Jump to content


Retired SpamCop Staff
  • Posts

  • Joined

  • Last visited

Everything posted by Ellen

  1. it cleared up a while after I posted -- sorry I didn't ge t back last nite to say that
  2. About 30 minutes I started getting failures trying to use SMTP.cesmail.net -- the server may be unavailable or refusing SMTP connections. Had been working fine up til then. Anyone else seeing this? Thanks Ellen
  3. thanks! weird to think that I will be "the public" in just over 24 hours :-) Ellen
  4. Hi folks -- tomorrow is my last day at SpamCop. After 7 or 8 years it's going to be strange to wake up in the morning, stumble over to the computer (I telecommute) and not tell people that yes, yes they are sending spam. Thanks for the support over the years! Richard, Don and Kelly are still deps so I know I leave you in good hands! Ellen moderator edit: edited title to avoid confusion Changed from: Announcement: Leaving SpamCop Changed to: Announcement: Ellen Leaving SpamCop
  5. They are not getting reports because I turned them off because of listwashing. Ellen
  6. Operations is working on it -- I just posted in announcements also Ellen SpamCop
  7. We are encountering website problems -- operations is aware of the problem and working on it. Thanks for your patience. Ellen SpamCop
  8. Actually the people I roused out of bed at disgustingly early hours in their timezones and all the other engineers/operations people/DBAs who threw themselves at this problem and who stayed with it to the very end are the ones who rock :-) A lot of resources were thrown into the fray. Everything looks good this AM and, at least from the mail I see to the deps, things are back to normal. I assume y'all will let me know if things go sideways again .... Ellen
  9. **** UPDATE 4 ********* Engineering is satisfied with the state of the process queues and has taken they system out of maintenance mode. Ellen SpamCop
  10. ********UPDATE # ************* We anticipate that the system will be back up around midnight to 3AM EDT - sorry I can't be more specific than that but engineering will want to process a large backup before turning the website back on and it is not known at this time how long that will take. Please note that it could be later than 3AM if the backlog is not processing as fast as we think it will or if new issues are encountered. Regarding any spams that you may have submitted prior to the system going into maintenance mode -- if you submitted by email and have the return email with the links go ahead and try the links. However remember that any spams that you received today during the day will be stale by tomorrow so I would just delete them and not worry about it. It is more important to submit the new spams than the older ones .... This will be my last update for today. After the system comes up if you notice any major problems please write to deputies <at> admin.spamcop.net with as much information as possible -- the tracking url if there is one, what exactly you were doing, how you submitted the spam, a small copy/paste snippet of the error message from the website (if there is one) etc. And many thanks for your patience during this long outage! Ellen SpamCop
  11. **** Update 2 ***** Engineering/Ops are working on the resolution. This is going to take quite a while to remedy. I do not have a restoration time yet but I wanted to let you know that we will not be back online in the next few hours. Ellen
  12. ****UPDATE***** DBA and engineering have located the cause of the problem and have taken the system offline to work on it. News to follow as it becomes available. Ellen
  13. Yes, the system will accept your spam and parse it and then it fails when trying to update the tables necessary for sending the spam reports -- operations, engineering and a DBA are all working on it. I have no time estimate as to how long it will take to resolve. I do not think continuing to submit spam at this time if you are doing a copy/paste is productive; if you are mailing in the spams, wait to click the link to finish reporting until after the problem is fixed. I'll reply to this thread when I have more information (as soon as I figure out how to mark the thread so I can find it again :-) Ellen
  14. OK I don't need any more samples -- I have enough to open the appropriate tickets. Thanks! If there is some method for pinning an announcement about this issue to the top of the forums with the info that we are aware of the problem and working on it, I would appreciate it! Thanks! Ellen
  15. How are you sending the spam? Are you using the report as spam button from a webmail sign-in to a SpamCop email account or doing a forward by email to the system? Please also email your response to deputies <at> admin.spamcop.net Ellen SpamCop
  16. Several eons ago SC used to report email addresses in it led to lots of misreporting so that was removed and I see no chance it will ever come back. 419'ers have used email addresses for years as well as some other work-from-home and mule-my-money type scams *however* the problems that resulted from reporting email addresses far outweigh any good that changing the code might do. this is something you are going to have to report manually
