mikemars Posted June 12, 2004 Posted June 12, 2004 Hi, much of my mail is routed through FreeParking.co.uk, but I noticed that some of it was being blocked ... (by pure co-incidence when I was re-training my mailhosts entries - the blocked mails were the spamcop robot ones!). I had a look at the header, and I think 207.35.205.45 is the problem. Could it be possible that someone has accidently reported this address due to not having a fully trained mailhost setting? (I just hope that 'someone' isn't me!). -Yours, Mike Parsing input: 207.35.205.45 host 207.35.205.45 = pop.freeparking.co.uk (cached) [report history] Routing details for 207.35.205.45 [refresh/show] Cached whois for 207.35.205.45 : noc[at]in.bell.ca Using abuse net on noc[at]in.bell.ca abuse net in.bell.ca = abuse[at]bellnexia.net, abuse[at]sympatico.ca Using best contacts abuse[at]bellnexia.net abuse[at]sympatico.ca Statistics: 207.35.205.45 listed in bl.spamcop.net (127.0.0.2) More Information.. 207.35.205.45 not listed in dnsbl.njabl.org 207.35.205.45 not listed in dnsbl.njabl.org 207.35.205.45 not listed in cbl.abuseat.org 207.35.205.45 not listed in dnsbl.sorbs.net 207.35.205.45 not listed in relays.ordb.org. Reporting addresses: abuse[at]bellnexia.net abuse[at]sympatico.ca --- Munged mail header --- Return-Path: <service[at]admin.spamcop.net> Delivered-To: spamcop-net-xxxxxxxxxx[at]spamcop.net Received: (qmail 20753 invoked from network); 11 Jun 2004 22:45:40 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 11 Jun 2004 22:45:40 -0000 Received: from mailgate.cesmail.net (216.154.195.36) by c60.cesmail.net with SMTP; 11 Jun 2004 18:45:37 -0400 X-Ironport-AV: i="xxxxxxxxxxxx"; d="scan'208"; a="xxxxxxxxxxxxxxxxxx" Received: (qmail 22677 invoked from network); 11 Jun 2004 22:45:36 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 11 Jun 2004 22:45:36 -0000 Received: from pop3.mail.demon.net [194.217.242.253] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for xxxxxxxx[at]spamcop.net (single-drop); Fri, 11 Jun 2004 18:45:36 -0400 (EDT) Received: from punt-3.mail.demon.net by mailstore for xxxxxxxxxxx[at]xxxxx.demon.co.uk id 1BYubE-0007ZD-Rd; Fri, 11 Jun 2004 22:34:12 +0000 Received: from [194.217.242.210] (helo=lon1-hub.mail.demon.net) by punt-3.mail.demon.net with esmtp id 1BYubE-0007ZD-Rd for xxxxxxxx[at]xxxxx.demon.co.uk; Fri, 11 Jun 2004 22:34:12 +0000 Received: from [207.61.90.203] (helo=MailRunner.FreeParking.Com) by lon1-hub.mail.demon.net with esmtp id 1BYubE-0001Gt-7a for xxxxxxxxx[at]xxxxx.demon.co.uk; Fri, 11 Jun 2004 22:34:12 +0000 Received: from [207.35.205.45] (helo=freeparking.com) by MailRunner.FreeParking.Com with esmtp (Exim 4.24 #1 (Debian)) id 1BYul7-00019j-2Z for <xxxxxxxxxxxx[at]xxxxx.demon.co.uk>; Fri, 11 Jun 2004 18:44:25 -0400 Received: with MailEnable Postoffice Connector; Fri, 11 Jun 2004 18:34:26 -0400 Received: from spamcop.net ([206.14.107.102]) by freeparking.com with MailEnable ESMTP; Fri, 11 Jun 2004 18:34:23 -0400 X-SpamCop-Conf: xxxxxxxxxxxxxxx X-SpamCop-Test1: 1 2 3 4 5 6 7 8 9 0 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Received: from [80.176.xxx.xxx (my static IP)] by spamcop.net with HTTP; Fri, 11 Jun 2004 22:33:29 GMT From: SpamCop robot <mhconf.xxxxxxxxxxxxxxx[at]cmds.spamcop.net> To: xxxxx[at]xxxxxxxxx.co.uk Subject: SpamCop account configuration email Precedence: list Message-ID: <xxxxxxxxxxxxxxxx[at]msgid.spamcop.net> Date: Fri, 11 Jun 2004 22:33:29 GMT X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; .NET CLR 1.1.4322) via http://www.spamcop.net/ v1.331 X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: *** X-spam-Status: hits=3.0 tests=FORGED_MUA_MOZILLA,FROM_HAS_MIXED_NUMS version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 194.217.242.253 194.217.242.210 207.61.90.203 207.35.205.45 X-SpamCop-Disposition: Blocked bl.spamcop.net
Robert Slade Posted June 12, 2004 Posted June 12, 2004 HIya, No 207.35.205.45 is not blocked, nor is any of the other IP addresses. I do know that demon are using Brightmail to block spam. Have you got that turned on? It maybe the source of the problem. Rob
Wazoo Posted June 12, 2004 Posted June 12, 2004 Unfortunately, the "evidence"pages are next to useless these days, but currently http://www.spamcop.net/w3m?action=checkblo...p=207.35.205.45 says that it is listed at present, as it was when the spam was parsed. If we go that Robert Slade checked and it wasn't listed ... then this IP is still being reported by someone, getting it listed once again after timing out to a de-listing.
Miss Betsy Posted June 12, 2004 Posted June 12, 2004 I thought that it took two reporters to get a listing? or one spamtrap report. Or since mailhosts, has that stopped? Miss Betsy
Wazoo Posted June 13, 2004 Posted June 13, 2004 I thought that it took two reporters to get a listing? or one spamtrap report. Or since mailhosts, has that stopped? No, that hasn't changed. But if you look at the evidence page, the critical line would be; Listing History In the past 179.7 days, it has been listed 8 times for a total of 9.3 days So that the baseline requirement of reports from different sources appears to have been met in the past .. noting that the first line of "less than 10 reporters" is time-constrained to "the last week" .... Spamtrap data is not identified as an issue, so all that's left now for "listing" is meeting the 2% treshold of spam reports vice "traffic seen" ...
Miss Betsy Posted June 13, 2004 Posted June 13, 2004 So that the baseline requirement of reports from different sources appears to have been met in the past .. noting that the first line of "less than 10 reporters" is time-constrained to "the last week" .... Spamtrap data is not identified as an issue, so all that's left now for "listing" is meeting the 2% treshold of spam reports vice "traffic seen" ... The reason I asked the question is that you said 'someone' has reported it. What I understand you are saying in reply to my question is that once there are two (or more) reports from different sources, the listing can continue (or be relisted) on one report. I can understand that the listing would continue on one report, but if it is delisted, wouldn't the algorithym start again counting sources? Miss Betsy
Wazoo Posted June 13, 2004 Posted June 13, 2004 good question, I might be wrong, but I believe that the multiple reports is only needed to get listed the first time ... once that IP has been recognized, I believe it's the 2% threshold that drives it from then on. I wll note, I don't think this question has ever been asked before <g> ... and I'd suspect that if I'm wrong, the only was to come up with the real answer is to hit Julian up for the actual code he's got in place for this ....
Recommended Posts
Archived
This topic is now archived and is closed to further replies.