Vladimir Posted April 2, 2014 Share Posted April 2, 2014 Since the outage I'm getting a lot more spam passing the filters than before. About 90% of them are coming from hostingsolutionsinternational.com servers as reported by the Spamcop reporting tool. What would be the best way to block emails from these servers? Link to comment Share on other sites More sharing options...
turetzsr Posted April 2, 2014 Share Posted April 2, 2014 Hi, Vladimir, ...My suggestion to you would be to review SpamCop Wiki article "How I Use SpamCop - A Detailed Example - RconneR," especially the section labeled "Improving SpamCop's performance by changing your filter settings." If you have any questions after reading that article, please do not hesitate to follow-up by replying here. ...Good luck! Link to comment Share on other sites More sharing options...
Farelf Posted April 2, 2014 Share Posted April 2, 2014 Probably best for you to post a tracking URL so other users can see the headers - also your SpamAssassin level etc. What filters do you have set? (Not a user myself & you would need to log in but I believe that is the right link.) Some of the spam from Brazil (routing to the hostingsolutionsinternational.com abuse address) has UTF-8 encoding which might offer a context filtering option - just conjecture, you can see the value of the headers in getting to specifics. Are you using the greylisting feature? That may need to be re-applied after the outages (other SC mail users may be able to advise). More detail needed for others to get their teeth into the problem. Link to comment Share on other sites More sharing options...
Vladimir Posted April 3, 2014 Author Share Posted April 3, 2014 Hi, Vladimir, ...My suggestion to you would be to review SpamCop Wiki article "How I Use SpamCop - A Detailed Example - RconneR," especially the section labeled "Improving SpamCop's performance by changing your filter settings." If you have any questions after reading that article, please do not hesitate to follow-up by replying here. ...Good luck! That's a great article, thanks! Link to comment Share on other sites More sharing options...
turetzsr Posted April 3, 2014 Share Posted April 3, 2014 ...Glad you found it helpful; thanks for taking the time to let me know! <g> Link to comment Share on other sites More sharing options...
Vladimir Posted April 3, 2014 Author Share Posted April 3, 2014 Probably best for you to post a tracking URL so other users can see the headers - also your SpamAssassin level etc. What filters do you have set? (Not a user myself & you would need to log in but I believe that is the right link.) Some of the spam from Brazil (routing to the hostingsolutionsinternational.com abuse address) has UTF-8 encoding which might offer a context filtering option - just conjecture, you can see the value of the headers in getting to specifics. Are you using the greylisting feature? That may need to be re-applied after the outages (other SC mail users may be able to advise). More detail needed for others to get their teeth into the problem. Hi Farelf, one of the tracking URLs is: http://www.spamcop.net/sc?id=z5846804987z7...8e4480e6c0fd3bz I have all the blacklists turned on except for brazil and Spamhaus PBL (I have Spamhaus XBL turned on and the instructions say to pick one or the other) My SpamAsassin level is 3. I"m not using the greylisting feature. Does that feature work well in your opinion? I want to prevent as many false positives as possible. The other half of my spam currently comes from itdnet.net, which looks like its located in Bulgaria. Here's the tracking code for one of them: http://www.spamcop.net/sc?id=z5849143909z5...c6e43e8ff23459z Thanks again for all your help! Vladimir Link to comment Share on other sites More sharing options...
DavidT Posted April 3, 2014 Share Posted April 3, 2014 Vladimir, Two comments from me: first, for reducing incoming spam, I've seen lots of positive comments from other CESMail email account customers about greylisting, but it's only useful if the messages being delivered are coming directly to your "spamcop.net" (or "cesmail.net") address, rather than through some sort of forwarding arrangement. If the latter is the case, you wouldn't want to use greylisting. Second, I've noticed that despite having the SpamCop Blacklist continuously selected in my options for many years, inbound messages originating from SCBL-listed IPs have not been routed into my Held Mail for some months. Most of my incoming messages are automatically forwarded to my spamcop address, so that may be a factor, but it used to work and now it simply doesn't. According to SenderBase, the IP from one of your samples was indeed on the SCBL, but if your experience is like mine, the messages wouldn't be properly routed to your Held folder, which I consider to be a bug, but the only time anyone gets very excited around here is when the entire system crashes, an increasingly-frequent phenomenon, unfortunately. DT Link to comment Share on other sites More sharing options...
petzl Posted April 3, 2014 Share Posted April 3, 2014 Hi Farelf, one of the tracking URLs is: http://www.spamcop.net/sc?id=z5846804987z7...8e4480e6c0fd3bz http://www.spamcop.net/sc?id=z5849143909z5...c6e43e8ff23459z Thanks again for all your help! Vladimir Since Cisco have taken over SpamCop tends more often than not to wrong reporting address? Could be RIPE denying updates also (limits updates/look-ups) ip 69.64.53.30 United Arab Emirates (?) should Go to abuse[at]chociz.com abuse[at]plusserver.de abuse[at]ip-pool.com abuse[at]ippool.com (for ip-pool.com) Greylisting should but not always stop this mostly does (probably not a email server) IP 94.155.46.147 (Botnet or zombie) Was going to abuse[at]itdnet.net REFRESH now gives abuse[at]herehost.com Greylisting should but not always stop this, mostly does You need to set-up a Whitelist (friends/contacts) which bypasses ALL block/blacklists including Greylisting Non-Whitelisted emails get delayed unless they have a (I don't know) but it bypasses Greylisting. Some spammer botnets are onto it? A lot more spam is now by compromised email accounts (USE SECURE PASSWORDS SC email PW limit is 30 Alphanumeric characters Capitals Lower case and Characters like = - Get a windows program to check abuse addresses Also send to CERT abuse address these are Government agencies not all take SC reports but you can forward spam to them from your trash folder (include in forward body the SpamCop "message" Re: IP_ADDRESS (Administrator of network where email originates) Windows MailWasher is a must have (easy auto mated reporting from SpamCops Email server not your email client Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.