E-mails being sent to Held folder

[swar]

Ok, I'm not a specialist in spam management and don't want to become one. In fact, I am paying a few SpamCop accounts to get rid of this. But since a few days I have a lot of valid email getting stuck in the Held list. Some of these are coming from yahoo, but many others from other sources, including my own server at net4all.ch.

What can I/do I need to do to solve this problem, so that I don't need to go every day and rescue these stuck email from the held list (which as you understand spoils the joy of being at spamcop)?.. Please in simple terms, for a non initiated.

Thanks.

Mariano

Moderator Edit: This post and the following discussion were split out from the Yahoo Blocked monster, made into its own Ropic, which was then moved to the E-mail Account Help forum section.

PM sent to advise of these actions.

[Telarin]

Well, as far as the Yahoo! items go, you could whitelist the addresses that it comes from. I don't know if everything shows up as being from the person that posted it to the group, or from some yahoogroups address myself, but simply whitelisting those FROM addresses that you receive messages from would fix that issue.

For the issue with items being tagged as coming from your own server, we would need some more information. Specifically the headers from those messages that show why spamcop placed them in the Held Mail folder. I would suggest posting them under a new topic however, as that is a seperate issue from the ongoing Yahoo! problems.

[swar]

Thanks for the feedback. When I see valid emails that get stuck, I forward them and whitelist them. But each address is different. I am running a business. I can't expect all my clients to make sure they can email me beforehand...

These false spam emails are mostly stuck because of bl.spamcop.net, so I assume it's because their originating server is blacklisted. How come this just happens all recently? Don't you have a problem with your list?

[petzl]

These false spam emails are mostly stuck because of bl.spamcop.net, so I assume it's because their originating server is blacklisted. How come this just happens all recently? Don't you have a problem with your list?

You could whitelist the domain names yahoo.com/gmail.com and use your email client to set rules to then put these in your own folder (using your clients rules again after in folder to seprater FULL email addresses to a legit folder)

Failing that you can turn off the SCBL using the other blocklists

SpamAssassin will score 1.5 against any email listed on the SCBL which may be enough (combined with other scores) to separate the spam from ham (wanted email)

Although running rogue email servers.

Which will and should end up on the SCBL

Would you use the phone if you had to listen to a 10-second brothel advertisement every time you made a call? This is what spam is likened to most!

That said both Yahoo and Gmail are becoming very popular and being on the SCBL is no good for a business relying on email clients (I personally recommend Hotmail as a superior free service using a 8 or better alphanumeric "handle)

Gmail and Yahoo as and if they continue to conceal spammers need to be blocked (both though may be trying to clean up their act)

[DavidT]

Some of these are coming from yahoo, but many others from other sources, including my own server at net4all.ch.

First, are you speaking of email from people with individual "yahoo.com" email addresses, or about messages from Yahoo!Groups which you are subscribed to? Our answers will be different, depending upon which you mean.

Second, we need the IP address involved in the tagging of mail from your "net4all.ch" server as spam. You should be able to see that in the headers of any items that were put into Held mail, at the end of the line beginning with "X-SpamCop-Checked:" (assuming that the line after that one is "X-SpamCop-Disposition: Blocked bl.spamcop.net").

We can then look up that IP and try to see why it might be on the SCBL. If all the messages that are being forwarded to your SC email address from the "net4all" system are being Held, then you should look at this FAQ page:

http://www.spamcop.net/fom-serve/cache/328.html

I don't seem to be having any problems with the SCBL at the moment.

DT

[swar]

Thanks a lot to all of you for your constructive replies. I now got to understand why gmail accounts were globally held because of specific gmail spammers. I'll try the solutions you mention to avoid missing valid email from clients.

Regarding my personal domain email getting stuck, it's probably one of the net4all servers that got blacklisted. But it's not a big issue, because I have now whitelisted most of my accounts and they are going through.

I'll check carefully what other addresses get stuck and let you know in case I don't find the reason.

Thanks again.

[agsteele]

You can, if you really need to, whitelist a domain rather than individual Email addresses... Of coure that means any spam spoofed from that domain will get through to you. But that may be preferable for your situation.

You have to enter domains manually and the full instructions are present on the relevant page within the webmail interface.

Andrew

[Lukas]

We can then look up that IP and try to see why it might be on the SCBL. If all the messages that are being forwarded to your SC email address from the "net4all" system are being Held, then you should look at this FAQ page:

in this case you might want to cancel the forwarding process and use POP instead.

(Let spamcop POP the mail from your server. Then they don't pass through the forwarding SMTP-server of "net4all")

Lukas

I still wait for the implementation of a new feature to prevent this...

(IP's from my Mailhost-List should never be the reason to tag/hold a message as spam even if they are on the SCBL)

...but I know it's a bit hard to implement.

[Wazoo]

I still wait for the implementation of a new feature to prevent this... (IP's from my Mailhost-List should never be the reason to tag/hold a message as spam even if they are on the SCBL) ...but I know it's a bit hard to implement.

???? and you heard this where?

