Jump to content
Sign in to follow this  
igb

White listing doesn't seem to work

Recommended Posts

I seem to be having a problem with the white list. My understaanding is that emails are checked against the whitelist first before any other action.

In my whitelist I have:

SueH[at]clanwest.demon.co.uk

[at]rbi.co.uk

yet emails with these From addresses regularly end up in my Held Mail folder, despite having From: headers matching these filters. Here are a couple of example headers:

Message-ID: <0FC9E8F97015D211BC9000A0C9B5D7DE1FED0F[at]NWEST>

From: Sue Harrison <SueH[at]clanwest.demon.co.uk>

To: Sue Harrison <SueH[at]clanwest.demon.co.uk>

Subject: FW: Grazing Livestock Paper

Date: Tue, 16 Mar 2004 16:12:42 -0000

From: <FWI.NewsLetter[at]rbi.co.uk>

To: <ibarton[at]thecottage.org>

Subject: Farmers Weekly Interactive - Newsletter

Date: Fri, 12 Mar 2004 18:16:20 -0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

Message-ID: <CISLIVECN04oa2JB1nd00026669[at]cislivecn04.qhs.cis.live>

X-OriginalArrivalTime: 12 Mar 2004 18:16:20.0890 (UTC) FILETIME=[1EBD7FA0:01C4085E]

X-SpamCop-Checked: 192.168.1.101 212.69.217.30 212.69.195.23

X-SpamCop-Disposition: Blocked bl.spamcop.net

X-spam-Status: No, hits=2.7 required=5.0

tests=ACT_NOW_CAPS,CLICK_BELOW,EXCUSE_1,NO_REAL_NAME,OFFER

version=2.55

X-spam-Level: **

Why is this happening?

Thanks in advance.

Ian.

Share this post


Link to post
Share on other sites

I'm just going to toss out a guess or two .. the first one is sent internal to your ISP, so the headers are "incomplete" ... I know the parsing tool won't touch it, perhaps there's some of the same "logic" in the filtering sequence??

The second, it seems to me that I've seen others state that where you have the "[at]" .. you would normally use the "*" (asterisk)

Share this post


Link to post
Share on other sites

All of my whitelists work using only the server portion (rbi.co.uk) without the [at] sign.

I am not sure if the * works or not.

Share this post


Link to post
Share on other sites

OK, thinking maybe I've spent too much time over in the Microsoft newsgroups today, trying to play some catch-up over there ... apologies for the 'probably' bad suggestion, especially if it doesn't work here <g>

Share this post


Link to post
Share on other sites
I seem to be having a problem with the white list. My understaanding is that emails are checked against the whitelist first before any other action.

In my whitelist I have:

SueH[at]clanwest.demon.co.uk

[at]rbi.co.uk

you don't want any [at]'s in your whitelist, they are implicit in the way it works.

See the FAQ: (start at http://www.spamcop.net/fom-serve/cache/289.html and looks for whitelist, it is down at the moment)

Share this post


Link to post
Share on other sites

Thanks, I have removed the "[at]" from whitelist entries. However, that still doesn't explain why the email with the From: header:

SueH[at]clanwest.demon.co.uk

ended up in my Held Folder. I have specified that address in full in my white list. Here are the full headers of that email:

Return-Path: &lt;&gt;
Received: from banter.local ([unix socket])
	by banter (Cyrus v2.1.15) with LMTP; Wed, 18 Feb 2004 20:09:54 +0000
X-Sieve: CMU Sieve 2.2
Received: by banter.local (Postfix, from userid 96)
	id 8EE7B251A3; Wed, 18 Feb 2004 20:09:54 +0000 (GMT)
Received: from anne (anne.local [192.168.0.10])
	by banter.local (Postfix) with ESMTP id 52E6E249B8
	for &lt;ian&gt;; Wed, 18 Feb 2004 20:09:20 +0000 (GMT)
Received: from pop.spamcop.net (UIDL=8:UID494-1073820685) by anne (VPOP3) with POP3; Wed, 18 Feb 2004 19:00:43 -0000
Delivered-To: spamcop-net-ibarton[at]spamcop.net
Received: (qmail 1665 invoked from network); 18 Feb 2004 17:26:44 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)by blade4.cesmail.net with SMTP; 18 Feb 2004 17:26:44 -0000
Received: (qmail 5111 invoked from network); 18 Feb 2004 17:26:44 -0000
Received: from smtp-relay01.x-mailer.co.uk (212.69.217.30)by mailgate.cesmail.net with SMTP; 18 Feb 2004 17:26:43 -0000
Received: from [212.69.195.23] (helo=ianba-24644-001.dsvr.co.uk)by smtp-relay01.x-mailer.co.uk with esmtp (Exim 4.30)id 1AtVT9-0006yb-BQfor ibarton[at]spamcop.net; Wed, 18 Feb 2004 17:26:43 +0000
Received: from anchor-post-33.mail.demon.net (anchor-post-33.mail.demon.net [194.217.242.91])by ianba-24644-001.dsvr.co.uk (8.11.7/8.11.7) with ESMTP id i1IHQhG12446for &lt;ibarton[at]thecottage.org&gt;; Wed, 18 Feb 2004 17:26:43 GMT
Received: from clanwest.demon.co.uk ([212.228.141.235] helo=nwest.clanwest.demon.co.uk)by anchor-post-33.mail.demon.net with esmtp (Exim 3.35 #1)id 1AtVSw-000OSA-0X; Wed, 18 Feb 2004 17:26:31 +0000
Received: by NWEST with Internet Mail Service (5.5.2448.0)id &lt;FF2ZKZT0&gt;; Wed, 18 Feb 2004 17:17:09 -0000
Message-ID: &lt;0FC9E8F97015D211BC9000A0C9B5D7DE1FEC4A[at]NWEST&gt;
From: Sue Harrison &lt;SueH[at]clanwest.demon.co.uk&gt;
To: Sue Harrison &lt;SueH[at]clanwest.demon.co.uk&gt;
Subject: FW: Countryside Agency Restrictions and Exclusions
Date: Wed, 18 Feb 2004 17:17:05 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain;charset="windows-1252"
X-SpamCop-Checked: 192.168.1.101 212.69.217.30 212.69.195.23 194.217.242.91 212.228.141.235
X-spam-Status: No, hits=0.0 required=5.0
	tests=none
	version=2.55
X-spam-Level: 
X-spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

It does have a From: header that exactly matches my whitelist. This is only one of many examples where emails with exact matches in a From: address and my white list are ending up in my Held Mail folder.

At the moment this is making SpamCop almost useless for me, as Ihave to check every spam mail for things that got missed from my white list.

Ian.

Share this post


Link to post
Share on other sites

That Email has been through my local system, so has collected a few extra headers.

Ian.

Edited by igb

Share this post


Link to post
Share on other sites

I'd still say that those headers are "too short" ... how about an example that isn't from SueH to SueH, specifically, looking for e-mail that started somewhere else with SueH as the end recipient? This would / should allow the filtering process to work on a full header set, rather than the internal e-mail handling of the provided sample.

Share this post


Link to post
Share on other sites

I also do not see the reason it was held in the first place. Specifically, I am looking for the X-SpamCop-Disposition: Blocked bl.spamcop.net line.

Happy St. Patrick's Day

Share this post


Link to post
Share on other sites
I'd still say that those headers are "too short" ... how about an example that isn't from SueH to SueH, specifically, looking for

OK, here is another one that was blocked. I have Jean[at]JVWhite.freeserve.co.uk in my white list.

