Jump to content

rdorsch

Members
  • Posts

    12
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

rdorsch's Achievements

Member

Member (2/6)

0

Reputation

  1. My fault, I added the local config inside ifplugin Mail::SpamAssassin::Plugin::Shortcircuit Now everything works well again 🙂
  2. Hi, I migrated my mailserver to a new machine. I report spam using spamassassin -r < message called by a inotify scri_pt, monitoring an IMAP directory in which I move spam manually. In the past I had spamcop_from_address and spamcop_to_address in local.cf and this worked well. In the new machine, I see that local.cf gets read Jun 5 17:53:00.309 [11949] dbg: config: read file /etc/spamassassin/local.cf but the spam reports do not use the spamcop_from_address and spamcop_to_address ... Jun 5 17:53:10.028 [11949] dbg: reporter: SpamCop sent FROM <user>@<machine> Jun 5 17:53:10.029 [11949] dbg: reporter: SpamCop received 250 sender <<user>@<machine>> ok Jun 5 17:53:10.196 [11949] dbg: reporter: SpamCop sent TO spamassassin-submit@spam.spamcop.net and my spam reports do not get work 😞 Fancy is that both machines use spamassassin 3.4.2 Any hint is welcome. Rainer
  3. Thanks for sharing the useful link. Fortunately, so far my domain did not show in the pwned list :-) The relation to spam here is that one of my smtpauth passwords would show up, correct?
  4. Here is the tracking id https://www.spamcop.net/sc?id=z6633595354za3c7f1c70eca174576d1527014496a1dz
  5. I am not doubting that that virus checks are useful in particular if you are running a windows PC (which I do not :-) ). But that is only relevant here, if my systems are the spam source, not the spam destination.
  6. Hmm....I think that helped to recover it, I clicked on "Parse" to recover it: https://www.spamcop.net/sc?id=z6633595354za3c7f1c70eca174576d1527014496a1dz
  7. I submit by email, but after having completet the confirmation mail, I delete it. The data I added are from my report history on spamcop.net. If there is no way to extract it from there, it is gone. What I still have is the spam email itself (attached). spam_mail.mbox
  8. Many thanks for your reply, I opened a new feature request as you suggested. For completeness I include here the tracking URLs: Submitted: 14.5.2020, 17:40:25 +0200: =?UTF-8?B?6L+Q6YCB5bu66K6uIDMwLzUvMjAyMA==?= 7058512602 ( http://www.bokomoko.de/ ) To: abuse@netcup.de 7058512598 ( 185.222.58.117 ) To: complain@rootlayer.net Here is the new feature request:
  9. This topic was discussed already on and Lking proposed to open a feature request here. The issue is: I received spam and reported it to spamcop: Submitted: 14.5.2020, 17:40:25 +0200: =?UTF-8?B?6L+Q6YCB5bu66K6uIDMwLzUvMjAyMA==?= 7058512602 ( http://www.bokomoko.de/ ) To: abuse@netcup.de 7058512598 ( 185.222.58.117 ) To: complain@rootlayer.net Apparently, the (Chinese?) spam contained my own domain: www.bokomoko.de Unfortunately, I did not notice this in the generated report and confirmed that. Since I received in the past days multiple of these emails and I deselected my own domain (except on the first spam I received), I suggest that spamcop handles this situation better. As an immediate measure, my wife suggested to stop reporting spam to spamcop, if that has the risk that our email server gets shutdown in the middle of Corona home schooling. Feature request is: Spamcop should support per reporter whitelists for domains which should never be reported to spamcop If the effort for this is too high: Never generate abuse reports for the domains referenced in the body of the spam mail, if the match the spam destination domain If the effort for this is too high: Make the default to not generate abuse reports for domains referenced in the body of the spam email to reduce false positives If there is further information I can provide, please let me know.
  10. That is a good point, my own host might not be the only innocent victim. The longer I think about that the more I come to the conclusion that spamcop should here fix things, since the default is dangerous for the reporter and may trigger false positives. My wifes opinion was please stop reporting spam to spamcop altogether, if the risk is that our email infrastructure gets shutdown over the weekend (in the middle of Corona home schooling). I think spamcop should consider to As default do not report links inside (to reduce false positives altogether) At least protect the reporter and let the reporter configure a whitelist for internal links (or at least support to whitelist the spam recipient domain) I am still puzzled that I have not seen that kind of issue for many years but now very frequent.
  11. The story with the provider is a separate topic, but long story short: The spamcop reports are processed automatically, normally they disable the host immediately (which does not make sense, but this is at least what they communicated). After calling them, they checked the issue and reenabled the server immediately. I do not understand why I should run a virus scan if my server is not the source of the spam. Mailhost and website are the same domain, even the same host. rd@h370-wlan:~$ dig bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43604 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;bokomoko.de. IN A ;; ANSWER SECTION: bokomoko.de. 214 IN A 37.120.169.230 ;; Query time: 0 msec ;; SERVER: 192.168.4.1#53(192.168.4.1) ;; WHEN: So Mai 24 09:58:43 CEST 2020 ;; MSG SIZE rcvd: 56 rd@h370-wlan:~$ dig www.bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> www.bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49796 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.bokomoko.de. IN A ;; ANSWER SECTION: www.bokomoko.de. 299 IN CNAME netcup.bokomoko.de. netcup.bokomoko.de. 299 IN A 37.120.169.230 ;; Query time: 39 msec ;; SERVER: 192.168.4.1#53(192.168.4.1) ;; WHEN: So Mai 24 09:57:24 CEST 2020 ;; MSG SIZE rcvd: 81 rd@h370-wlan:~$ dig -t MX bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -t MX bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34232 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;bokomoko.de. IN MX ;; ANSWER SECTION: bokomoko.de. 299 IN MX 10 mail.bokomoko.de. ;; Query time: 132 msec ;; SERVER: 192.168.4.1#53(192.168.4.1) ;; WHEN: So Mai 24 09:57:35 CEST 2020 ;; MSG SIZE rcvd: 61 rd@h370-wlan:~$ dig mail.bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> mail.bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36872 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mail.bokomoko.de. IN A ;; ANSWER SECTION: mail.bokomoko.de. 294 IN A 37.120.169.230 ;; Query time: 17 msec ;; SERVER: 192.168.4.1#53(192.168.4.1) ;; WHEN: So Mai 24 09:57:47 CEST 2020 ;; MSG SIZE rcvd: 61 rd@h370-wlan:~$
  12. Hello, I recently had the problem that I received spam, reported spam to spamcop, spamcop informed the hoster and the hoster deactivated *my* server. Looking into the issue, I found that my domain was mentioned in the spam email, that was pretty much the only text string I could read in the (Asian) email. I did not read "Please make sure this email IS spam:" confirmation page carefully enough, which most likely listed my domain, and the process started. I have not seen that int he past 10+ years I have been reporting to spamcop, but since then many times now. Since the domain which is referenced in the spam email and my mail domain are the same, it should be trivial to catch such false positives by spamcop. I am just wondering if anything changed in the spamcop setup or if I can somewhere configure that spamcop never generates reports against my own domain submitted by me. Many thanks Rainer
×
×
  • Create New...