Jump to content

Recommended Posts

Posted

I have my system set up to forward spam to SpamCop, which I did earlier today and was expecting to get report notifications. When I didn't, I logged in and I saw that my system had bounced mail from SpamCop. I didn't see what had gone wrong at first, because the error message was incomplete, and I saw that the only report I had in the queue was a bit of spam from 4 days ago.

I double-checked my logs, and my system bounced SpamCop's report email because the IP is now listed with Spamhaus. The report is still active, and I'm not sure I should necessarily whitelist SpamCop's IPs if the contents of this report are accurate.

I do not recall seeing this from SpamCop's servers before, so I figure, better safe than sorry.

In the meantime, I can use the form to submit email so I don't trigger any more bounces, until this is resolved.

Feb 26 17:08:21 <myserver> postfix/smtpd[20277]: NOQUEUE: reject: RCPT from unknown[184.94.240.88]: 554 5.7.1
  Service unavailable; Client host [184.94.240.88] blocked using zen.spamhaus.org;
  https://www.spamhaus.org/query/ip/184.94.240.88; from=<spamid.6800685979@bounces.spamcop.net>
  to=<me@mydomain.com> proto=ESMTP helo=<vmx.spamcop.net>

Let me know if there's a better place to fire this report.

Posted
59 minutes ago, newjoiseyboy said:

I have my system set up to forward spam to SpamCop, which I did earlier today and was expecting to get report notifications. When I didn't, I logged in and I saw that my system had bounced mail from SpamCop. I didn't see what had gone wrong at first, because the error message was incomplete, and I saw that the only report I had in the queue was a bit of spam from 4 days ago.

Now I'm getting bogus spam threats so spammers have read about the glitch!
https://www.spamcop.net/sc?id=z6801175589z9204dccb4f827821d33a630dd4eafcc5z

Posted
The blocklist issue with IPs being added that probably shouldn't is why I went from the idea of block it if only any list to SpamAssassin where it blocks it based on a score. Either the email needs to be spammy, or else be on more than one blocklist.
Posted
3 hours ago, newjoiseyboy said:

Oh, I think that's different. I get those to my domain from time to time, that's just your regular crypto threat-phishing email.

But this is addressed to "SpamCop User"
Dear user of spamcop.net!

I am a spyware software developer.
Your account has been hacked by me couple months ago

 

Posted
23 minutes ago, petzl said:

But this is addressed to "SpamCop User"
Dear user of spamcop.net!

I am a spyware software developer.
Your account has been hacked by me couple months ago

 

Yeah, I looked at your link earlier. That's got nothing to do with what I posted. Somebody was trying to get you to send them Bitcoin. They haven't hacked anything.

Posted
3 hours ago, gnarlymarley said:

The blocklist issue with IPs being added that probably shouldn't is why I went from the idea of block it if only any list to SpamAssassin where it blocks it based on a score. Either the email needs to be spammy, or else be on more than one blocklist.

Yeah, maybe I should do that at this point. I don't believe I've ended up blocking legitimate mail before now -- never had this happen with SpamCop before -- but I wanted to put this out there in the event there was an actual security issue, just in case.

Posted

Is this related to the fact that I have not been getting emails from Spamcop for some time now? I checked today and discovered that my email was marked as “bouncing.”

Has there been a recent crackdown on spammy emails? The BSA has had their email messaging system completely blocked from several domains.

Posted

Me too!

Apple is blocking SpamCop emails as well to iCloud accounts.

Any impacted iCloud users are (per the Apple Support advisor I spoke with) encouraged to call also Apple support and let them know, just in case it takes a long time to get Spamcop off the SpamHaus RBL.

Posted
19 minutes ago, crp5591 said:

Me too!

Apple is blocking SpamCop emails as well to iCloud accounts.

Any impacted iCloud users are (per the Apple Support advisor I spoke with) encouraged to call also Apple support and let them know, just in case it takes a long time to get Spamcop off the SpamHaus RBL.

SpamCop's NEW email server IP is not listed in SpamHauas, Apple must have different blocking method?
https://check.spamhaus.org/not_listed/?searchterm=184.94.240.112

Posted (edited)
For Apple, it could be that someone forgot to update their SPF records with the 184.94.240.88 IP to it. It is currently set to a five minutes cache.


;; QUESTION SECTION:
;devnull.spamcop.net. IN TXT

;; ANSWER SECTION:
devnull.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all"


;; QUESTION SECTION:
;bounces.spamcop.net. IN TXT

;; ANSWER SECTION:
bounces.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all"
Edited by gnarlymarley

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...