Return-Path: &lt;Jean[at]JVWhite.freeserve.co.uk&gt;
Delivered-To: spamcop-net-ibarton[at]spamcop.net
Received: (qmail 19612 invoked from network); 15 Mar 2004 21:00:36 -0000
Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)
  by blade4.cesmail.net with SMTP; 15 Mar 2004 21:00:36 -0000
Received: (qmail 5779 invoked from network); 15 Mar 2004 21:00:35 -0000
Received: from smtp-relay03.x-mailer.co.uk (212.69.217.32)
  by mailgate.cesmail.net with SMTP; 15 Mar 2004 21:00:35 -0000
Received: from [212.69.195.23] (helo=ianba-24644-001.dsvr.co.uk)
	by smtp-relay03.x-mailer.co.uk with esmtp (Exim 4.30)
	id 1B2zCL-0006lM-Vn
	for ibarton[at]spamcop.net; Mon, 15 Mar 2004 21:00:34 +0000
Received: from cmailg2.svr.pol.co.uk (cmailg2.svr.pol.co.uk [195.92.195.172])
	by ianba-24644-001.dsvr.co.uk (8.11.7/8.11.7) with ESMTP id i2FL0Xt11124
	for &lt;ibarton[at]thecottage.org&gt;; Mon, 15 Mar 2004 21:00:33 GMT
Received: from modem-3410.elk.dialup.pol.co.uk ([81.76.173.82] helo=chalky)
	by cmailg2.svr.pol.co.uk with smtp (Exim 4.14)
	id 1B2zCC-0002zj-4F; Mon, 15 Mar 2004 21:00:24 +0000
Message-ID: &lt;001901c40ad1$dd02b000$52ad4c51[at]chalky&gt;
From: "Jean White" &lt;Jean[at]JVWhite.freeserve.co.uk&gt;
To: "ibarton" &lt;ibarton[at]thecottage.org&gt;,
   "Allan Richardson" &lt;cllr.allan.richardson[at]crewe-nantwich.gov.uk&gt;,
   "Bailey Rachel \(RBT\) Mid Cheshire Tr" &lt;Rachel.Bailey[at]mcht.nhs.uk&gt;,
   &lt;Carolyndaw[at]aol.com&gt;, "gary fowles" &lt;gary.fowles[at]cheshire.pnn.police.uk&gt;,
   "Louise Musa" &lt;louise.musa[at]crewe-nantwich.gov.uk&gt;,
   "Margaret Hollins" &lt;cllr.margaret.hollins[at]crewe-nantwich.gov.uk&gt;,
   "web site" &lt;DcWedweb[at]aol.com&gt;
Subject: DODCOTT-CUM-WILKESLEY PARISH COUNCIL
Date: Mon, 15 Mar 2004 17:39:57 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0007_01C40AB4.889D0780"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
Disposition-Notification-To: "Jean White" &lt;Jean[at]JVWhite.freeserve.co.uk&gt;
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4
X-spam-Level: **
X-spam-Status: hits=2.7 tests=ALL_CAP_PORN,DATE_IN_PAST_03_06,HTML_30_40,
	HTML_MESSAGE,LINES_OF_YELLING,SUBJ_ALL_CAPS version=2.63
X-SpamCop-Checked: 192.168.1.101 212.69.217.32 212.69.195.23 
X-SpamCop-Disposition: Blocked bl.spamcop.net

Share this post


Link to post
Share on other sites

Here are two more:

Content-Transfer-Encoding:    7bit
Content-Type: 	 text/plain; charset="iso-8859-1"
Date: 	 Thu, 18 Mar 2004 10:31:33 -0000 [18 Mar 2004 10:31:33 GMT]
Delivered-To: 	 spamcop-net-ibarton[at]spamcop.net
Disposition-Notification-To: 	 "Jean White" &lt;Jean[at]JVWhite.freeserve.co.uk&gt;
From: 	 Jean White &lt;Jean[at]JVWhite.freeserve.co.uk&gt; 
MIME-Version: 	 1.0
Message-ID: 	 &lt;002b01c40cd7$26f970c0$e6374e51[at]chalky&gt;
Received: 	 

    * (qmail 21743 invoked from network); 18 Mar 2004 10:46:09 -0000
    * from unknown (HELO blade3.cesmail.net) (192.168.1.213) by blade4.cesmail.net with SMTP; 18 Mar 2004 10:46:09 -0000
    * (qmail 18663 invoked from network); 18 Mar 2004 10:46:08 -0000
    * from smtp-relay02.x-mailer.co.uk (212.69.217.31) by blade3.cesmail.net with SMTP; 18 Mar 2004 10:46:08 -0000
    * from [212.69.195.23] (helo=ianba-24644-001.dsvr.co.uk) by smtp-relay02.x-mailer.co.uk with esmtp (Exim 4.30) id 1B3uzK-0004zO-59 for ibarton[at]spamcop.net; Thu, 18 Mar 2004 10:42:58 +0000
    * from cmailm4.svr.pol.co.uk (cmailm4.svr.pol.co.uk [195.92.193.211]) by ianba-24644-001.dsvr.co.uk (8.11.7/8.11.7) with ESMTP id i2IAgvA12575 for &lt;ibarton[at]thecottage.org&gt;; Thu, 18 Mar 2004 10:42:57 GMT
    * from modem-4040.baboon.dialup.pol.co.uk ([81.78.31.200] helo=chalky) by cmailm4.svr.pol.co.uk with smtp (Exim 4.14) id 1B3uzI-0007a7-Nw for ibarton[at]thecottage.org; Thu, 18 Mar 2004 10:42:57 +0000

