Jump to content


Forum Admin
  • Posts

  • Joined

  • Last visited

Everything posted by jefft

  1. In fact, the problem is much stranger and obscure than that. We have very good DNS. spamcop.net DNS is handled by Akamai globally. cesmail.net DNS is handled by a set of four different nameservers, in four datacenters, in both North America and Europe. There was no problem with the internet at large reaching our DNS. The real problem was with our servers internally reaching these nameservers. We use them ourselves to resolve names used internally within the system. We have resolving cache nameservers but they ultimately look up our names on the same servers you guys do. For a time Friday evening, our caches couldn't get to our own nameservers and couldn't look up IP addresses, like the IP address of the database server. We've been informed now that upstream from our data center, one provider had problems reaching a broken connection to Level3. Apparently they were accepting traffic but it was disappearing. The upstreams went back and forth for a while before our data center did an emergency failover and took all traffic away from those guys. At that point, the problem instantly went away. My guess is that inbound traffic came in a different route and that reply packets went back out that route. So, we were mostly reachable. However, transactions that we initiated (like DNS queries) mostly went out that broken route. Anyway, this all happened several layers upstream of us so I don't have any more visibility into the problem. This is probably about all the info I'll ever get and I wasn't able to do any real network debugging while it was going on. JT
  2. I believe this problem is fixed as of a couple of hours ago. I think that everyone has had their mail POPped at least once correctly now this afternoon. We're periodically polling all of the accounts. It might take a few hours for that to stabilize and get up to the normal frequency, but I expect mail to keep flowing in normally now. Sorry about the problem. We're moving some services to upgraded systems. This one was tested, but we ran into an obscure problem that would cause it to work for a while, then quit, but only for some accounts. If you see an issue where email is not POPped today for an hour or more, or tomorrow for more than half an hour, please email me at support[at] Replies here might be seen, but email will be faster and is tracked so I can see what's open and new. Thanks JT
  3. We have several machines in a load-balancing fault-tolerant system. It looks like STLS was not enabled on at least one machine. I've changed this and I think it should work across the system now. JT
  4. This message was much larger when we delivered it to you. Thu Jun 5 04:30:39 2008 Info: MID 575557146 ready 1002 bytes from <wxxxx.bxxxx[at]pxxxx.com> Thu Jun 5 04:30:39 2008 Info: MID 575557146 Message-ID '<200805279[6' I've replaced part of the email address, but I suspect it's spam anyway. I think what's happening is that your mail server or some point in the processing of your mail after we deliver it is just cutting off the message after the first few headers. So, you're getting only the first few lines. The mail may have had illegal characters or a malformed header line, I don't know. It looks like the Message-ID line is bad, for instance. Our system had 1002 characters, which is much more than what you saw up above. I don't believe our system is simply hanging up or failing to deliver the rest of the message, because we're getting this from your mail server: Thu Jun 5 04:30:41 2008 Info: MID 575557146 RID [0] Response 'received the message, thanks' You might check the server logs and see if your server logs how many bytes it received. JT
  5. Yes, I got your message. Anything after the first error code should be ignored. It's a bug, but one that doesn't hurt anything. We'll look into fixing this, though. JT
  6. OK, I switched those zones around to use the countries.nerd.dk list. JT
  7. The system doesn't do that. In all cases, the HTML version is one click away, but it is never displayed on the main message window. JT
  8. In every message, there should be a clickable link that says "unnamed". You can click on this to view the original HTML message. If you don't see the link, check your options where it talks about where it should put attachments. You want this set to both the headers and the body. JT
  9. If you're asking for a blacklist to be created automatically from your reported spam, this will never happen. Spammers rarely reuse the same email address, so there is really no point. And, how are you going to manage this data? Over months, we'd end up with millions of email addresses on this "blacklist". Your own blacklist would have thousands of entries (assuming you report spam a lot), pretty much none of which will ever email you again. JT
  10. Thanks for your calm and measured response, Steven. Looking at your account, it appears that we are not able to POP your Yahoo using the old popgate. I see the same error that everyone else was getting. We can login, but not actually retrieve any emails. Do you see any Yahoo mails being POPped? Do you think that it was working a couple of days ago, right before we made the switch? I see that the new system has stopped. We are going to restart it and put in monitoring to make sure it stays running. That is why nobody can connect right now. JT
  11. Yes, we have an implementation very much like the reference implementation. There is a triplet of sender email address, connecting IP address, and recipient email address that we use to make decisions. We are currently using a 30 minute delay for newly discovered triplets. Petzl asked why spam is still getting through and it is simply because the spammers are retrying. For spammers willing to retry, this method doesn't help at all. However, there is evidence that a large number of spammers do not retry. JT
  12. Since all of Yahoo was failing anyway on the old server, we've moved everyone who was trying to POP yahoo over to the new popgate2.cesmail.net server. I haven't heard of any problems so far with our small beta test. We'll be monitoring the new server to make sure it seems to be functioning correctly. JT
  13. And I presume you're getting all of your good mail. This is interesting. I'd like to see more data. If this holds up, there is a possible explanation. Email from new, unknown users forwarded by your ISP will all get greylisted and delayed. Your ISP will retry, of course, so all of this spam will eventually be delivered by us. However, during this time interval all of the blacklists that we use have had time to update. Delaying delivery of your spam by 30-60 minutes might make a real difference in how much the blacklists can catch. If you actually aren't getting the spam at all, either to your inbox or the Held Mail, it might be that a lot of your spam was actually being sent directly to your SpamCop account. Greylisting will help remove a lot of that spam, even if 100% of your legitimate mail is forwarded to us by another ISP. Well, no, see my other post about delaying delivery of spam. This is theoretical. I honestly don't know how much difference it makes. I do know that the SpamCop blacklist is very real-time and new spam sources are often detected within minutes. JT
