Jump to content

[Resolved] Whitelist fought the blacklist... and the blacklist won


Recommended Posts

Hi.

This is reminiscent of an old topic here. But this mystery is even more mysterious.

This message showed up in my Held Mail with both X-SpamCop-Whitelisted and blocked by SpamAssassin. It was from me to another SpamCop address. I received it because I am POPing from that other SpamCop account (it's a family member whose mail I monitor). Usually, these messages end up routed to a folder I have created for that family member's mail.

I believe this has happened on rare occasions before, but I never saved the email. So here are the relevant message headers (I think... if you need more, let me know):

X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7
X-spam-Level: ***
X-spam-Status: hits=3.0 tests=HTML_MESSAGE,RDNS_NONE,TVD_SPACE_RATIO
	version=3.2.4
<snip>
X-SpamCop-Checked: <three IP addresses> 
X-SpamCop-Whitelisted: mynamehere<at>spamcop.net
X-SpamCop-Checked: 
X-SpamCop-Disposition: Blocked SpamAssassin=3

(Obviously, I have munged my email address.)

Additional info: The message was composed and sent from Outlook via my home ISP, but was sent as mynamehere<at>spamcop.net. So, in a sense, the from-address was forged.

What went wrong here?

Edited by MyNameHere
Link to comment
Share on other sites

It looks to me like there's been some doubling-up of at least some headers. Why are there two "X-SpamCop-Checked" headers? The second one is empty, or so it seems, but whatever original message it was attached to its disposition trumped anything prior.

The message was composed and sent from Outlook via my home ISP, but was sent as mynamehere<at>spamcop.net. So, in a sense, the from-address was forged.

That shouldn't have anything to do with it since sc blocks by IP# only. And forgery is intent; if I sign my wife's name on a check with her full knowledge the prosecutor's not going to try to take me down.

Link to comment
Share on other sites

It looks to me like there's been some doubling-up of at least some headers. Why are there two "X-SpamCop-Checked" headers? The second one is empty, or so it seems, but whatever original message it was attached to its disposition trumped anything prior.

<snip>

That's the way the headers were in the message source. The second "X-SpamCop-Checked" is there and is blank.

[Added in later edit] But that was the key to the answer. See next post.

[Full email source removed in edit]

Edited by MyNameHere
Link to comment
Share on other sites

After reporting this to SpamCop support, I believe we have figured out the answer.

The key is what SpamCop 98 noticed: There are two X-SpamCop-Checked lines.

So the sequence of events was:

  1. Mail arrives at family member's account and is checked and gets whitelisted.
  2. Mail is POPed to my account.
  3. Mail is checked a second time and because I am not whitelisted on my own account, SpamAssassin kills it.
  4. Mail ends up in my Held Mail.

All this because we both have SpamCop accounts.

B)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...