Jump to content

Why block NASA?


Recommended Posts

See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings.

---------------------------------------------------------------------------------------------------------------------

X-Apparently-To: rsh_rsh[at]rogers.com via 98.139.219.164; Mon, 05 Mar 2012 01:59:43 -0800

Received-SPF: none (domain of mediaservices.nasa.gov does not designate permitted sender hosts)

X-YMailISG: hx5jKYYWLDthr0_fMMYndQeGQqFsZz25wT7xm5ik9eXApwxA

lrlEc_TinQ5Qg3xos8fW4jS61YowiOmqJIaXoyDTGPn0p1ePo2w_A3gh_0WZ

nkLlaEtFc4Cci.xXmCJ_rbg9Ms86gDsof6RU3qhQaV6qUCXDUWaPH5P5T1ka

ENmKx6GFkoBEp5nvgzqc4zRueQPVqjDWuMM33wWz.7vWhpRHKXPB73y5CaG9

VxWAakDwf33xjfaElEgYeA3jP3SpiExREoaVaWb1aALBtc0_Di.te8hv3Kte

PiBk6Qb7vfFavVlXo9GZkkCjpcKGv0BUbmGjajJdVTYc_6DUJhVtuCvsdLty

6SFg4iuT9d0.l2T2shrf5snytdTCawPtMv_lPG1J

X-Originating-IP: [192.100.64.12]

Authentication-Results: mta1004.rog.mail.sp1.yahoo.com from=mediaservices.nasa.gov; domainkeys=neutral (no sig); from=mediaservices.nasa.gov; dkim=neutral (no sig)

Received: from 127.0.0.1 (EHLO mail.monmouth.edu) (192.100.64.12)

by mta1004.rog.mail.sp1.yahoo.com with SMTP; Mon, 05 Mar 2012 01:59:43 -0800

Received: from smtp.monmouth.edu (smtp.monmouth.edu [204.152.149.12])

by mail.monmouth.edu (8.14.4/8.14.4) with ESMTP id q259xg8f009394

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)

for <robert.heuman[at]alumni.monmouth.edu>; Mon, 5 Mar 2012 04:59:43 -0500

Received: from da-etch-lap07.wh.sprintip.net (mediaservices.nasa.gov [65.165.5.239])

by smtp.monmouth.edu (8.14.4/8.14.4) with SMTP id q259xf5Q032686

for <robert.heuman[at]alumni.monmouth.edu>; Mon, 5 Mar 2012 04:59:41 -0500

Received: (qmail 22078 invoked by alias); 5 Mar 2012 10:00:31 -0000

Mailing-List: contact ksc-help[at]newsletters.nasa.gov; run by ezmlm

Date: 5 Mar 2012 10:00:31 -0000

Message-ID: <1330941631.21932.ezmlm[at]newsletters.nasa.gov>

From: ksc-help[at]mediaservices.nasa.gov

To: robert.heuman[at]alumni.monmouth.edu

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Subject: warning from ksc[at]newsletters.nasa.gov

X-spam-Level:

X-spam-Score: -6.909, Required: 3

X-spam-Matches: BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_FAIL,T_RP_MATCHES_RCVD

X-Scanned-By: MIMEDefang 2.71 on 192.100.64.12

X-Scanned-By: MIMEDefang 2.71 on 204.152.149.12

X-Text-Classification: other

X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=359

X-Agent-Received: from 2 rsh_rsh (127.0.0.1); Mon, 05 Mar 2012 11:10:29 -0500

X-Agent-Train-Legitimate: 0

X-Agent-Junk-Probability: 0

Welcome to ksc[at]newsletters.nasa.gov mailing list.

Messages to you from the ksc mailing list seem to

have been bouncing. I've attached a copy of the first bounce

message I received.

If this message bounces too, I will send you a probe. If the probe bounces,

I will remove your address from the ksc mailing list,

without further notice.

I've kept a list of which messages from the ksc mailing list have

bounced from your address.

Copies of these messages may be in the archive.

To retrieve a set of messages 123-145 (a maximum of 100 per request),

send an empty message to:

<ksc-get.123_145[at]newsletters.nasa.gov>

To receive a subject and author list for the last 100 or so messages,

send an empty message to:

<ksc-index[at]newsletters.nasa.gov>

Here are the message numbers:

1428

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>

Received: (qmail 7684 invoked for bounce); 22 Feb 2012 18:26:14 -0000

Date: 22 Feb 2012 18:26:14 -0000

From: MAILER-DAEMON[at]da-etch-lap07.wh.sprintip.net

To: ksc-return-1428-[at]newsletters.nasa.gov

Subject: failure notice

Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<robert.heuman[at]alumni.monmouth.edu>:

Connected to 204.152.149.12 but sender was rejected.

