kind of belies the "these were blocked" complaint ...???

I am going to let this whole thing drop. That I have copies "belies" only that you don't know what you're talking about. Is exim the only MTA that provides for a 'warn' condition in its dnsbl configuration?

You little scamps, Wazoo and Pretzel or whatever his name is, are nothing more than irritating pedants. The idea is to be helpful, not parade the little you know under the banner of rtfm.

Share this post


Link to post
Share on other sites
The idea is to be helpful, not parade the little you know under the banner of rtfm.

41050[/snapback]

So you are saying you do not want to rtfm?

Share this post


Link to post
Share on other sites

If you have a specific question about a section of the FAQ that confuses you, please identify/post that section here with your question and we will attempt to help you understand. If you haven't looked at a FAQ yet, please see the information provided at What is SpamCop?

Share this post


Link to post
Share on other sites
If you have a specific question about a section of the FAQ that confuses you, please identify/post that section here with your question and we will attempt to help you understand.  If you haven't looked at a FAQ yet, please see the information provided at What is SpamCop?

41066[/snapback]

I know I said I would drop this thing, but Lord knows there are times when I can't help myself!

The SC FAQs have always been very good Jeff. That's not the problem. The problem is, as Swift observed, that in a world largely composed of fools, mediocrity has the advantage over genius. And by fools I do not mean you. You and I have dealt with a large number of SC problems and beta issues over the years -- and very successfully I might add -- but not on these forums, where I use 'bernie' as a pseudonym. And by 'genius,' I do not mean me. But I refuse to be hectored by some impertinent adolescent with a field marshall complex who doesn't understand how I could have the full raw source of an email in my possession after my MTA has flagged it 'blocked' using scbl!

Part of the problem I suspect is that no one grasped the significance of the fact that it was Dan Bernstein's server that was so flagged, perhaps because your volunteers haven't yet figured out who Dan is. He is of course one of the best friends SpamCop has, certainly one of the most influential.

Here's what I suggest would have been a more optimal response to my first inquiry at the beginning of this thread:

--snip--

Dear Bernie,

Whatever problems might have existed recently with that server don't seem to have persisted, since it is not currently listed by scbl. Yes, I agree with you that it certainly is surprising to see, of all people, DJB's list host show up on scbl. Anyway, welcome to the forum!!!

Best regards,

Joey Doughnut -- SC Forum Volunteer

-snip-

There now kids, was that so hard? (Actually, between two of you, and Jeff, you came pretty close to that, but notice that 'Read the FAQs! Not enough information! Too much information! You must be lying! were not needed in the above suggested reply...)

HAND

Share this post


Link to post
Share on other sites
The SC FAQs have always been very good Jeff. That's not the problem.

That's an intereting remark, based on the history of the FAQ being complained about for years. (Just a small note, you are quoting Jeff G. ... there are a few other "Jeff" identities floating about.)

The problem is, as Swift observed, that in a world largely composed of fools, mediocrity has the advantage over genius. And by fools I do not mean you. You and I have dealt with a large number of SC problems and beta issues over the years -- and very successfully I might add --  but not on these forums, where I use 'bernie' as a pseudonym. And by 'genius,' I do not mean me. But I refuse to be hectored by some impertinent adolescent with a field marshall complex who doesn't understand how I could have the full raw source of an email in my possession after my MTA has flagged it 'blocked' using scbl!

From this "impertinent adolescent with a field marshall complex" here's my significant view on your "situation" ....

I finally got around to configuring exim to use bl.spamcop.net, and much to my surprise noticed that all the list traffic was blocked.

40942[/snapback]

Gee, I read that as someone coming into the BL Forum section and describing the scenario of "e-mail is being blocked" ..... "blocked" in most cases has been normally defined as ... well ... "blocked" ....

So gee whiz, some folks then try to conjure up a reason why your e-mail / list traffic is being "blocked" .. having to guess a bit, as the actual data needed wasn't also provided in this first post.

Part of the problem I suspect is that no one grasped the significance of the fact that it was Dan Bernstein's server that was so flagged, perhaps because your volunteers haven't yet figured out who Dan is. He is of course one of the best friends SpamCop has, certainly one of the most influential.

Whatever ... the normal 'flow' in this forum section is dealing with IP addresses, not Domains, names, and characterizations ...

I am going to let this whole thing drop. That I have copies "belies" only that you don't know what you're talking about. Is exim the only MTA that provides for a 'warn' condition in its dnsbl configuration?

41050[/snapback]

The normal description that you are later describing is "Tagged" which would have made it clear that this e-mail wasn't actually blocked in your case, and that you in fact could provide the data (though once again, it was only the header that was needed.)

So, as per the FQs and pointers, had you started out with the IP address in question rather than the silly crap like 'stoneport' sounds like 'ironport' .... this whole thing would have been taken down a totally different path.

Share this post


Link to post
Share on other sites
--snip--

Dear Bernie,

Whatever problems might have existed recently with that server don't seem to have persisted, since it is not currently listed by scbl. Yes, I agree with you that it certainly is surprising to see, of all people, DJB's list host show up on scbl. Anyway, welcome to the forum!!!

Best regards,

Joey Doughnut  -- SC Forum Volunteer

-snip-

41071[/snapback]

No, I don't know who DJB is, but if he is a friend of spamcop, then it is surprising that his list is on the bl, but mistakes happen.

All the requests for information were to help you discover why the list was on the scbl. Apparently you were not interested in why. Maybe because you assumed that it was just a mistake? No, because you thought there was bad blood.

However, petzl gave you the best answer - spamcop is a software program and is entirely automatic so there is no possibility of 'bad blood' Did you want more of an answer?

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×