vtrain Posted January 24, 2004 Share Posted January 24, 2004 Dear all, I have reported several e-mails to spamcopin the last 10 days. Unfortunally I did not know much about headers . On some of those e-mails I used a automatic forward that I have setup in my computer so they had my IP address as a relay. I reported myself and now I get blacklisted 1) They were actually spam 2) it was not a relay. It was e-mails that came from one address... and a .forward file sent them to another address (i reported the last one) Sorry... sorry... sorry.... Is that a way of unreporting those e-mails in spamcop ? What shall I do now ? Link to comment Share on other sites More sharing options...
Jeff G. Posted January 24, 2004 Share Posted January 24, 2004 You posted from a netcabo.pt / netcabo.net address. netcabo.pt A (Address) 194.65.79.190 netcabo.pt MX (Mail Exchanger) Priority: 100 mx.netcabo.pt netcabo.pt MX (Mail Exchanger) Priority: 10 smtp.netcabo.pt mx.netcabo.pt A (Address) 212.113.174.8 smtp.netcabo.pt A (Address) 212.113.174.9 netcabo.net A (Address) 212.113.161.225 netcabo.net MX (Mail Exchanger) Priority: 10 tvcabo05.netcabo.net tvcabo05.netcabo.net A (Address) 212.113.161.135 According to http://www.spamcop.net/bl, the following IP Addresses are not listed: 194.65.79.190 212.113.174.8 212.113.174.9 212.113.161.225 212.113.161.135 Please provide the IP Address of the server that is blocked and/or the complete error message. The following text by Merlyn has helped others to understand the process in the past: Lets go through this step by step together. Please read this carefully and do not just scan it otherwise you will not understand the process. 1.) If you did not post the entire message you received about your email being blocked it will be very hard to help you solve your problem. 2.) Next we will talk about why Spamcop cannot block your email. Spamcop has no access to your email. When you send your email it goes through your ISP's email server and travels through the Internet until it reaches the ISP's server of the person you are sending your mail to then their ISP's server routes it to their mailbox. Spamcop has no access to either server or to the process between servers. 3.) Next we will discuss why you think Spamcop blocked you email. You probably received a "bounced" email saying something like: 451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx: or email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net or Anything saying your email was "blocked" by Spamcop and they directed you to some page on the Spamcop site. 4.) Now we will talk about who is "really" blocking your email Remember how we discussed the way your email traveled from your computer to the recipients computer in #2? The only person who could block your email is the recipients ISP or the recipient themselves. Most likely the recipients ISP is using the Spamcop List (we will discuss this in the next part #5) and they have blocked this email because the sending ISP's server is a known source of spam on the Internet. You should be complaining to your ISP because they allow spammers to use their resources which in turn caused your email to get blocked. You ISP did receive complaints. You could also contact the recipients ISP asking them to "whitelist" you. They recipients ISP decided on their own to incorporate this list into their email server software. Now you say you do not send spam but before you get upset, read the next part about how this list is compiled by Spamcop. 5.) What is the Spamcop List and why do ISP's use it? Spamcop runs a service for reporting spam. This is a free service where people either send their spam email or copy their spam email in a form that parses the email to find out where it originated from. Once the amount of spam reaches a calculated amount the originating server is placed on the list of spammers. This list is made freely available to anyone running an email server to use to enable them to block email originating from known spam servers. This list only contains IP numbers and not email addresses as email addresses in the "From" field can be readily forged and are not reliable. The only reliable source is the IP address the spam originated from. for more detailed information on how Spamcop works see: http://www.spamcop.net/fom-serve/cache/3.html 6.) Final Notes (VERY IMPORTANT) Before you start getting upset just remember what brought you here. Your email was blocked, not by Spamcop but the ISP of the person you were sending your email to. Spamcop has no control over what they do with their servers. Also, get proactive and help stop the flow of spam. Complain to your ISP because it is their servers that are being blocked. Let them know that you are paying for email service in your contract with them and they are not able to provide you with this service because they allow spammers to abuse their servers. I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes. If you have any more questions please post them here, there are many people willing to assist. And remember most people in this group are here to help you and they did not block your email so do not take your wrath out on them. HTH HAND Link to comment Share on other sites More sharing options...