Remote host said: 553 5.3.0 spam blocked by SPAMCOP

Link to comment
Share on other sites

idirect.com' post='80038' date='Mar 5 2012, 04:39 PM']

See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings.

I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors).

Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that:

1. There is a compromised machine on their network

2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added

3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens)

What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list.

Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni.

idirect.com' post='80038' date='Mar 5 2012, 04:39 PM']

See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings.

I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors).

Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that:

1. There is a compromised machine on their network

2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added

3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens)

What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list.

Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni.

Link to comment
Share on other sites

idirect.com' post='80038' date='Mar 6 2012, 03:39 AM']

See below with full headers and complaint from NASA about the blocking of a newsletter to me from them because of SPAMCOP running at Monmouth University, since the email site they send the newsletter to is [at]alumni.monmouth.edu and Monmouth is contracted with SpamCop. I do NOT want to loose emails from the Government of the U.S. because SpamCop gets it wrong <grin>... and I no longer have the specific email that was blocked, since once I read them I delete them. But I really don't need these warnings.

---------------------------------------------------------------------------------------------------------------------

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>

Received: (qmail 7684 invoked for bounce); 22 Feb 2012 18:26:14 -0000

Date: 22 Feb 2012 18:26:14 -0000

From: MAILER-DAEMON[at]da-etch-lap07.wh.sprintip.net

To: ksc-return-1428-[at]newsletters.nasa.gov

Subject: failure notice

Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<robert.heuman[at]alumni.monmouth.edu>:

Connected to 204.152.149.12 but sender was rejected.

Remote host said: 553 5.3.0 spam blocked by SPAMCOP

The IP 204.152.149.12 has never been blocked by SpamCop no reports made in 3 months? Sometimes ISP's blame SpamCop mistakenly (Sometimes ISP's have their own "S**TLIST" or their reject notice is in error, nothing to do with SpamCop Block List)?

Link to comment
Share on other sites

mediaservices.nasa.gov [65.165.5.239] is very clean, showing just one listing in public RBLs currently on http://multirbl.valli.org/dnsbl-lookup/65.165.5.239.html (which has gone away, even as I write, I've never seen that happen before) - anyway, that listing was from ips.backscatterer.org, evidently without persistence.

Looks to me like monmouth.edu (also very clean and apparently determined to stay so) rejected the message with a misconfigured notice (doesn't accept messages without SPF?) or in reaction to a short-term listing by SC or someone else.

Or I might be misreading the evidence :blush:

Link to comment
Share on other sites

  • 4 weeks later...
idirect.com' post='80038' date='Mar 5 2012, 03:39 PM']

Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<robert.heuman[at]alumni.monmouth.edu>:

Connected to 204.152.149.12 but sender was rejected.

Remote host said: 553 5.3.0 spam blocked by SPAMCOP

The allegedly listed IP address was 69.43.161.180 (da-etch-lap07.wh.sprintip.net). This appears to be a shared server with some 2315 domains sitting on it¹. Current Senderbase reputation is neutral but if any user at those 2315 domains had a problem with a spam sending trojan....

Why is nasa.gov sending newsletters out through a shared server at Castle Access Inc, San Diego?

¹ http://revip.info/ipinfo/69.43.161.180 (incorrectly identifies server location as Australia, see ARIN whois output to understand why)

Link to comment
Share on other sites

  • 5 months later...

I think the alpha-numeric server name in this information (da-etch-lap07.wh.sprintip.net) is pretty meaningless in this situation, so Farelf is correct in relying on the IP of 65.165.5.239 as the one in question, and being located in Houston makes sense in this case (NASA). In fact, I found a similar NASA-related bounce notification here:

http://www.spinics.net/lists/nasa/msg03552.html

Hi. This is the qmail-send program at da-etch-lap07.wh.sprintip.net.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<list-nasa[at]xxxxxxxxxxx>:

Connected to 68.183.106.108 but sender was rejected.

Remote host said: 550 5.7.1 Rejected: 65.165.5.239 listed at zen.spamhaus.org

(that took place back in February)

As Derek suggested, the OP should really be taking this up with the Monmouth folks...there's really nothing we can help them with here (especially when the incomplete info leads to the locals here going off on misleading tangents). :-)

DT

Link to comment
Share on other sites

  • 2 weeks later...

This issue seems to be related to http://forum.spamcop.net/forums/index.php?showtopic=12215.

It seems he's forwarding mail through his Monmouth alumni email address (which adds some complication to the situation), and Monmouth seems to have some issues with their spam filter. The "spam blocked by SPAMCOP" seems quite generic (compared to things like SpamAssassin's SCBL info), and is 100% set on their mail server. In other words, the Monmouth people configured it to say "spam blocked by SPAMCOP" (that's not something generated by anything here at SpamCop.net) and that may or may not actually have anything to do with SpamCop.net's blacklist.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...