kenwood Posted March 28, 2010 Share Posted March 28, 2010 I had to stop using SpamCop and alter my sendmail.cf file because of the following partial entry in my maillog file. ruleset=check_relay, arg1=n44a.bullet.mail.sp1.yahoo.com, arg2=127.0.0.2, relay=n44a.bullet.mail.sp1.yahoo.com [66.163.168.138], reject=550 5.7.1 Rejected: 66.163.168.138 listed at bl.spamcop.net A lot of list mail from various Yahoo Groups comes from this IP address. If it is blocked, a lot of legitimate list mail will not be delivered to list/group members. It is like throwing the baby out with the bath water. Has anybody else run into this? Link to comment Share on other sites More sharing options...
Wazoo Posted March 28, 2010 Share Posted March 28, 2010 Has anybody else run into this? your can find all sorts of previous occirrences by ising the various search tools provided. Yes, this has gone on for years. Yrs, some people decide that receiving the spam is more important than blocking the 'alleged important' stuff .. noting that the Yahoo Groups thing is also has a web-based interface. As you've stated, you made a decision based on your opinion. The question would be whether you're providing support to anyone else and whether they feel the same way. Link to comment Share on other sites More sharing options...
kenwood Posted March 28, 2010 Author Share Posted March 28, 2010 your can find all sorts of previous occirrences by ising the various search tools provided. Yes, this has gone on for years. Yrs, some people decide that receiving the spam is more important than blocking the 'alleged important' stuff .. noting that the Yahoo Groups thing is also has a web-based interface. You are right. Between being upset about this and not using the right search terms, I missed a lot of past postings. My apologies As you've stated, you made a decision based on your opinion. The question would be whether you're providing support to anyone else and whether they feel the same way. Yes, I did. I had been using 4 different DNSBLs in my sendmail.cf and SpamCop was the third in the chain. Since 99% of my spam is filtered by the first two, mostly the first one, and SpamCop was the only one blocking Yahoo Group mail after passing through the first two, it was a pretty easy decision. I don't think I would happy if I was told those are the breaks and go read your Yahoo group mail by logging in and using the web interface. Thanks for taking the time to reply. Link to comment Share on other sites More sharing options...
Farelf Posted March 29, 2010 Share Posted March 29, 2010 It does seem a little odd though http://www.spamcop.net/w3m?action=blcheck&...=66.163.168.138 66.163.168.138 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours. Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Additional potential problems (these factors do not directly result in spamcop listing) * IP is listed in SpamCop exclusion list Because of the above problems, express-delisting is not available Listing History In the past 23.8 days, it has been listed 3 times for a total of 4.4 days Other hosts in this "neighborhood" with spam reports 66.163.168.55 66.163.168.132 66.163.168.134 66.163.168.136 66.163.168.137 66.163.168.139 66.163.168.140 66.163.168.141 66.163.168.142 66.163.168.143 66.163.168.147 66.163.168.148 66.163.168.151 66.163.168.152 66.163.168.153 66.163.168.154 66.163.168.155 66.163.168.156 66.163.168.157 66.163.168.159 66.163.168.160 66.163.168.183 66.163.168.186 66.163.168.189 66.163.168.190 Spamtraps? How did they get into the mailings? http://www.senderbase.org/senderbase_queri...=66.163.168.138 - high volume, not much except spamtraps are ever going to get it listed. http://multirbl.valli.org/dnsbl-lookup/66.163.168.138.html - nothing much of significance there apart from SC and Project Honeypot (which latter could be fooled by legitimate sending to a large number of similar addresses). The middle third or so of the 'neighbourhood' servers are the only ones currently listed - almost like a rotation of servers is occurring to duck around the listings to some degree. One of those others listed is http://www.spamcop.net/w3m?action=checkblo...=66.163.168.151 but again (due to volume), seems to be spamtrap hits only that would be tripping the entry. Looks to me like the/some group lists have been poisoned. Is SC being 'used' and thus a mere nuisance? Is that possible? Since Yahoo Groups can easily be whitelisted by many/most of the recipients, that would seem to be a fruitless exercise - yet here is a case where a SCbl user finds the more effective option is to drop the SCbl and that can't be good. [edit] Nope, a bit more of a look and some interpretation - it looks like spamtraps are getting into the mailings the same old way - through spammers latching on to bogus lists and using the system (perhaps through unmoderated groups or from rogue group owners) to pump out 'regular' spam. In that context, Yahoo has a special SC mailservices reporting address which presumably/hopefully receives extra attention. If group members are not receiving spam, dropping the SCbl is well and good - but if (when) they do get spammed, the SCbl will often be the fastest-reacting means to shunt the stuff aside. The recommended use of the SCbl is to filter, not to reject - one can imagine false positives become likely in specific scenarios such as this. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.