Ex_Brit Posted July 13, 2004 Share Posted July 13, 2004 A lot of spam is getting through to my inbox and hitherto I got none...so what's up? See http://www.spamcop.net/sc?id=z547113925z18...1b77f8fa089940z This is just one of many. My SA level is set to 1...the highest filtering possible. Link to comment Share on other sites More sharing options...
Wazoo Posted July 13, 2004 Share Posted July 13, 2004 I'm not sure how the data found at your Tracking URL matches up with your filtering problem. There's nothing in your sample that shows that any filtering was done at all, but noting also that the sample seen via your Tracking URL doesn't appear to be a full spam either. You say you have a threshold setting of "1" but there are no lines showing that indicate that this e-mail was touched by the filtering system. OK, sorry aboiut the starting commentary here .. admit to having too many items opened up and see now that I was looking at the wrong sample ... but, can you explain the missing spam body? I've looked at both of your Tracking URLs and neither had anything beyond the headers. A bit cautious right now, as Julian has made so many changes just yesterday, not sure if this is another one ... Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 I have SC popped into my browser here. I CCP'd the spam from my inbox here into the report spam page box...I assure you it did go through as cesmail.net addy IS my Spamcop mail account. This is a copy of the actual mail text... SC/SA should have caught it especially with all the images attached to it. Her mother was taking care of them, feeding first with milk, later with to my house. During the long winter nights we grew closer and after some look at her later. I asked my new friend for help with the damage - she was a neighbor came over and, finding what she thought were two corpses, was climbing into the bathtub one afternoon when she remembered she "Instead of being time of hunger and loss, that winter brought The fighting had been hard and continuous; that was atested by all the senses. if the announcer didn't say COMBINED, all the kiddies would think, yeah, well ground; he had recovered his bearings. The dead on his right and on his The tavernkeeper was a baaad guy. Right at that moment of his tale It began twenty years ago. A nearby horse stable claimed myself, but even the strongest magic can't cure love." "But mister, I middle of it.It goes like this: They play the Ta, ta-da-da-da-DA, tuh, tu,tuh. I turned away from the well-lit road into a path along the get rid of it please half a hour I quietly sneaked out to my room and pulled from my bag my feet in the fog... I will have to hide another beer somewhere there while he slows down. The snow here is hard and flat, we are getting close to a first opponent, but without marking the hit this time. The furry terror was climbing into the bathtub one afternoon when she remembered she "Instead of being time of hunger and loss, that winter brought first opponent, but without marking the hit this time. The furry terror The tavernkeeper was a baaad guy. Right at that moment of his tale It began twenty years ago. A nearby horse stable claimed myself, but even the strongest magic can't cure love." "But mister, I middle of it.It goes like this: They play the Ta, ta-da-da-da-DA, tuh, tu,tuh. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Here's another one.. http://www.spamcop.net/sc?id=z547165705zf1...316abc6c8f23c0z Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Then something is wrong because the mail arrived at my SC mail account and was forwarded without filtering?? to my inbox ([at]rogers.com). I'm only CCP'ing what I get into the Report spam box back at SC. (where it should have been in the first place). Sorry about all that text, I should have taken a screen image but then I assume attachments aren't allowed here. If I set SC mail to block all mail, then I wont get any of my legit stuff either. This only started happening about two weeks ago. Hitherto I wasn't getting any spam at all in my inbox. (Lots to report though, back at SC). There must be something amiss, or I have a setting wrong...or??? Link to comment Share on other sites More sharing options...