References: 	 &lt;4056B2B9.2090907[at]thecottage.org&gt;
Return-Path: 	 &lt;Jean[at]JVWhite.freeserve.co.uk&gt;
Subject: 	 Re: Parish Council Minutes
To: 	 ibarton[at]thecottage.org
X-MSMail-Priority: 	 Normal
X-Mailer: 	 Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: 	 Produced By Microsoft MimeOLE V5.00.2919.6600
X-Priority: 	 3
X-spam-Checker-Version: 	 SpamAssassin 2.63 (2004-01-11) on blade4
X-spam-Level: 	 
X-spam-Status: 	 hits=0.0 tests=none version=2.63
X-SpamCop-Checked: 	 192.168.1.213 212.69.217.31 212.69.195.23
X-SpamCop-Disposition: 	 Blocked bl.spamcop.net

Date:    Thu, 18 Mar 2004 19:02:31 GMT [18 Mar 2004 19:02:31 GMT]
Delivered-To: 	 spamcop-net-ibarton[at]spamcop.net
From: 	 John &lt;John[at]Thecottage.org&gt;
Message-Id: 	 &lt;200403181902.i2IJ2VL24154[at]www0.mh.bbc.co.uk&gt;
Received: 	 

    * (qmail 9252 invoked from network); 18 Mar 2004 19:02:33 -0000
    * from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by blade4.cesmail.net with SMTP; 18 Mar 2004 19:02:33 -0000
    * (qmail 23184 invoked from network); 18 Mar 2004 19:02:32 -0000
    * from smtp-relay02.x-mailer.co.uk (212.69.217.31) by mailgate.cesmail.net with SMTP; 18 Mar 2004 19:02:32 -0000
    * from [212.69.195.23] (helo=ianba-24644-001.dsvr.co.uk) by smtp-relay02.x-mailer.co.uk with esmtp (Exim 4.30) id 1B42mm-0006iC-6M for ibarton[at]spamcop.net; Thu, 18 Mar 2004 19:02:32 +0000
    * from mailgw2.mh.bbc.co.uk (mailgw2.mh.bbc.co.uk [132.185.144.142]) by ianba-24644-001.dsvr.co.uk (8.11.7/8.11.7) with ESMTP id i2IJ2VT21863 for &lt;ian[at]Thecottage.org&gt;; Thu, 18 Mar 2004 19:02:31 GMT
    * from www0.mh.bbc.co.uk (www0-mgt.mh.bbc.co.uk [192.168.232.30]) by mailgw2.mh.bbc.co.uk (8.12.11/8.12.11) with ESMTP id i2IJ2Vbe017486 for &lt;ian[at]Thecottage.org&gt;; Thu, 18 Mar 2004 19:02:31 GMT
    * (from nobody[at]localhost) by www0.mh.bbc.co.uk (8.11.6+Sun/8.11.6) id i2IJ2VL24154; Thu, 18 Mar 2004 19:02:31 GMT

Return-Path: 	 &lt;cbeebies[at]bbc.co.uk&gt;
Subject: 	 [BBC] CBeebies Postcards
To: 	 Daddy &lt;ian[at]Thecottage.org&gt;
X-Authentication-Warning: 	 www0.mh.bbc.co.uk: nobody set sender to cbeebies[at]bbc.co.uk using -f
X-Disclaimer: 	 This e-postcard is intended for the use of the addressee only. The BBC accepts no responsibility for the content of this e-postcard or unauthorised changes made at any time. If you are not the intended recipient, please notify us immediately at BBC Webmasters &lt;mailto:webweaver[at]bbc.co.uk&gt;.
X-HTTP-UserAgent: 	 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
X-Maybe-Originating-IP-Address: 	 195.92.168.175 :- 192.168.0.5, 217.135.20.36
X-spam-Checker-Version: 	 SpamAssassin 2.63 (2004-01-11) on blade4
X-spam-Level: 	 
X-spam-Status: 	 hits=0.0 tests=none version=2.63
X-SpamCop-Checked: 	 192.168.1.101 212.69.217.31 212.69.195.23
X-SpamCop-Disposition: 	 Blocked bl.spamcop.net

Both these are on my white list. It looks as though SpamCop is ignoring the white list and deciding to block the message because it's in one of its blocking lists.

I am afraid that this makes SpamCop useless for me. I ned an absolute guarantee that all mail on my white list gets delivered no matter how Spammy SpamCop thinks it is.

Ian.

Headers: 	 Show Limited Headers

Share this post


Link to post
Share on other sites

I know that whitelists works as expected for me so I can only suggested that there is some kind of glitch in SC at the moment, or that there is some strange character at the end of the line in your config - like a hidden character for eg. ? I can't see anything wrong as long as your whitelist is really as you say.