Wazoo Posted January 24, 2004 Share Posted January 24, 2004 I have reported several e-mails to spamcopin the last 10 days. Unfortunally I did not know much about headers . On some of those e-mails I used a automatic forward that I have setup in my computer so they had my IP address as a relay. I reported myself and now I get blacklisted 1) They were actually spam 2) it was not a relay. It was e-mails that came from one address... and a .forward file sent them to another address (i reported the last one) Sorry... sorry... sorry.... Is that a way of unreporting those e-mails in spamcop ? What shall I do now ? That you "don't know anything about headers" and appaerntly did very little research on how to use SpamCop makes it very strange that you would just jump to setting up an auto-forward to begin with. To stay within the "be nice" guidelines, that's all I'll say about that. That you're blacklisted is interesting, as others that come in with this story also bring in tales of having their ISP all over them. Maybe yours hasn't found out about it yet? As answered over in the newsgroups, reports are handling like any other e-mail .. you hit Send: and they're prettty much gone at that instant (speaking in general terms of course) So no, there is no way to "un-report" a sent complaint. If you've got an IP that has in fact hit the BL, I'd suggest you get hold of your ISP pretty quick ... see if they let you remain as a customer ... You might kick a note (with a hell of a lot more info than you supplied here) to the deputies address and see if they can take a look, maybe even verify what you've said (again, impossible with what little data you've provided), and maybe, just maybe, the IP could get knocked off the list. On the other hand, if you've just been shooting the same error out for 10 days, with your system set on auto-pilot, Don might just boot you off the SpamCop tool anyway, just for GP's. Link to comment Share on other sites More sharing options...
vtrain Posted January 24, 2004 Author Share Posted January 24, 2004 You posted from a netcabo.pt / netcabo.net address.  netcabo.pt A (Address) 194.65.79.190  netcabo.pt MX (Mail Exchanger) Priority: 100 mx.netcabo.pt  netcabo.pt MX (Mail Exchanger) Priority: 10 smtp.netcabo.pt  mx.netcabo.pt A (Address) 212.113.174.8  smtp.netcabo.pt A (Address) 212.113.174.9  netcabo.net A (Address) 212.113.161.225  netcabo.net MX (Mail Exchanger) Priority: 10 tvcabo05.netcabo.net  tvcabo05.netcabo.net A (Address) 212.113.161.135 According to http://www.spamcop.net/bl, the following IP Addresses are not listed: 194.65.79.190 212.113.174.8 212.113.174.9 212.113.161.225 212.113.161.135 Please provide the IP Address of the server that is blocked and/or the complete error message. Thank you very much JeffG, the IP address that is blacklisted is not my ISP smtp or pop address. It's my home address: http://www.spamcop.net/w3m?action=checkblo...=+213.22.22.124 the last e-mail wrongly reported has the following headers: From - Fri Jan 23 17:39:25 2004 X-UIDL: AAQ8gb8BAAg50pKw4Tz2bK04w5VdFYQP X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Received: from smtp.netcabo.pt ([192.168.16.2]) by VS1.hdi.tvcabo with Microsoft SMTPSVC(5.0.2195.6713); Fri, 23 Jan 2004 17:30:05 +0000 Received: from xxxxxx([213.22.22.124]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Fri, 23 Jan 2004 17:29:46 +0000 Received: by aragao.homelinux.net (Postfix) id 54762180F7; Fri, 23 Jan 2004 17:29:32 +0000 (WET) Delivered-To: hf[at]xxxxxx Received: from localhost (localhost [127.0.0.1]) by xxxxxxx(Postfix) with ESMTP id C901B180F7 for <hf[at]localhost>; Fri, 23 Jan 2004 17:28:46 +0000 (WET) Received: from mx.netcabo.pt [212.113.174.8] by localhost with POP3 (fetchmail-5.9.0) for hf[at]localhost (single-drop); Fri, 23 Jan 2004 17:28:46 +0000 (WET) Received: from smtp.netcabo.pt ([192.168.16.4]) by VS2.hdi.tvcabo with Microsoft SMTPSVC(5.0.2195.6713); Fri, 23 Jan 2004 17:20:57 +0000 Received: from portugalmail.pt ([82.140.200.244]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.6713); Fri, 23 Jan 2004 17:06:33 +0000 Message-ID: <1428716-220041523164653132[at]portugalmail.pt> From: "MaiDir" <dirmail[at]portugalmail.pt> To: "xxxxxx" <xxxxxxxx> Subject: Um 2004 com NOVOS CLIENTES para o seu Negocio! Date: Fri, 23 Jan 2004 16:46:53 -0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_14319136262314960164653142" X-OriginalArrivalTime: 23 Jan 2004 17:06:34.0570 (UTC) FILETIME=[414202A0:01C3E1D3] Return-Path: dirmail[at]portugalmail.pt [snip] ---------------------------------- Wazoo: I asked someone to put the .forward file in the past To stay within the "be nice" guidelines, that's all I'll say about that. to stay within the "be nice" guidelines I won't answer more than this to your post. regards Helena P.S: I know that I did a mistake ok? but my computer does not send spam or relay spam. I use it to run spamassassin. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 24, 2004 Share Posted January 24, 2004 I fed your posted header to the parser. The results here point out the problem. From those results: Received: from mx.netcabo.pt [212.113.174.8] by localhost with POP3 (fetchmail-5.9.0) for hf[at]localhost (single-drop); Fri, 23 Jan 2004 17:28:46 +0000 (WET) Checking POP client chain: Chain test:smtp.netcabo.pt =? 213.22.22.124 213.22.22.124 is not an MX for smtp.netcabo.pt host smtp.netcabo.pt (checking ip) = 212.113.174.9 213.22.22.124 is not an MX for smtp.netcabo.pt Chain test failed Chain test:smtp.netcabo.pt =? 213.22.22.124 213.22.22.124 is not an MX for smtp.netcabo.pt host smtp.netcabo.pt (checking ip) = 212.113.174.9 213.22.22.124 is not an MX for smtp.netcabo.pt Chain test failed host 212.113.174.8 = a212-113-174-8.netcabo.pt (cached) host a212-113-174-8.netcabo.pt (checking ip) ip not found ; a212-113-174-8.netcabo.pt discarded as fake. 213.22.22.124 not listed in dnsbl.njabl.org 213.22.22.124 not listed in cbl.abuseat.org 213.22.22.124 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 213.22.22.124 is not an MX for smtp.netcabo.pt 213.22.22.124 is not an MX for a213-22-22-124.netcabo.pt 213.22.22.124 is not an MX for smtp.netcabo.pt 213.22.22.124 is not an MX for smtp.netcabo.pt 213.22.22.124 not listed in dnsbl.njabl.org Possible spammer: 212.113.174.8 host smtp.netcabo.pt (checking ip) = 212.113.174.9 212.113.174.9 not listed in dnsbl.njabl.org 212.113.174.9 not listed in cbl.abuseat.org 212.113.174.9 not listed in dnsbl.sorbs.net ips are close enough 212.113.174.8 is close to an MX (212.113.174.9) for netcabo.pt Chain test:smtp.netcabo.pt =? a213-22-22-124.netcabo.pt host a213-22-22-124.netcabo.pt (checking ip) = 213.22.22.124 213.22.22.124 is not an MX for smtp.netcabo.pt host smtp.netcabo.pt (checking ip) = 212.113.174.9 213.22.22.124 is not an MX for smtp.netcabo.pt Chain test failed Chain test:smtp.netcabo.pt =? 