Wazoo Posted July 13, 2004 Share Posted July 13, 2004 Ok, maybe some confusion going on here .. I saw I'd screwed up, deleted a post, unfortunately, perhaps while you were reading it (ouch) .. but, to try again, while I'm off trying to research some other things, try to go to the FAQ-in-progress at http://forum.spamcop.net/forums/index.php?showtopic=1895 and see if there's something there that might help in the interim. Apologies for my screw-up. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Thanks, I've scanned that forum - not much help so far, but will look again. Would it help if I post the details of the next email/spam item I get in full as it appears before I report it? (from "properties") Does this help? http://www.spamcop.net/mcgi?action=gettrac...rtid=1110945810 SpamAssassin hit at 2.63...my limit is 1.0 All I did was ccp the mail that slipped through back into the spamcop reporting module... which to me indicates that things are slipping through. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Footnote... as a precaution I've deleted and am now in the process of re-authorizing my SC email address on Mailhosts. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 13, 2004 Share Posted July 13, 2004 Mailhosts only has to do with your reporting of the spam, not stopping you from receiving it. According to the headers, both these messages came from IP addresses that were not on the sc dnsbl at the time they were received and both scored 0.7 on the spamassassin tests, so there is no reason to block them. X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.7 tests=HTML_20_30,HTML_MESSAGE,PLING_QUERY version=2.63 X-SpamCop-Checked: 192.168.1.213 82.34.184.185 SC/SA should have caught it especially with all the images attached to it. If the gibberish text you quoted above was the body as you state, it was only the Text version of the body. Spamassassin seems to have seen an HTML message (neither of which are showing in the tracker full message body). It looks like spamassassin only looked at the html version of the message, and found nothing serious breaking the rules. This is one of the reasons that spamassassin alone is not very effective (in my opinion) because spammers can hide all sorts of useless text which could very well be a valid email to lower the spamassassin scoring. SpamCop does not look at the body of the message at all. This explanation seems to make sense in that spamcop only reported the source and no spamvertized web sites (it does not report image links). Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Thanks. it's interesting to note that its only mail directly addressed to my SC email address r2d2 <at> cesmail.net that seems to get through (sometimes). (I have 5 email addresses in the filtering list.) I have every option marked in the blacklists and SpamAssassin is set to 1 which is as high as it will go. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 13, 2004 Share Posted July 13, 2004 Give one of your other addresses to that spammer and see if those messages make it through. I bet they would. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 13, 2004 Author Share Posted July 13, 2004 Give one of your other addresses to that spammer and see if those messages make it through. I bet they would. Ha ha...very funny. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 14, 2004 Author Share Posted July 14, 2004 This is the spam I was talking about in my other thread SA set to 1 - maybe it should have a 0.001 setting??!!! It is full of porn pics and how SA assesses it at 0.1 I don't know..maybe they need a revamp or update. Return-Path: <alejandraglpxcegaepglaaw[at]online.ie> Delivered-To: cesmail-net-zzzz ATcesmail.net Received: (qmail 30819 invoked from network); 14 Jul 2004 02:38:59 -0000 Received: from unknown (192.168.1.101) by blade1.cesmail.net with QMQP; 14 Jul 2004 02:38:59 -0000 Received: from dialin.speedway24.dip55.dokom.de (HELO dip55.dokom.de) (195.253.24.55) by mailgate.cesmail.net with SMTP; 14 Jul 2004 02:38:58 -0000 Message-ID: <E5898694.4419450[at]online.ie> Date: Wed, 14 Jul 2004 04:45:05 +0200 From: "daryl" <alejandraglpxcegaepglaaw[at]online.ie> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0p9.4) Gecko/20010913 X-Accept-Language: en-us MIME-Version: 1.0 To: "daryl" <xxx at cesmail.net> Subject: It's xmovies lol... Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.1 tests=HTML_MESSAGE,MIME_HTML_ONLY version=2.63 X-SpamCop-Checked: 192.168.1.101 195.253.24.55 When CCP'd to "report spam" this is the result:- http://www.spamcop.net/sc?id=z548473749za6...cff13f3557095az Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 14, 2004 Share Posted July 14, 2004 It is full of porn pics and how SA assesses it at 0.1 I don't know As I understand it, SA is searching for "word string matches" and format types. There is no way to automate following a link and determining it is spam, porn, or a picture of grandma. This is all software were are talking about and what you are looking to match is very dynamic. If the spammers would use consistent links or filenames, those could be searched for, but they have not followed my advise to do that .... yet The message you posted only matched 2 SA tests and those tests are part of , tests=HTML_MESSAGE,MIME_HTML_ONLY The IP it came from looks like a dialin IP in Germany. host 195.253.24.55 = dialin.speedway24.dip55.dokom.de. Probably an infected machine spewing everytime the owner logs in. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 14, 2004 Author Share Posted July 14, 2004 Thanks for the info. Link to comment Share on other sites More sharing options...
