trobison Posted March 11, 2004 Share Posted March 11, 2004 Hi, I'm Postmaster for PBS. One of our gateway server, 149.48.192.80, is listed on your blacklist. When I try to figure out why, this is what I get: <<< 149.48.192.80 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 135.8 days. It has been listed for less than 24 hours. In the past week, this system has: Been reported as a source of spam less than 10 times Been detected sending mail to spam traps Been witnessed sending mail about 120 times A sample sent sometime during the 24 hours beginning Wednesday, March 03, 2004 7:00:00 PM -0500: Received: from - (149.48.192.80)- by -.-.org (- - - -.-) with - (- -[at]-.-.com)- - id - Thu, - Mar 2004 - - Subject: the - biggest profit opportunities of - From: of.. at ..t.com >>> How is it that this server gets "reported" as a source of spam? I have combed through the smtp logs on that server and we are not sending any spam to outside email address. This server DOES relay and deliver mail for other PBS servers, though, all of which have an XXXX.pbs.org address (where xxxx are station call letters). While a good chunk of this email is spam, it all goes to an address ending in pbs.org. I think what is happening is someone at one of our stations is reporting spam to Spamcop, and our gateway server is getting blamed as the source, when really it is just the last hop before delivery. Does this make sense? Any help in clarifying why we are listed would be great. One other thing. Documentation says you only block for 48hrs, but the last report show for this server is 4 March, 2004? Is there something else I'm not seeing? Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 11, 2004 Share Posted March 11, 2004 I don't run a mail server so I can't tell you very much. However, the listing says that spam has hit spamtraps so I don't think that it is just a relay problem. This is a suggestion to someone else who couldn't find anything: "Please don't just look at your mailserver's logs of outbound mail traffic (especially including bounces), look also at your firewall's logs of outbound port 25 connections. Thanks!" I don't know whether that will help or not. Someone else who knows more will come along pretty soon. Miss Betsy Link to comment Share on other sites More sharing options...
trobison Posted March 11, 2004 Author Share Posted March 11, 2004 "Been detected sending mail to spam traps" -- how many traps? "Been witnessed sending mail about 120 times" -- this server has sent a heck of a lot more email than 120 in the last week, what does this mean, exactly? Link to comment Share on other sites More sharing options...
Spambo Posted March 11, 2004 Share Posted March 11, 2004 "Been witnessed sending mail about 120 times" -- this server has sent a heck of a lot more email than 120 in the last week, what does this mean, exactly? SpamCop can't track how many emails actually come out of any server it doesn't control, the count indicates how many times a destination mail server has queried the SCBL about the IP. Link to comment Share on other sites More sharing options...
Ellen Posted March 11, 2004 Share Posted March 11, 2004 (If this posts twice my apologies) ... it appears that someone using the "PBS Kids" part of the website sent an email to a spamtrap. Now the reason for the listing is that someone reported an email from "thestreet" that was sent thru your server a few days ago. When the "PBS KIDS" email hit the trap, that plus the previous email were enough to cause a listing for a short time -- the IP has now delisted. Link to comment Share on other sites More sharing options...
trobison Posted March 12, 2004 Author Share Posted March 12, 2004 Thank you for the bit of clarification, Ellen. Just for my information, how would I report an email as spam to Spamcop -- by using a client like spam Control? I'd like to know so I can get the word out to people I deliver email for to not mark PBS email as spam if they are using one of these clients. Link to comment Share on other sites More sharing options...
yourbuddy Posted March 12, 2004 Share Posted March 12, 2004 The thing to do, is tell other ISP's not to use SpamCop. That way, the overly aggresive SpamCop system will not be able to cause harm - or at least be forced to correct the problems associated with the reporting system. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 12, 2004 Share Posted March 12, 2004 the overly aggresive SpamCop system will not be able to cause harm And how does a temporary glitch cause more problems than the hundreds of spam that people can receive daily? at least be forced to correct the problems associated with the reporting system There is no system that catches spam that does not make mistakes. At least with a blocklist there is notification. Miss Betsy Link to comment Share on other sites More sharing options...
Ellen Posted March 12, 2004 Share Posted March 12, 2004 Thank you for the bit of clarification, Ellen. Just for my information, how would I report an email as spam to Spamcop -- by using a client like spam Control? I'd like to know so I can get the word out to people I deliver email for to not mark PBS email as spam if they are using one of these clients. Emails get reported to SpamCop basically 2 ways -- by users who forward or copy/paste their spams to the reporting system and by our spamtraps which are email addresses that don't exist and have never existed and should therefor not be getting mail. While users do sometimes make a mistake -- and we do whap them upside the head with the cluestick for that and cancel accounts of the hard of understanding -- the spamtraps really should never get any mail at all. The listing is sutomated and the details for being listed are here: http://news.spamcop.net/cgi-bin/fom?file=297 The delists are also automatic -- which I should mention is *not* necessarily the case for all other public blocklists. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.