Jump to content

[Resolved] GreyListing is bypassed for CBL listed IP's?


Recommended Posts

Starting to annoy me seems that CBL listed IP's are whitelisted by SpamCop Email

It does get sent to my "Held" (VER) Folder but a few hundred a day is a more than a bit much. Should be seeing Greylisting offer a challenge (it's not)

http://webmail.spamcop.net/horde/imp/spamc...ist_pending.php

it doesn't

Tried turning Greylisting off no difference. Put it back on again

Needs checking something is set-up annoyingly wrong

Link to comment
Share on other sites

Thanks for reporting this.

I'm seeing the same thing but wasn't sure what the issue is. About 95% of spam sent to me used to be stopped with greylisting, first pending then rejected. Now about 95% of the spam is getting through greylisting to my Held folder, a dramatic difference.

Link to comment
Share on other sites

Thanks for reporting this.

I'm seeing the same thing but wasn't sure what the issue is. About 95% of spam sent to me used to be stopped with greylisting, first pending then rejected. Now about 95% of the spam is getting through greylisting to my Held folder, a dramatic difference.

I've sent in a "problem" report on the 26th last month. No action?

I've turned off all blacklist filters presently seems my "blacklist" (Block Russian) on it's own is catching most. I use mailwasher as SpamCops blacklist filters are failing. Now the greylist is stopping only legitimate email making SpamCop Email near useless.

The Brazil and China blocks have not worked for years

CBL is not working either tried that on it's own and XBL (although unchecked) kept holding/catching spam?

Link to comment
Share on other sites

I've sent in a "problem" report on the 26th last month. No action?

Petzl, would you make another report of this problem to Spamcop Support and reference my Case 51534? Maybe with both of us reporting the same problem we can get this fixed. Thanks.
Link to comment
Share on other sites

Petzl, would you make another report of this problem to Spamcop Support and reference my Case 51534? Maybe with both of us reporting the same problem we can get this fixed. Thanks.

OK done

Link to comment
Share on other sites

Am I the only one having problems right now with GreyListing?

For the past few weeks it's been like GreyListing is turned off for me. My usual 240 spams per day are all going to my Held Folder and not being rejected by the GreyList. The Pending Entries in my GreyList consistently shows 3-4 entries (that's messages not pages).

So how do 240 spams get through the GreyList and to my Held Folder when only 4 are pending at any time? Before this broke I had many pages worth of Pending Entries. And the Rejected Entries are also a small fraction of what they used to be.

Any ideas?

Link to comment
Share on other sites

Any response to that problem report?

Yes, two replies from SC Support:

8/5/13: #1

"All the inbounds run/honor greylisting. It is possible (but very depressing) that spammers may be evading greylisting by retrying after 40 min or so. They don't even have to care whether the first send got a 4.x.x, just resend after an interval. If the first spam was accepted then the user now gets two of them. It's not like they have a shortage of compromised machines and lots of those machines are connected via broadband so they are not going to saturate any pipes

I'll ask Jeff to take a look at the greylisting code on the inbounds in any case."

8/5/13: #2

"It makes no sense for anyone to whitelist IPs in the CBL - that's a list of IPs that are sending spam. Why would we do that?"

8/8/13 I inquired if there had been any progress but no reply to date.

Don

Link to comment
Share on other sites

Yes, two replies from SC Support:

8/5/13: #1
"All the inbounds run/honor greylisting. It is possible (but very depressing) that spammers may be evading greylisting by retrying after 40 min or so. They don't even have to care whether the first send got a 4.x.x, just resend after an interval. If the first spam was accepted then the user now gets two of them. It's not like they have a shortage of compromised machines and lots of those machines are connected via broadband so they are not going to saturate any pipes 
I'll ask Jeff to take a look at the greylisting code on the inbounds in any case."

These are instantly bypassing Greylisting not being challenged at all, not even once?

Easy for SC Email users to check

http://webmail.spamcop.net/horde/imp/spamc...ist_pending.php

8/5/13: #2
"It makes no sense for anyone to whitelist IPs in the CBL - that's a list of IPs that are sending spam. Why would we do that?"

It has happened to blocklist settings before not deliberately. Not by SC email but it can be done accidentally.

Googling I found STARTTLS will bypass Greylisting if set in Milter (it is by default in some email servers particularly after "update")

8/8/13 I inquired if there had been any progress but no reply to date.
Don

Thanks Don all we can is wait and hope

Link to comment
Share on other sites

  • 2 weeks later...

...Please see SpamCop Forum article "greylisting."

THANKS

Mystically since yesterday (27th Aug,13) the main offending BOTNET seems to of ceased

Right now can't get logged into VER

"Cannot log into IMAP mailserver"

seems a server update is happening

Link to comment
Share on other sites

...Perhaps another symptom of whatever problem is causing what is reported in SpamCop Forum topic "Unable to report?"

Before when I were getting 1000's of these Botnet spams it was easy to see that absolutely no challenge was being made by going here (must have a SC email)

http://webmail.spamcop.net/horde/imp/spamc...ist_pending.php

You empty the help file look go back and 10 more would arrive missing Greylisting check

Not rocket science to know somethings wrong

Still getting some Botnet spam until I get VER back can wait

I don't think this has anything to "Unable to report" issues

I'm trying to get rid of Malware on my own computer

Seems to be "yieldmanager" no malware detects problem just get Popup in VER?

