Jump to content

SourceForge


rayvd

Recommended Posts

SF's mail servers seem to keep getting listed (second time now in two weeks). Are they actually generating legit spam or is someone misreporting this?

I guess I can add their servers myself to my mail server's exclusion list.

Link to comment
Share on other sites

Hard to say with no data provided. Do you have a bounce message, or perhaps an IP address that we could use to look them up?

41670[/snapback]

Unfortunately, no bounce message. Only knew something was wrong because I hadn't gotten any SF.net mail in a long time. Finally they came pouring through and one of the admins on the list mentioned that SF had been listed on SpamCop.

Here's one of the IP's that appears to be the final SF SMTP server in the link... probably there are more: 66.35.250.225

Return-Path: <opennms-discuss-admin[at]lists.sourceforge.net>
X-Original-To: rayvd[at]localhost
Delivered-To: rayvd[at]localhost.digitalpath.net
Received: from mail.digitalpath.net (localhost [127.0.0.1])
        by keenpal.digitalpath.net (Postfix) with ESMTP id 9571E45C42F
        for <rayvd[at]localhost>; Wed, 29 Mar 2006 23:43:00 -0800 (PST)
Delivered-To: rayvd[at]digitalpath.net
Received: (qmail 15163 invoked by uid 1542); 30 Mar 2006 07:42:52 -0000
Received: by simscan 1.1.0 ppid: 15160, pid: 15161, t: 0.0284s
         scanners: clamav: 0.87.1/m:34/d:1162
Received: from unknown (HELO lists-outbound.sourceforge.net) (66.35.250.225)
  by chico-smtp2.digitalpath.net with SMTP; 30 Mar 2006 07:42:52 -0000
Received-SPF: pass (chico-smtp2.digitalpath.net: SPF record at lists.sourceforge.net designates 66.35.250.225 as permitted sender)
Received: from sc8-sf-list2-b.sourceforge.net (sc8-sf-list2-b.sourceforge.net [10.3.1.8])
        by sc8-sf-spam2.sourceforge.net (Postfix) with ESMTP
        id 43F1C12540; Wed, 29 Mar 2006 16:07:09 -0800 (PST)
Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.91] helo=mail.sourceforge.net)
        by sc8-sf-list2.sourceforge.net with esmtp (Exim 4.30)
        id 1FOkga-00066B-6C; Wed, 29 Mar 2006 16:06:48 -0800

And here are a couple entries from my server's mail logs:

2006-03-30 08:01:10.750875500 tcpserver: pid 28182 from 66.35.250.225
2006-03-30 08:01:10.750877500 tcpserver: ok 28182 chico-smtp2.digitalpath.net:65.164.104.15:25 :66.35.250.225::43454
2006-03-30 08:01:10.752699500 rblsmtpd: 66.35.250.225 pid 28182: 451 Blocked - see http://www.spamcop.net/bl.shtml?66.35.250.225
2006-03-30 08:02:36.953296500 tcpserver: pid 28838 from 66.35.250.225
2006-03-30 08:02:36.953297500 tcpserver: ok 28838 chico-smtp2.digitalpath.net:65.164.104.15:25 :66.35.250.225::57065
2006-03-30 08:02:36.953796500 rblsmtpd: 66.35.250.225 pid 28838: 451 Blocked - see http://www.spamcop.net/bl.shtml?66.35.250.225

Link to comment
Share on other sites

You might want to take this up with SourceForge as that server is being used to spam many people:

Looks like regular list stuff and spam......

--------------------------------------------------------------------------------

Submitted: Thursday, March 30, 2006 5:43:57 AM -0500:

Padict-developer digest, Vol 1 #421 - 6 msgs

1704534916 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, March 27, 2006 4:22:26 AM -0500:

[Proftpd-mirrors] Borland Delphi 2005 Architect Edition

1701638643 ( http://mahaboned.com/?gmc ) To: i-shikhov#list.ru[at]devnull.spamcop.net

1701638635 ( http://mahaboned.com/?gmc ) To: info[at]in-telecom.ru

1701638632 ( http://mahaboned.com/?gmc ) To: postmaster#in-telecom.ru[at]devnull.spamcop.net

1701638623 ( http://mahaboned.com/?gmc ) To: abuse[at]relcom.net

1701638612 ( 69.55.65.181 ) To: spamcop[at]imaphost.com

1701638600 ( 69.55.65.181 ) To: abuse[at]netsville.com

1701638594 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:35:37 PM -0500:

[Lesstif-discuss] =?GB2312?B?0OO/zcqxydDG3M+izfjUvMT6ubLP7cqxydDc9t3N?=

1700222999 ( http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110... ) To: abuse[at]internap.com

1700222997 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

1700222991 ( 60.177.2.241 ) To: spamcop[at]imaphost.com

1700222987 ( http://www.annshow.com ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net

1700222986 ( 60.177.2.241 ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net

1700222983 ( http://www.annshow.com ) To: master[at]dcb.hz.zj.cn

1700222981 ( 60.177.2.241 ) To: master[at]dcb.hz.zj.cn

1700222978 ( http://www.annshow.com ) To: antispam[at]dcb.hz.zj.cn

1700222977 ( 60.177.2.241 ) To: antispam[at]dcb.hz.zj.cn

1700222975 ( http://www.annshow.com ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net

1700222974 ( 60.177.2.241 ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net

