rsh@idirect.com Posted March 5, 2012 Share Posted March 5, 2012 See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings. --------------------------------------------------------------------------------------------------------------------- X-Apparently-To: rsh_rsh[at]rogers.com via 98.139.219.164; Mon, 05 Mar 2012 01:59:43 -0800 Received-SPF: none (domain of mediaservices.nasa.gov does not designate permitted sender hosts) X-YMailISG: hx5jKYYWLDthr0_fMMYndQeGQqFsZz25wT7xm5ik9eXApwxA lrlEc_TinQ5Qg3xos8fW4jS61YowiOmqJIaXoyDTGPn0p1ePo2w_A3gh_0WZ nkLlaEtFc4Cci.xXmCJ_rbg9Ms86gDsof6RU3qhQaV6qUCXDUWaPH5P5T1ka ENmKx6GFkoBEp5nvgzqc4zRueQPVqjDWuMM33wWz.7vWhpRHKXPB73y5CaG9 VxWAakDwf33xjfaElEgYeA3jP3SpiExREoaVaWb1aALBtc0_Di.te8hv3Kte PiBk6Qb7vfFavVlXo9GZkkCjpcKGv0BUbmGjajJdVTYc_6DUJhVtuCvsdLty 6SFg4iuT9d0.l2T2shrf5snytdTCawPtMv_lPG1J X-Originating-IP: [192.100.64.12] Authentication-Results: mta1004.rog.mail.sp1.yahoo.com from=mediaservices.nasa.gov; domainkeys=neutral (no sig); from=mediaservices.nasa.gov; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO mail.monmouth.edu) (192.100.64.12) by mta1004.rog.mail.sp1.yahoo.com with SMTP; Mon, 05 Mar 2012 01:59:43 -0800 Received: from smtp.monmouth.edu (smtp.monmouth.edu [204.152.149.12]) by mail.monmouth.edu (8.14.4/8.14.4) with ESMTP id q259xg8f009394 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <robert.heuman[at]alumni.monmouth.edu>; Mon, 5 Mar 2012 04:59:43 -0500 Received: from da-etch-lap07.wh.sprintip.net (mediaservices.nasa.gov [65.165.5.239]) by smtp.monmouth.edu (8.14.4/8.14.4) with SMTP id q259xf5Q032686 for <robert.heuman[at]alumni.monmouth.edu>; Mon, 5 Mar 2012 04:59:41 -0500 Received: (qmail 22078 invoked by alias); 5 Mar 2012 10:00:31 -0000 Mailing-List: contact ksc-help[at]newsletters.nasa.gov; run by ezmlm Date: 5 Mar 2012 10:00:31 -0000 Message-ID: <1330941631.21932.ezmlm[at]newsletters.nasa.gov> From: ksc-help[at]mediaservices.nasa.gov To: robert.heuman[at]alumni.monmouth.edu MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: warning from ksc[at]newsletters.nasa.gov X-spam-Level: X-spam-Score: -6.909, Required: 3 X-spam-Matches: BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_FAIL,T_RP_MATCHES_RCVD X-Scanned-By: MIMEDefang 2.71 on 192.100.64.12 X-Scanned-By: MIMEDefang 2.71 on 204.152.149.12 X-Text-Classification: other X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=359 X-Agent-Received: from 2 rsh_rsh (127.0.0.1); Mon, 05 Mar 2012 11:10:29 -0500 X-Agent-Train-Legitimate: 0 X-Agent-Junk-Probability: 0 Welcome to ksc[at]newsletters.nasa.gov mailing list. Messages to you from the ksc mailing list seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the ksc mailing list, without further notice. I've kept a list of which messages from the ksc mailing list have bounced from your address. Copies of these messages may be in the archive. To retrieve a set of messages 123-145 (a maximum of 100 per request), send an empty message to: <ksc-get.123_145[at]newsletters.nasa.gov> To receive a subject and author list for the last 100 or so messages, send an empty message to: <ksc-index[at]newsletters.nasa.gov> Here are the message numbers: 1428 --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: (qmail 7684 invoked for bounce); 22 Feb 2012 18:26:14 -0000 Date: 22 Feb 2012 18:26:14 -0000 From: MAILER-DAEMON[at]da-etch-lap07.wh.sprintip.net To: ksc-return-1428-[at]newsletters.nasa.gov Subject: failure notice Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <robert.heuman[at]alumni.monmouth.edu>: Connected to 204.152.149.12 but sender was rejected. Remote host said: 553 5.3.0 spam blocked by SPAMCOP Link to comment Share on other sites More sharing options...