213.22.22.124 213.22.22.124 is not an MX for smtp.netcabo.pt host smtp.netcabo.pt (checking ip) = 212.113.174.9 213.22.22.124 is not an MX for smtp.netcabo.pt Chain test failed Cached masters for 213.22.22.124: abuse[at]tvcabo.pt abuse[at]netcabo.pt Chain error smtp.netcabo.pt not equal to last sender received line discarded This looks like a forgery because mailservers are supposed to report their own real names (like aragao.homelinux.net or a213-22-22-124.netcabo.pt) instead of their IP Addresses or unresolvable names (like 213.22.22.124 or localhost) in Received headers that they create. According to Section D, Page 46 of Internet Standard #11 and RFC #822 "Standard for the format of ARPA Internet text messages" at http://www.rfc-editor.org/rfc/rfc822.txt and http://www.rfc-editor.org/rfc/std/std11.txt : received = "Received" ":" ; one per relay ["from" domain] ; sending host ["by" domain] ; receiving host ["via" atom] ; physical path *("with" atom) ; link/mail protocol ["id" msg-id] ; receiver msg id ["for" addr-spec] ; initial form ";" date-time ; time received Also, according to Section 4.1.2, Pages 32-33 of Internet Standard #10 and RFC #821 "Simple Mail Transfer Protocol" at http://www.rfc-editor.org/rfc/std/std10.txt and http://www.rfc-editor.org/rfc/rfc821.txt : <time-stamp-line> ::= "Received:" <SP> <stamp> <CRLF> <stamp> ::= <from-domain> <by-domain> <opt-info> ";" <daytime> <from-domain> ::= "FROM" <SP> <domain> <SP> <by-domain> ::= "BY" <SP> <domain> <SP> <opt-info> ::= [<via>] [<with>] [<id>] [<for>] <via> ::= "VIA" <SP> <link> <SP> <with> ::= "WITH" <SP> <protocol> <SP> <id> ::= "ID" <SP> <string> <SP> <for> ::= "FOR" <SP> <path> <SP> <link> ::= The standard names for links are registered with the Network Information Center. <protocol> ::= The standard names for protocols are registered with the Network Information Center. <daytime> ::= <SP> <date> <SP> <time> <date> ::= <dd> <SP> <mon> <SP> <yy> <time> ::= <hh> ":" <mm> ":" <ss> <SP> <zone> <dd> ::= the one or two decimal integer day of the month in the range 1 to 31. <mon> ::= "JAN" | "FEB" | "MAR" | "APR" | "MAY" | "JUN" | "JUL" | "AUG" | "SEP" | "OCT" | "NOV" | "DEC" <yy> ::= the two decimal integer year of the century in the range 00 to 99. <hh> ::= the two decimal integer hour of the day in the range 00 to 24. <mm> ::= the two decimal integer minute of the hour in the range 00 to 59. <ss> ::= the two decimal integer second of the minute in the range 00 to 59. <zone> ::= "UT" for Universal Time (the default) or other time zone designator (as in [2]). Please fix your mailserver to bring it into compliance with these Internet Standards and RFCs. Thanks! Link to comment Share on other sites More sharing options...
vtrain Posted January 26, 2004 Author Share Posted January 26, 2004 Thanks JeffG Will try to ask the person that owns the linux machine to do that. A spamcop deputy removed the ban. H. Link to comment Share on other sites More sharing options...
Richard W Posted January 27, 2004 Share Posted January 27, 2004 Thanks JeffG Will try to ask the person that owns the linux machine to do that. A spamcop deputy removed the ban. H. The IP timed off the BL because the last report was for mail received 3.3 days ago. There was no manual delist done. I have flagged your IP as a trusted relay, which is a temporary fix, but the other problems should be done as a permanent fix. Richard Link to comment Share on other sites More sharing options...
vtrain Posted August 10, 2004 Author Share Posted August 10, 2004 Can a moderator edit the post above where an e-mail address appears (helena.ferreira AT netcabo pt) ? Thanks, Vtrain Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 10, 2004 Share Posted August 10, 2004 If it is your own message, you should be able to edit it yourself. Go to the post in question (while you are logged into your account) and there should be an edit button. *Edit* the edit button will be below your post to the right. Then hit the "Submit Modified Post" button. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.