Share this post


Link to post
Share on other sites

Thanks, I have re-checked my white list and it seems correct. Is there a way to import/export it? I would like to try exporting it to check for any unusual characters.

Ian.

Share this post


Link to post
Share on other sites

dropped a note to JT asking for him to take look at your situation .. best I can offer.

Share this post


Link to post
Share on other sites

as a debug, try adding

freeserve.co.uk

JVWhite.freeserve.co.uk

and even

co.uk

to your whitelist and see if that makes any difference, ie. if you can get any of them to let the email through.

Share this post


Link to post
Share on other sites

How exactly did you whitelist these entries?

The reason I ask is that, internally, all whitelist entries are stored in lower-case. Then, addresses in email are converted to lower-case before they are compared to the whitelist. Actually, to make the database faster, we compare hashes which is why you have to do the conversion.

In your whitelist, though, several addresses have mixed case. They're stored wrong and will never match.

To fix your problem, then, go into your whitelist, delete the entries with mixed case, and re-enter the addresses. You should be able to enter them however you want. When they come back, they'll be lower-case.

If you can tell me how the addresses got into the whitelist in the first place (manual entry, VER, using the Whitelist link in webmail) then I'll go figure out why it isn't doing the case conversion.

JT

Share this post


Link to post
Share on other sites

Thanks for the reply. Some entries were cut and pasted from Emails. However, some were definitely added using the white list link in the Web mail client.

It's probably worth putting something about entries needing to be in lower case on the page where you enter data into the whitelist, een though the data is suppposed to be automatically lower cased.

I'll go and modify my entries now.

Ian.

Share this post


Link to post
Share on other sites

I also found 2 entries which had mixed case, both of which were entered using the Whitelist and Forward link.

I normally go through my list monthly and replace MOST individual accounts with the server name so as to not block other accounts from known vendors.

Share this post


Link to post
Share on other sites

Similar problem - legitimate email is now being trapped in Held Mail. Changes in the spam filter number don't seem to make a difference. I also have tried Release and Whitelist but new additions aren't making it on the saved whitelist. I'm starting to miss some important messages (and meetings).

Share this post


Link to post
Share on other sites
Similar problem - legitimate email is now being trapped in Held Mail.  Changes in the spam filter number don't seem to make a difference.  I also have tried Release and Whitelist but new additions aren't making it on the saved whitelist.  I'm starting to miss some important messages (and meetings).

For each legit email that should have gotten through, look at the header lines, specifically the X-Spamcop-* header lines. The X-SpamCop-Disposition header line should tell you why the email was blocked (which blocking list was used), and the last IP Address in the X-SpamCop-Checked header line should be the one that was listed at the time of receipt. If there are no X-Spamcop-* header lines, the last IP Address was never listed, or the lowercase version of the From or Return-Path header line address is on your whitelist, please Reply here or email "support at spamcop.net" with details. Thanks!

Share this post


Link to post
Share on other sites
Similar problem - legitimate email is now being trapped in Held Mail.  Changes in the spam filter number don't seem to make a difference.  I also have tried Release and Whitelist but new additions aren't making it on the saved whitelist.  I'm starting to miss some important messages (and meetings).

Take a look here: http://www.spamcop.net/fom-serve/cache/336.html to figure out why messages are blocked.

JT

Share this post


Link to post
Share on other sites

Thanks for your suggestions. I checked several of the legitimate, but held, emails. It looks like X-SpamCop-Checked is picking up my ISP. I use Telewest Blueyonder (www.blueyonder.co.uk) and the listed IP is:

195.188.53.215

this is one of the largest ISPs in the UK. I added this IP address to my whitelist. Is that the right approach or could you suggest something else?

Share this post


Link to post
Share on other sites
Thanks for your suggestions.  I checked several of the legitimate, but held, emails.  It looks like X-SpamCop-Checked is picking up my ISP.  I use Telewest Blueyonder (www.blueyonder.co.uk) and the listed IP is:

195.188.53.215

this is one of the largest ISPs in the UK.  I added this IP address to my whitelist.  Is that the right approach or could you suggest something else?

No, that won't fix it. Please ask Telewest Blueyonder why they are not taking action on the approximately 460 SpamCop reports they received at abuse[at]blueyonder.co.uk for 195.188.53.215, and why it has no RDNS configured at ns.blueyonder.co.uk.

For details, please see http://www.spamcop.net/w3m?action=checkblo...=195.188.53.215

Thanks!

Edited by JeffG

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×