1700222972 ( http://www.annshow.com ) To: anti_spam[at]mail.nbptt.zj.cn

1700222971 ( 60.177.2.241 ) To: anti_spam[at]mail.nbptt.zj.cn

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:35:33 PM -0500:

[Lesstif-discuss] =?GB2312?B?0OO/zcqxydDG3M+izfjUvMT6ubLP7cqxydDc9t3N?=

1700222861 ( http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110... ) To: abuse[at]internap.com

1700222860 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

1700222859 ( 60.177.2.241 ) To: spamcop[at]imaphost.com

1700222858 ( http://www.annshow.com ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net

1700222857 ( 60.177.2.241 ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net

1700222856 ( http://www.annshow.com ) To: master[at]dcb.hz.zj.cn

1700222855 ( 60.177.2.241 ) To: master[at]dcb.hz.zj.cn

1700222854 ( http://www.annshow.com ) To: antispam[at]dcb.hz.zj.cn

1700222853 ( 60.177.2.241 ) To: antispam[at]dcb.hz.zj.cn

1700222852 ( http://www.annshow.com ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net

1700222851 ( 60.177.2.241 ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net

1700222845 ( http://www.annshow.com ) To: anti_spam[at]mail.nbptt.zj.cn

1700222844 ( 60.177.2.241 ) To: anti_spam[at]mail.nbptt.zj.cn

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:25:09 PM -0500:

[Lesstif-discuss] Intending Partner

1700220509 ( 84.76.172.150 ) To: spamcop[at]imaphost.com

1700220508 ( 84.76.172.150 ) To: abuse[at]ya.com

1700220507 ( 84.76.172.150 ) To: postmaster#ya.com[at]devnull.spamcop.net

1700220506 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

Submitted: Wednesday, March 22, 2006 5:50:49 AM -0500:

Padict-developer digest, Vol 1 #414 - 9 msgs

1696919883 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Tuesday, March 21, 2006 1:11:19 PM -0500:

**spam** ***HTML***[MiKTeX] Fw: hey

1696270215 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

1696270214 ( 195.97.101.154 ) To: spamcop[at]imaphost.com

1696270212 ( 195.97.101.154 ) To: postmaster[at]hol.gr

1696270211 ( 195.97.101.154 ) To: abuse[at]hol.gr

1696270208 ( 12.152.184.25 ) To: abuse[at]att.net

--------------------------------------------------------------------------------

Submitted: Sunday, March 19, 2006 3:01:04 PM -0500:

Padict-developer digest, Vol 1 #410 - 2 msgs

1694501819 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

Link to comment
Share on other sites

I think its a safe bet that you won't get an exception for a Savvis IP address considering they don't accept spamcop reports at all.

It looks like sourceforge needs to figure out why they aren't receiving spamcop reports, and if they are, they need to be acting on them.

For users that they can prove subscribed to their mailing list, they can report them back to spamcop for sending false spam reports. I don't know whether they use a confirmed opt-in system or not, but that would be the only way they could prove that a user really subscribed their own email address.

Once their sure their subscription process is relatively bullet-proof, they need to make sure that they respond quickly to abuse reports that spamcop users submit.

If they have a good abuse report handling system, they shouldn't have any trouble avoiding future listings.

They should also make sure that their mail list software adds the submitting users IP address as a Received From: header so that spamcop can trace beyond the SourceForge mail server.

Link to comment
Share on other sites

List members shouldn't be using SpamCop to report spam sent to the lists that they read.

41679[/snapback]

However, there are also spamtrap hits in that listing so it not completely bogus:

66.35.250.225 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Link to comment
Share on other sites

The crux of the problem though is that SF does not respond quickly to SpamCop complaints?

I notice that the contact addresses for this IP appear to all end up going to savvis instead of SourceForge. Maybe SourceForge isn't even being notified?

Link to comment
Share on other sites

SF's mail servers seem to keep getting listed (second time now in two weeks).  Are they actually generating legit spam or is someone misreporting this?

I guess I can add their servers myself to my mail server's exclusion list.

41669[/snapback]

Without an IP to work with?

If a mail server is getting added to SCBL it mainly means they are not configured correctly SpamCop will on a properly configured mail sever only block the personal computer sending the spam.

Improperly configured is where a mail server bounces to Spamtrap addresses and or does not stamp the originating IP address

12.152.184.25 goes to abuse[at]att.net? the others

66.35.250.225 66.35.250.206 66.35.250.223

do not have a working abuse address.

It would help if they had a abuse address

They are also being added to other blocklists

Link to comment
Share on other sites

The crux of the problem though is that SF does not respond quickly to SpamCop complaints?

I notice that the contact addresses for this IP appear to all end up going to savvis instead of SourceForge.  Maybe SourceForge isn't even being notified?

41684[/snapback]

The crux seems to be that they are not responding at all because they (or their upstream) are refusing SpamCop reports.

It would also appear that spam is being sent to and therefore through the lists and that the original sending IP is not being identified in the headers. Therefore the SpamCop algorithm stops at the last reliable link in the chain which is the listserver and identifies that as the source.

See the very long otherthread about Gmail which has the same problem.

The SpamTrap hits are a worry though as, according to the page you pointed us to, SourceForge does use confirmed opt-in. Maybe you could suggest they contact deputies[at]spamcop.net and find out what is hitting the traps.

As regards the large volume of system traffic that is being reported, there's little they can do to 'report the reporter' to SpamCop if they refuse the reports in the first place (if that makes sense :D )

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...