DavidT Posted September 13, 2004 Share Posted September 13, 2004 I don't think this has been specifically addressed, but there's something that ought to be added to the Mailhost Confirmation procedure, IMO. Due to some characteristics of the "probe" messages ("Subject: SpamCop account configuration email"), if they are received through a system that uses SpamAssassin as a filtering tool (as do SpamCop email accounts, for example), they might get blocked if a user has their SA threshold number set at 3.0 or below (mine is a 5 -- I wouldn't recommend a lower setting). Here's the SA details line I've seen on the probes I've received: X-spam-Status: hits=3.0 tests=FORGED_MUA_MOZILLA,FROM_HAS_MIXED_NUMS That's a pretty high SA hits number on a desired piece of email. The "FORGED_MUA_MOZILLA" hit is due to this line from the probe's headers: X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 via http://www.spamcop.net/ v1.371 That line should be deleted (by Julian?) which would lower the spam status. I searched the forums and found instances of people having their SA at 3 or below and having the probes blocked, which is entirely preventable. Furthermore, it's possible that a probe can get blccked by the SC DNSBL, which is also bad....here's the the "Disposition" line from one that I had to haul out of my Held Mail: X-SpamCop-Disposition: Blocked bl.spamcop.net So, after that happened, I whitelisted "admin.spamcop.net" in my SC email Options, and then the probe went through with these two lines: X-SpamCop-Disposition: Blocked bl.spamcop.net X-SpamCop-Whitelisted: admin.spamcop.net By doing a forum search, I found another example like this posted by another user in which their probe had been flagged/tagged/blocked/whatever by an SCBL listing. This is avoidable if a user does the whitelist procedure I mentioneed above, but this should be done before starting the mailhosts process. So to summarize, I've identified one thing that Julian should fix, and another that should be added to the instructions shown to people who are confiruging mailhosts. DT Link to comment Share on other sites More sharing options...
Ellen Posted September 14, 2004 Share Posted September 14, 2004 Not sure that the X-mailer is something I can do anything about but I am curious as to why the blocked by SCbl. What IP was causing the blocking? Link to comment Share on other sites More sharing options...
DavidT Posted September 14, 2004 Author Share Posted September 14, 2004 Not sure that the X-mailer is something I can do anything about But surely Julian can....and he should! Probes are getting flagged with much too high a spam scoring by SpamAssassin. but I am curious as to why the blocked by SCbl. What IP was causing the blocking? Well, that's a bit complicated, in that the one I have on hand went through a system that is producing defective headers. Here are the IP's checked during receipt of the message: X-SpamCop-Checked: 192.168.1.103 64.202.166.116 63.70.201.2 63.70.201.42 It would have to be one of those (the "192" one is internal to the defective system). This is the mailhost that I gave up on, eventually nuking the account. DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.