gnarlymarley

I think this might be related to this post: http://forum.spamcop.net/topic/25229-invalid-certificate-of-forumspamcopnet/

I occasionally get this too. Can't send report: smtpEnvelope (7137066052.937f7456@bounces.spamcop.net, abuse@telmexla.net.co): smtpFrom: mail From 7137066052.937f7456@bounces.spamcop.net: error (452 #4.3.1 temporary system error (12) ) Seems to have started for me about the same time that others started reporting proxy server messages: http://forum.spamcop.net/topic/46641-anyone-getting-gateway-timeout/

Intermittent issues are always interesting to troubleshoot because it sometimes works.

I usually send a note to the deputies address if it goes on too long. (Interesting the forum had a "Too many connections" and "Connection refused" on it too.)

I would put my note about them needing to patch in the "additional notes" section that would be sent with the report to the ISP.

I haven't see subject lines like those since maybe April. In April I started adding to my reports that they need to patch their systems and it seems to have stopped mine. They are probably on a rotation, so now that I said it out loud, my time to get them again is coming up.

Probably could attach a zip file to the form that contains a text file with all the links as well as the .eml mail file.

Mailhosts can combine your hosts all together if you start with "Host C". If you are going to report email send directly to "Host B", then you would want to have it in a separate mailhost entry. You can do this by setting up "Host Final", then "Host B" and "Host D", then "Host A", and then "Host C". You would do it in this order so SpamCop can split out email sent to "Host A" and email sent to "Host C". Another option would be to temporarily turn off mail forwarding and sent to any order.

I have 13 email addresses that I forward to the same submit address and it works for me. The catch is if you have mailhosts enabled, You will need to add all four to your mailhosts. (If you find something wrong with your mailhosts, you can save the tracking URL, go fix the problem, and come back to submit it.)

Most of the reports I have sent around the world are to people that are not spamming. How you know it comes from their server, router, or IP camera is you have the IP address in the headers. If you own your own server, you have it in your logs too. It also could be a shared or constantly changing IP, which is why the time sent/received is important. You really want the IP from the border server's header entry because anything before that could be made up. I started telling people that they might want to patch their computers, routers, and IP cameras and the spam from them to me seems to have stop. Also, I had tied started to tie some of my spamtraps to my own blacklist. When they try to send lots of those they get blocked very quickly and after a while, give up on trying to spam me.

I get the feeling that google doesn't trust SpamCop. I would suggest you send a message with the links. Might also be good to include your tracking URL. Then they should be able to see the spam as well as the links.

Just for clarification for whomever might be doing this, are you looking to have added a how to document or to have SC add a select box directly to cPanel?

I believe SpamCop gets the email addresses it uses to "X" out from the ones we submit to mail hosts. It does "x" out in most of the header and the body, but as of late I noticed it does not "x" out if it was used in the from header.

At one time I suspected they would sync, but I am not sure. While looking at the spamcop IPv4 statistics, I noticed the results are very low. It appears either a sync issue or else only one in a hundred are being reported as spam. Maybe people are not reporting as much spam as they should be? 185.41.28.0/24 [SB] Total Email: 13302.00 spam: 100.00

This has been going on for some time now. From what I gather they have to manually add the route. This is because of how they originally coded the system years ago and they didn't expect smaller IPv4 segements to be sold off to other RIRs. http://forum.spamcop.net/topic/22304-search-apnic-not-arin-for-452483143/ Hopefully, they get a manual entry in for you and you can revisit the tracking URL and then submit it.

I know ARIN revokes based on fraud. Say if someone lies about their contact information they can get revoked. I think there was something about revoking due to abuse, but I am not sure how to go about it. Also, one thing I should note is that some of these spammer facilitators have some good and honest customers that will be caught up in the mess if the whole range gets revoked.

ARIN can revoke an ISP's listing, but that doesn't always stop the spammers from continuing using the IP range. What usually stops them is their ISP sees the revokation and blocks the IP range. It is not really much different then us using a firewall.

I ran across a sendmail example that I had from a while ago, where they used sorbs and and then put SpamCop in the message. However, I cannot seem to find the postfix example I had from nearly two decades ago. FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl documentation: https://weldon.whipple.org/sendmail/dnsbl.html#customize Good luck on this. I hope you can get they can help in the resolution.

Sad situation that we once allowed this to happen. Email servers at one time had a separate message and blacklist configuration section. People could and still can setup their message of choosing. Take the following example from exim's configuration. I can make it say anything I want, even though it has nothing to do with SpamCop. deny dnslists = \ sbl.spamhaus.org,sbl-xbl.spamhaus.org=127.0.0.2 : \ dul.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.10 message = \ is in an 550 RBL: Blocked - see https://www.spamcop.net/bl.shtml?$sender_host_address Listed on https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html Agreed. Also can be a problem of email administrators who wrongly configure something.

Apparently this is due to SpamCop thinking the empty header means it was a bounce and doesn't trust anything in the body after that point. Here is another forum post that seems to describe it. http://forum.spamcop.net/topic/45027-linsk-are-not-parsed-when-return-path-is-empty/

Yes. I missed that last time. The "Mailhost configuration problem" and "No source IP address found" indicate that the email does not match your mailhosts. My first thoughts are that this either came from a different account or else secureserver.net is removing their received lines from the email. If this came from a different account, then you will need to go to mail hosts and click add for that email address. If this came from a secureserver account, then the only way you can get the spammers IP is to acquire the server logs from secureserver.net. RFC5321 explains this well in section 3.7.2, where your ISP should be adding that line so you have the IP that sent the email.

It maybe that your mailhosts has both carrierzone and outlook.com/hotmail.com. If so, it could note the received lines as good, even when they are not. I went in and deleted the accounts I no longer use off my mailhosts and it solved it for me. Also, a tracking URL makes it easier to read.

From what I understand SpamCop mailhosts only finds out about changes in mailhosts by someone resumitting a mailhosts test. I think you should be able just resubmit when you need to add a new internal server. Probably best to delete in this case because my mailhosts appear to be linked to others and it would be good to have a new fresh section for Office365, but you said you had tried that. Maybe deleting and giving it a new name?

I believe "SpamCop encountered errors" indicates a problem parsing the attachment. Are you attaching more then one email attachment as SpamCop can accept more than one? Might need to make sure your attachment does not have any blank lines above the headers. Some mail programs change the line endings so you get extra blank line or no blank lines in the source. Also will need to check that the first blank line is between the headers and the body.

I don't see Eonix traffic for some reason, so I am not able to test this and it will probably need some modification. But something like this spamassassin rule, which was built using the above criteria, should work for you. header RULENAME1 X-spam-Relays-Untrusted =~ /^[^\]+ ip=50\.[23]\./i header RULENAME2 Received =~ /BestWebHosting\.com/i header RULENAME3 From =~ /BestWebHosting\.com/i meta RULENAME RULENAME1 || RULENAME2 || RULENAME3 score RULENAME 1.5