Some Malware scans take 3 hours and nothing

FireFox In the URL box, I type in about:config and then click on "I'll be careful, I promise" and try looking in there via Keywords nothing but it's there somewhere

Time to buy another Computer I think

Anyhow Greylisting is catching most spam looked at

"Your Greylist - Rejected Entries"

http://webmail.spamcop.net/horde/imp/spamc...ist_blocked.php

And 1000's of them so somethings "fixed"

Link to comment
Share on other sites

...Perhaps another symptom of whatever problem is causing what is reported in SpamCop Forum topic "Unable to report?"
<snip>

You empty the help file look go back and 10 more would arrive missing Greylisting check

Not rocket science to know somethings wrong

Still getting some Botnet spam until I get VER back can wait

I don't think this has anything to "Unable to report" issues

<snip>

...Perhaps I was unclear: my post was not at all to deny your point about greylisting, it was solely in reply to your:
<snip>

Right now can't get logged into VER

"Cannot log into IMAP mailserver"

seems a server update is happening

Link to comment
Share on other sites

<snip>

You empty the help file look go back and 10 more would arrive missing Greylisting check

Not rocket science to know somethings wrong

Still getting some Botnet spam until I get VER back can wait

I don't think this has anything to "Unable to report" issues

<snip>...Perhaps I was unclear: my post was not at all to deny your point about greylisting, it was solely in reply to your:

Anyhow mark as resolved

Greylisting is catching most spam looked at

"Your Greylist - Rejected Entries"

http://webmail.spamcop.net/horde/imp/spamc...ist_blocked.php

And 1000's of them so somethings "fixed"

Link to comment
Share on other sites

Marking this as Resolved seems premature when there's still an open inquiry in the "greylisting" thread http://forum.spamcop.net/forums/index.php?showtopic=13481

I followed the directions in that thread and supplied a folder with spams that seemed to be bypassing the greylist, and assume petzl did the same. I'd like to see a reply from email support before saying this is Resolved.

There has been a decrease in spam since yesterday, but looking at my Held and Pending folders it still appears that 90% of the spam is bypassing the greylist.

And if it's resolved, what exactly was fixed?

Don

Link to comment
Share on other sites

Marking this as Resolved seems premature

<snip>

...Maybe so but petzl initiated this Topic and he requested that it be so marked 85656[/snapback], so I complied. Such marking is not to be interpreted to mean that something reported in a different SpamCop Forum Topic, even if the same subject, is resolved.
Link to comment
Share on other sites

Am I the only one having problems right now with GreyListing?

You know you aren't - any reason this should not be merged with http://forum.spamcop.net/forums/index.php?showtopic=13413 where you have already commented?

Marking this as Resolved seems premature

...Maybe so but petzl initiated this Topic and he requested that it be so marked 85656[/snapback], so I complied. Such marking is not to be interpreted to mean that something reported in a different SpamCop Forum Topic, even if the same subject, is resolved.

Really?

I reported this problem in another thread (Aug 9th) and that thread was promptly merged into this thread which you have now marked as resolved.

So I certainly do interpret your action as attempting to resolve something which I initiated and which is still unresolved.

Link to comment
Share on other sites

You know you aren't - any reason this should not be merged with http://forum.spamcop.net/forums/index.php?showtopic=13413 where you have already commented?

...Maybe so but petzl initiated this Topic and he requested that it be so marked 85656[/snapback], so I complied. Such marking is not to be interpreted to mean that something reported in a different SpamCop Forum Topic, even if the same subject, is resolved.Really?

I reported this problem in another thread (Aug 9th) and that thread was promptly merged into this thread which you have now marked as resolved.

So I certainly do interpret your action as attempting to resolve something which I initiated and which is still unresolved.

I don't know what was fixed but Greylisting is now working FOR ME

In 72 hours My blocked by Greylist has gone from 2 entries to 15 pages of them?

http://webmail.spamcop.net/horde/imp/spamc...ist_blocked.php

Link to comment
Share on other sites

I don't know what was fixed but Greylisting is now working FOR ME

In 72 hours My blocked by Greylist has gone from 2 entries to 15 pages of them?

http://webmail.spamcop.net/horde/imp/spamc...ist_blocked.php

I wish I could report that same improvement.

There has been no change in my greylist Pending and Rejected lists. Still 3 entries (emails, not pages) are always Pending, and Rejected still 3 pages.

A month ago before this issue came up, I consistently had 3 pages of Pending and 14 pages of Rejected.

spam has decreased in the past 24 hours but now running about 5 per hour into my Held folder. Previously none would make it to the Held folder.

Link to comment
Share on other sites

I wish I could report that same improvement.

There has been no change in my greylist Pending and Rejected lists. Still 3 entries (emails, not pages) are always Pending, and Rejected still 3 pages.

A month ago before this issue came up, I consistently had 3 pages of Pending and 14 pages of Rejected.

spam has decreased in the past 24 hours but now running about 5 per hour into my Held folder. Previously none would make it to the Held folder.

Might be your email is going through a different Gateway than mine I have only had 1 non-email server spam get through Greylisting

http://www.spamcop.net/sc?id=z5555675346z1...b16923cfbaed0cz

Which can happen if the spam with same email address is re-sent 50(?) minutes

I check to see if it is from a email server or not

HERE

http://mxtoolbox.com/diagnostic.aspx

Link to comment
Share on other sites

Am I the only one having problems right now with GreyListing?
You know you aren't - any reason this should not be merged with http://forum.spamcop.net/forums/index.php?showtopic=13413 where you have already commented?

...Maybe so but petzl initiated this Topic and he requested that it be so marked 85656[/snapback], so I complied. Such marking is not to be interpreted to mean that something reported in a different SpamCop Forum Topic, even if the same subject, is resolved.
Really?

I reported this problem in another thread (Aug 9th) and that thread was promptly merged into this thread which you have now marked as resolved.

So I certainly do interpret your action as attempting to resolve something which I initiated and which is still unresolved.

...*GASP* Perfectly correct -- and thus I have removed the "Resolved" designation.
Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...