  17. What happened is that because of the lack of mailhosts for your account, the parser accepted a forged header and found the IP in the forged header as the injection point. The IP may have been an invalid/unassigned/reserved IP as Steven mentioned below or it may have been a legit IP and the recipient of the report wrote to us and pointed out the forged header. Don't take this as a personal insult -- it is just standard boilerplate to tell you that you need to do mailhosts for your account which helps everyone who receives SpamCop reports as it makes them more accurate. We would like *everyone* to be using MailHosts. Once you do your MailHosts just write to service <at> admin.spamcop.net to get your account unlocked. Ellen SpamCop
  18. spam.spamcop.net and spamcop.net are hosted on different IPs. spamcop.net is the SpamCop email system for users who buy an account and get an email address of the format <name>[at]spamcop.net/cesmail.net The reporting system is at the spam.spamcop.net domain '; <<>> DiG 9.4.1-P1.1 <<>> spam.spamcop.net mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15658 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spam.spamcop.net. IN MX ;; ANSWER SECTION: spam.spamcop.net. 358 IN MX 5 vmx2.spamcop.net. spam.spamcop.net. 358 IN MX 5 vmx1.spamcop.net. dig spamcop.net mx ; <<>> DiG 9.4.1-P1.1 <<>> spamcop.net mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21489 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;spamcop.net. IN MX ;; ANSWER SECTION: spamcop.net. 300 IN MX 10 mx2.spamcop.net. spamcop.net. 300 IN MX 5 mx.spamcop.net. ellen[at]sam:~$ telnet vmx2.spamcop.net 25 Trying Connected to vmx2.spamcop.net. Escape character is '^]'. 220 vmx2.spamcop.net ESMTP helo <deleted> 250 vmx2.spamcop.net Also you cannot do a procmail .forward to submit spam; the spam needs to be enclosed in a new mime wrapper. Ellen
  19. Anyone have problems imap'ing their mail this AM? specifically with Tbird when it tries to download the body of the mail? It seems to be slow to non-existent trying to do that. Ellen ETA: well never mind it seems to have recovered
  20. let me rephrase that -- the results of the scrambling of Outlook forwarded as attachment submissions may result in the parser finding the wrong injection point. Yes this is a big issue and yes we are working on figuring out how to handle this problem properly. Figuring out how to reliably locate the appropriate users and spams is complicated. Ellen
  21. 2003 and 2007 -- this has *nothing* to do with parser changes or with the SpamCop system. If you take a given spam and 1)do your forward as attachment with 200* to your SC address or some other account you own and look at the headers in the attachment and 2) reveal the received headers in Outlook and compare them to what the SC system shows you will see both missing headers (mostly X-headers/return_path possibly; that sort of thing) and received headers in a different order. While not having exhaustively tested every case for the number of received headers, we have proof from several installs of Outlook both 2003 and 2007 that this is occurring. In one particular case a qmail header was moved which caused no particular problem, in other cases a forged received header which was originally at the bottom of the chain, where of course it is supposed to be, popped up part way down the chain ... the more received headers in the original mail the worse the result. This does *not* mean that we can say if you have N received headers you are OK. There is no telling what issues there have been for the last several years -- remember we find out about this sort of thing when someone writes and says "this isn't right". It came to our attention in a major way when a particular user's reports targeted some impossible IPs and then also generated mail from some other IP owners who were real specific in their assertions that the IP in question could not be spam generating. We delved deeply into the user's reports and got in touch with the user's ISP who also got intensely involved at their end. We then recalled what seemed to be a few scattered events where we had seen oddball sets of headers. We have actually been working on this issue for close to a month. Ellen
  22. There is no way that I know of to programatically do that -- if you have some suggestions we are certainly open to hearing them. Ellen SpamCop
  23. As a result of a fairly lengthy and intense investigation of Outlook 2003 and 2007: Outlook does *not* include full and accurate headers when you forward spams as attachments. It reorders the Received headers, which makes them untrustworthy, as well as deleting/not forwarding other headers including X-headers, which is of less importance but which may loose some valuable information needed by ISPs/hosting companies. The result of the 'scrambled" or reordered Received headers means that SpamCop does not reliably know where the injection point of the spam is. Outlook is reordering the headers, not SpamCop. Thusly, if you are running Outlook you *may not* forward your spams as an attachment for processing. You can copy/paste or look into running mailwasher or some other 3rd party add-in/add-on but you must stop forwarding as an attachment. I want to thank the SC users who cheerfully gave of their time ito help in tracking this down. Ellen SpamCop wazoo/mods -- if you would propagate this info to the wiki or other areas as necessary it would be appreciated.
  • Create New...