Derek T Posted March 5, 2012 Share Posted March 5, 2012 idirect.com' post='80038' date='Mar 5 2012, 04:39 PM'] See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings. I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors). Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that: 1. There is a compromised machine on their network 2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added 3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens) What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list. Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni. idirect.com' post='80038' date='Mar 5 2012, 04:39 PM'] See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings. I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors). Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that: 1. There is a compromised machine on their network 2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added 3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens) What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list. Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni. Link to comment Share on other sites More sharing options...
petzl Posted March 5, 2012 Share Posted March 5, 2012 idirect.com' post='80038' date='Mar 6 2012, 03:39 AM'] See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings. --------------------------------------------------------------------------------------------------------------------- --- Enclosed is a copy of the bounce message I received. Return-Path: <> Received: (qmail 7684 invoked for bounce); 22 Feb 2012 18:26:14 -0000 Date: 22 Feb 2012 18:26:14 -0000 From: MAILER-DAEMON[at]da-etch-lap07.wh.sprintip.net To: ksc-return-1428-[at]newsletters.nasa.gov Subject: failure notice Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <robert.heuman[at]alumni.monmouth.edu>: Connected to 204.152.149.12 but sender was rejected. Remote host said: 553 5.3.0 spam blocked by SPAMCOP The IP 204.152.149.12 has never been blocked by SpamCop no reports made in 3 months? Sometimes ISP's blame SpamCop mistakenly (Sometimes ISP's have their own "S**TLIST" or their reject notice is in error, nothing to do with SpamCop Block List)? Link to comment Share on other sites More sharing options...
Farelf Posted March 6, 2012 Share Posted March 6, 2012 mediaservices.nasa.gov [65.165.5.239] is very clean, showing just one listing in public RBLs currently on http://multirbl.valli.org/dnsbl-lookup/65.165.5.239.html (which has gone away, even as I write, I've never seen that happen before) - anyway, that listing was from ips.backscatterer.org, evidently without persistence. Looks to me like monmouth.edu (also very clean and apparently determined to stay so) rejected the message with a misconfigured notice (doesn't accept messages without SPF?) or in reaction to a short-term listing by SC or someone else. Or I might be misreading the evidence Link to comment Share on other sites More sharing options...
Snowbat Posted March 28, 2012 Share Posted March 28, 2012 idirect.com' post='80038' date='Mar 5 2012, 03:39 PM'] Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <robert.heuman[at]alumni.monmouth.edu>: Connected to 204.152.149.12 but sender was rejected. Remote host said: 553 5.3.0 spam blocked by SPAMCOP The allegedly listed IP address was 69.43.161.180 (da-etch-lap07.wh.sprintip.net). This appears to be a shared server with some 2315 domains sitting on it¹. Current Senderbase reputation is neutral but if any user at those 2315 domains had a problem with a spam sending trojan.... Why is nasa.gov sending newsletters out through a shared server at Castle Access Inc, San Diego? ¹ http://revip.info/ipinfo/69.43.161.180 (incorrectly identifies server location as Australia, see ARIN whois output to understand why) Link to comment Share on other sites More sharing options...
DavidT Posted September 16, 2012 Share Posted September 16, 2012 I think the alpha-numeric server name in this information (da-etch-lap07.wh.sprintip.net) is pretty meaningless in this situation, so Farelf is correct in relying on the IP of 65.165.5.239 as the one in question, and being located in Houston makes sense in this case (NASA). In fact, I found a similar NASA-related bounce notification here: http://www.spinics.net/lists/nasa/msg03552.html Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <list-nasa[at]xxxxxxxxxxx>: Connected to 68.183.106.108 but sender was rejected. Remote host said: 550 5.7.1 Rejected: 65.165.5.239 listed at zen.spamhaus.org (that took place back in February) As Derek suggested, the OP should really be taking this up with the Monmouth folks...there's really nothing we can help them with here (especially when the incomplete info leads to the locals here going off on misleading tangents). :-) DT Link to comment Share on other sites More sharing options...
InvisiBill Posted September 25, 2012 Share Posted September 25, 2012 This issue seems to be related to http://forum.spamcop.net/forums/index.php?showtopic=12215. It seems he's forwarding mail through his Monmouth alumni email address (which adds some complication to the situation), and Monmouth seems to have some issues with their spam filter. The "spam blocked by SPAMCOP" seems quite generic (compared to things like SpamAssassin's SCBL info), and is 100% set on their mail server. In other words, the Monmouth people configured it to say "spam blocked by SPAMCOP" (that's not something generated by anything here at SpamCop.net) and that may or may not actually have anything to do with SpamCop.net's blacklist. Link to comment Share on other sites More sharing options...
DavidT Posted September 25, 2012 Share Posted September 25, 2012 Agreed, InvisiBill, and considering the glacial nature of this topic, and that the OP hasn't been here since March, it's probably moot anyway. I only jumped in to correct what looked like misinformation. DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.