  14. Most of the usefulness of greylisting comes from email sent directly to your spamcop.net account. If it is forwarded or we POP it for you, greylisting won't help much. JT
  15. As time goes on, I think the majority of users don't ever report their spam, they just want it removed. This removes a lot of spam (and viruses) without relying on particular keywords or blacklists. If you want all your spam, though, you shouldn't enable it. We're going to be working to add some additional information. Greylisting should "just work" though. It's really not intended for you to have to go in and fiddle with. We are working on allowing addresses in your personal whitelist to pass without being delayed. That feature isn't available right now, though. That isn't on our side. That's your mail server losing your email. I'd be very interested in looking in the logs to see what happened. Can you email the address that you were emailing from and to to me at support[at] Thanks JT
  16. You will experience the delay for those, too. The vast majority of users will not notice or even realize that their mail was delayed. However, if it is important to you that all of your email is received instantly after it is sent, greylisting may not be a great option for you. JT
  17. Please just send an email to support[at]spamcop.net One thing to do is login to webmail at http://webmail.spamcop.net and click Held Mail at the top. OK, in here there are a couple things you can do: Do you see the emails you tried to forward earlier? If you can, that's a clue. You can also release messages here. (It is called Release here, not Forward). Try to release one of these messages or any spam just to test and see what happens. Finally, if you hit Forward using the old web page, make a note of exactly what time and date you did this. If you don't receive it in a few minutes, email the address above with this information, including your time zone, and we can look in logs to figure out what is going on. JT
  18. We're looking into both of the issues above that were brought over from the newsgroups. We don't have a specific resolution yet and the issue with filters isn't confirmed, but we aren't ignoring them either. JT
  19. Newsgroups is fine now. Response to issues might be slow over the weekend, so I'll put it on the news page on Monday which should bring in a second group of testers. I'm pretty confident the beta webmail won't eat your messages and make them disappear. If you can't logout and log back in and make them show up, then I suspect something downloaded them. Does your wife read email via webmail or an email program? If the latter, then reading and downloading are pretty much synonymous in most cases. JT
  20. There is also a "Mobile Webmail" beta. Login with your phone or other handheld at the same URL listed above. When this logs in, it should take you to a page with a single link that says Mobile Mail. Click that and login again for a very fast, streamlined interface for portable devices. JT
  21. Deja vu for those of you who were here a year ago. We have a new webmail available to test. Please start using this right away and let us know what you think. The link for the webmail beta is: http://webmailbeta.spamcop.net https access will complain about the certificate name because we do not have a certificate for that name. You can use https fine, though, just ignore the warning. This will be fixed automatically when webmail goes live. Please email problems only to this address: webmailbeta[at]spamcop.net or use the Problem link at the top of every page. We have a person dedicated to working on this system, so we ought to be able to address issues quickly. Thanks JT
  22. Not fixed in their DNS actually. But, it is an intermittent problem. Depending on the exact state of our cache at any given time, we might happen to pull from their DNS servers instead of the root DNS servers. When that happens, it will start working for a while. It could go away at any time, though, until they actually fix the problem. JT
  23. Wow, I'm surprised. That looks like the guy basically understands the issue and is escalating it up to people who can fix it. Kudos to them, hopefully it will get fixed. JT
  24. Bear in mind, this is pretty esoteric stuff. The first 1 or 2 or even 5 replies you get from them will probably be wrong. If they check their DNS from internally, it will probably not show the same thing we see from the outside. And, they will tell you customers are receiving mail fine. If you can get someone who actually understands DNS, the problem should be immediately apparent. But, I've just checked and it is still there so it's apparently going on for days without anyone there noticing. I brought this up on a forum of email experts and the general consensus was that 1and1 has screwed this up. I don't have any backdoor way of contacting them to tell them, though. JT
  25. As far as I can tell, 1and1.com is having a serious problem with their DNS. This will cause problems for us, and other companies, in delivering email to them. I expect deliveries to be unreliable and intermittent. Basically, this is what I see happening. It appears they are trying to change the IP addresses of their main incoming mail servers, but screwed it up. If you do some google searching, even in our own forums, you'll see that their main mail servers like mx00.1and1.com have been at or around there. Now, if you query one of their DNS servers directly, you'll see that they have moved to a totally different area: jeff[at]delta2:~$ dig [at]ns28.1and1.com mx00.1and1.com ;; ANSWER SECTION: mx00.1and1.com. 7200 IN A Now, here's the problem. They apparently registered this same names directly with Network Solutions as if they are nameservers. So, when we ask the gtld servers about this name, we get this result: jeff[at]delta2:~$ dig [at]c.gtld-servers.net mx00.1and1.com ;; ANSWER SECTION: mx00.1and1.com. 172800 IN A As you can see, that's a different IP address. The problem is that this last IP doesn't actually respond to email any more. From the google search I mentioned above, it's obvious that at some point it did, but apparently it has been shut off. I realize the whole thing is confusing, but basically it is valid for us to ask either the gtld server or 1and1's server for this IP address. And, depending on exactly the timing and the state of our caches, we may ask one or the other. 1and1.com really needs to fix their DNS. Once they do, mail will start being reliable again. Until then, we will keep queueing and retrying, but it won't be reliable. JT Here is the output of another tool I have. These are all servers which can be asked for the IP address of mx00.1and1.com. The fact that some servers return one answer and some a different answer is a serious problem. 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 172800 A 1 mx00.1and1.com 7200 A 1 mx00.1and1.com 7200 A
  • Create New...