sonic Posted July 15, 2004 Share Posted July 15, 2004 Thanks. it's interesting to note that its only mail directly addressed to my SC email address r2d2 <at> cesmail.net that seems to get through (sometimes). (I have 5 email addresses in the filtering list.) I have every option marked in the blacklists and SpamAssassin is set to 1 which is as high as it will go. I've noticed that.... what I suspect is happening, is that for whatever reason (new system/IP address etc) the offender is not on the SCBL. When spam is sent to your other addresses it can take upto 10 minutes before it reaches your inbox (because the POP operation happens only every 10 mins or so). That 10 minutes, is probably enough for spam traps/other users to have reported the spam, and subsequently it is on the SCBL, and as such gets "held". I used to have my mail from Yahoo!Groups! going direct to my spamcop address, and as one of the xxxx-owner addresses was being spammed fairly regularly, these were often getting through. Having modified it to go to another address, which spamcop then popped, the mail was almost always "held". I've been trying to reduce my own spam totals recently, and have two accounts which were overrun. One was my own fault as it had been on a webpage "undisguised", as well as posting to newsgroups etc etc. The other had been "guessed" by the spammers - and completely massacred (100 spams per day at least). As an experiment, I've stopped popping those accounts, and whilst I post with my spamcop address undisguised - it has relatively few spam messages (10 or so per day). Maybe spammers aren't as stupid as we thought they were !!! Malcolm Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 15, 2004 Author Share Posted July 15, 2004 I have my settings to pop every 1 minute... are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 15, 2004 Share Posted July 15, 2004 I have my settings to pop every 1 minute... are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make. The POP sonic is referring to is the one where spamcop POP's your other accounts to bring the message through the filters. You may not be doing this as you may have your messages forwarded by your other accounts to spamcop. Your message sounds like you are popping the messages from spamcop every minute. That would not affect what sonic stated. Link to comment Share on other sites More sharing options...
sonic Posted July 16, 2004 Share Posted July 16, 2004 I have my settings to pop every 1 minute... are you saying that I should make that a larger wait time? Not quite sure I understand what difference that would make. The POP sonic is referring to is the one where spamcop POP's your other accounts to bring the message through the filters. You may not be doing this as you may have your messages forwarded by your other accounts to spamcop. Your message sounds like you are popping the messages from spamcop every minute. That would not affect what sonic stated. Steven is correct... the timing of spamcop popping my various accounts is, as far as I know, a standard, unconfigurable value (ie always about 10 mins). If the mail arrives in the remote mailbox just after a pop is done, you have a full 10 minutes for some other users / spam traps to report the user. Obviously, this will probably average out to about 5 mins overall - but I find I get less "false negatives" by waiting a little longer for my mail to arrive.. YMMV Malcolm Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 16, 2004 Author Share Posted July 16, 2004 SC pops my mail every 5, maybe I'll set it to 15 and see if it helps. It's really not too much of a problem I guess. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 16, 2004 Share Posted July 16, 2004 SC pops my mail every 5, maybe I'll set it to 15 and see if it helps. It's really not too much of a problem I guess. Where are you changing this setting? The option we are talking about is NOT configurable. Link to comment Share on other sites More sharing options...
Ex_Brit Posted July 16, 2004 Author Share Posted July 16, 2004 SC pops my mail every 5, maybe I'll set it to 15 and see if it helps. It's really not too much of a problem I guess. Where are you changing this setting? The option we are talking about is NOT configurable. I think I got my wires completely crossed here. I was talking about the settings at SC Mail for how often it pops mail from my ISP. I guess that's irrelevent. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 16, 2004 Share Posted July 16, 2004 settings at SC Mail This is the part I am trying to figure out. As far as I know, there are no "settings at SC Mail for how often it pops mail from my ISP." (assuming SpamCop webmail). I am talking about a basic account configuration where you have the public address you give out either forwarded to SpamCop or have SpamCop POP the messages. Then you can access the SpamCop servers directly (webmail, POP, IMAP) to get your messages, or have SpamCop forward those messages to a different, secret address. Any messages sent directly to that secret address will not be filtered. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.