Jump to content

Incorrect listing


trobison

Recommended Posts

Hi, I'm Postmaster for PBS. One of our gateway server, 149.48.192.80, is listed on your blacklist. When I try to figure out why, this is what I get:

<<<

149.48.192.80 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 135.8 days. It has been listed for less than 24 hours.

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 120 times

A sample sent sometime during the 24 hours beginning Wednesday, March 03, 2004 7:00:00 PM -0500:

Received: from - (149.48.192.80)-

by -.-.org (- - - -.-) with -

(- -[at]-.-.com)-

- id - Thu, - Mar 2004 - -

Subject: the - biggest profit opportunities of -

From: of.. at ..t.com

>>>

How is it that this server gets "reported" as a source of spam? I have combed through the smtp logs on that server and we are not sending any spam to outside email address. This server DOES relay and deliver mail for other PBS servers, though, all of which have an XXXX.pbs.org address (where xxxx are station call letters). While a good chunk of this email is spam, it all goes to an address ending in pbs.org.

I think what is happening is someone at one of our stations is reporting spam to Spamcop, and our gateway server is getting blamed as the source, when really it is just the last hop before delivery. Does this make sense? Any help in clarifying why we are listed would be great.

One other thing. Documentation says you only block for 48hrs, but the last report show for this server is 4 March, 2004? Is there something else I'm not seeing?

Link to comment
Share on other sites

I don't run a mail server so I can't tell you very much. However, the listing says that spam has hit spamtraps so I don't think that it is just a relay problem.

This is a suggestion to someone else who couldn't find anything: "Please don't just look at your mailserver's logs of outbound mail traffic (especially including bounces), look also at your firewall's logs of outbound port 25 connections. Thanks!"

I don't know whether that will help or not. Someone else who knows more will come along pretty soon.

Miss Betsy

Link to comment
Share on other sites

"Been witnessed sending mail about 120 times"  -- this server has sent a heck of a lot more email than 120 in the last week, what does this mean, exactly?

SpamCop can't track how many emails actually come out of any server it doesn't control, the count indicates how many times a destination mail server has queried the SCBL about the IP.

Link to comment
Share on other sites

(If this posts twice my apologies) ... it appears that someone using the "PBS Kids" part of the website sent an email to a spamtrap. Now the reason for the listing is that someone reported an email from "thestreet" that was sent thru your server a few days ago. When the "PBS KIDS" email hit the trap, that plus the previous email were enough to cause a listing for a short time -- the IP has now delisted.

Link to comment
Share on other sites

Thank you for the bit of clarification, Ellen. Just for my information, how would I report an email as spam to Spamcop -- by using a client like spam Control? I'd like to know so I can get the word out to people I deliver email for to not mark PBS email as spam if they are using one of these clients.

Link to comment
Share on other sites

the overly aggresive SpamCop system will not

be able to cause harm

And how does a temporary glitch cause more problems than the hundreds of spam that people can receive daily?

at least be forced to correct

the problems associated with the reporting system

There is no system that catches spam that does not make mistakes. At least with a blocklist there is notification.

Miss Betsy

Link to comment
Share on other sites

Thank you for the bit of clarification, Ellen.  Just for my information, how would I report an email as spam to Spamcop -- by using a client like spam Control?  I'd like to know so I can get the word out to people I deliver email for to not mark PBS email as spam if they are using one of these clients.

Emails get reported to SpamCop basically 2 ways -- by users who forward or copy/paste their spams to the reporting system and by our spamtraps which are email addresses that don't exist and have never existed and should therefor not be getting mail. While users do sometimes make a mistake -- and we do whap them upside the head with the cluestick for that and cancel accounts of the hard of understanding -- the spamtraps really should never get any mail at all.

The listing is sutomated and the details for being listed are here:

http://news.spamcop.net/cgi-bin/fom?file=297

The delists are also automatic -- which I should mention is *not* necessarily the case for all other public blocklists.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...