Jump to content

Blocking of Mailhost Probes


Recommended Posts

I don't think this has been specifically addressed, but there's something that ought to be added to the Mailhost Confirmation procedure, IMO. Due to some characteristics of the "probe" messages ("Subject: SpamCop account configuration email"), if they are received through a system that uses SpamAssassin as a filtering tool (as do SpamCop email accounts, for example), they might get blocked if a user has their SA threshold number set at 3.0 or below (mine is a 5 -- I wouldn't recommend a lower setting).

Here's the SA details line I've seen on the probes I've received:

X-spam-Status: hits=3.0 tests=FORGED_MUA_MOZILLA,FROM_HAS_MIXED_NUMS

That's a pretty high SA hits number on a desired piece of email. The "FORGED_MUA_MOZILLA" hit is due to this line from the probe's headers:

X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 via http://www.spamcop.net/ v1.371

That line should be deleted (by Julian?) which would lower the spam status. I searched the forums and found instances of people having their SA at 3 or below and having the probes blocked, which is entirely preventable.

Furthermore, it's possible that a probe can get blccked by the SC DNSBL, which is also bad....here's the the "Disposition" line from one that I had to haul out of my Held Mail:

X-SpamCop-Disposition: Blocked bl.spamcop.net

So, after that happened, I whitelisted "admin.spamcop.net" in my SC email Options, and then the probe went through with these two lines:

X-SpamCop-Disposition: Blocked bl.spamcop.net

X-SpamCop-Whitelisted: admin.spamcop.net

By doing a forum search, I found another example like this posted by another user in which their probe had been flagged/tagged/blocked/whatever by an SCBL listing. This is avoidable if a user does the whitelist procedure I mentioneed above, but this should be done before starting the mailhosts process.

So to summarize, I've identified one thing that Julian should fix, and another that should be added to the instructions shown to people who are confiruging mailhosts.

DT

Link to comment
Share on other sites

Not sure that the X-mailer is something I can do anything about

But surely Julian can....and he should! Probes are getting flagged with much too high a spam scoring by SpamAssassin.

but I am curious as to why the blocked by SCbl. What IP was causing the blocking?

Well, that's a bit complicated, in that the one I have on hand went through a system that is producing defective headers. Here are the IP's checked during receipt of the message:

X-SpamCop-Checked: 192.168.1.103 64.202.166.116 63.70.201.2 63.70.201.42

It would have to be one of those (the "192" one is internal to the defective system). This is the mailhost that I gave up on, eventually nuking the account.

DT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...