The MailHost configuration is for your Reporting account, all handled on IronPort's hardware / software in California. Your SpamCop.ne e-mail account is handled on JT's hardware and (bought / installed / maintained / modified) software in a datacenter in Georgia. Even if the MailHost data was shared, what's the purpose? If your spam was filtered at that 'other' address, then you'd probably not be trying to filter it via the SpamCop.net account .. if spam is arriving at that 'other' address, then why would it make a difference if it "came from your ISP" or not?

Maybe I should be sleeping instead of typing???

[DavidT]

If your spam was filtered at that 'other' address, then you'd probably not be trying to filter it via the SpamCop.net account

I have my mail filtered at *both* locations, Wazoo, and if it were possible to have the Mailhost info shared, then this sort of situation could probably be avoided.

DT

[Wazoo]

I have my mail filtered at *both* locations, Wazoo, and if it were possible to have the Mailhost info shared, then this sort of situation could probably be avoided.

Yes, I can see that the 'I'm blocking myself" scenario ... but I was looking at the whole other side.

Brother called, his lady complaining about errors when tryng to read get/read e-mail. He passed on some details, I set up an account to POP his account (leaving stuff on that server) ... was a bit surprised to see only a dozen or so e-mails arrive. Turns out that the issue was that his ISP is using some spam filtering that tosses all suspected spam into a "quarantined" folder. Then an e-mail is generated with a listing of some data (Subject line, date, From:, etc) such that this can be reviewed, e-mails selected for deletion or rescuing, etc. ... None of this stuff counts against the size of his InBox. However, as no one had been 'handling' the spam, these e-mails were over 1Meg each themselves ......

Anyway, it was looking at the spam still making it through to his InBox that then had me wondering ... if was there, then that spam made it to the SpamCop.net account .. that's why I asked "what difference would it make?" .. it's still spam, even though it came 'through' my/his/whatever (MailHosted) e-mail server .... if that (MalHost identified) server was whitelisted, all SpamCop.net filtering would be bypassed ....

Again, I may not know what I'm talking about ....

[DavidT]

his ISP is using some spam filtering that tosses all suspected spam into a "quarantined" folder. Then an e-mail is generated with a listing of some data (Suject line, date, From:, etc) such that this can be reviewed, e-mails selected for deletion or rescuing, etc.

That sounds like they might be using a Barracuda spam Firewall. That's what is being used at my host, so I'm quite familiar with how it works. If that's the case, I'd recommend disabling the quarantine function (individual users can log in to the Barracuda and change their settings), allowing the messages to be instead tagged and passed along, assuming that they're headed for a SpamCop mailbox.

Anyway, it was looking at the spam still making it through to his InBox that then had me wondering ... if was there, then that spam made it to the SpamCop.net account .. that's why I asked "what difference would it make?" .. it's still spam, even though it came 'through' my/his/whatever (MailHosted) e-mail server .... if that (MalHost identified) server was whitelisted, all SpamCop.net filtering would be bypassed ....

I don't think we're talking about whitelisting all the individual messages, but only *not* to block all of them on the grounds of the possible SCBL listing of that particular server. I think that's a distinction with a difference. Other SpamCop filtering actions should then be applied to the incoming traffic, such as SpamAssassin, other blocklists, and even SCBL checks on all but the final Mailhost, which would be exempted.

DT

[StevenUnderwood]

Other SpamCop filtering actions should then be applied to the incoming traffic, such as SpamAssassin, other blocklists, and even SCBL checks on all but the final Mailhost, which would be exempted.

The only trouble is it can not be excluded by the final mailhost because there could be multiple forwarding services involved for any specific message that could all be listed. The current system stops if it finds a match to one of the bl's. The change would require that if a match is found and the message is not on the existing whitelist, to then check if it is also in the mailhost list. If mailhost match is found, checking would need to resume looking for the next match (on that IP then the next IPs) and continue.

This is not impossible to perform this check, just unlikely, I think.

[Lukas]

I still wait for the implementation of a new feature to prevent this... (IP's from my Mailhost-List should never be the reason to tag/hold a message as spam even if they are on the SCBL) ...but I know it's a bit hard to implement.

???? and you heard this where?

I didn't hear it. I just hope for implementation. (and therefore mention it once a year...)

My ISP's mailservers are on the SCBL from time to time. If this occurs my mails aren't filtered any more. (They are simply all held as spam because they contain a listed IP)

Whitelisting this IP wouldn't help either (causing all mails to be whitelisted)

But I'd like the mails just to be filtered normally, ignoring this specific IP.

A new kind of 'ignore-IP-list' would be needed. (IP's not to be checked against blacklists and to be ignored in the whole process - I could also enter them manually allthough they might be identical to my mailhost list.)

As StevenUnderwood mentioned, not impossible to implement...

(better check the ignore-list first)

In fact this could even save some time in the whole process of checking: the IP's of my ignore-list (to be checked in this rather short new list) won't be checked against the (very big and slow ) SCBL any more.

Lukas

[elind]

Ok, I'm not a specialist in spam management and don't want to become one. In fact, I am paying a few SpamCop accounts to get rid of this. But since a few days I have a lot of valid email getting stuck in the Held list. Some of these are coming from yahoo, but many others from other sources, including my own server at net4all.ch.

What can I/do I need to do to solve this problem, so that I don't need to go every day and rescue these stuck email from the held list (which as you understand spoils the joy of being at spamcop)?.. Please in simple terms, for a non initiated.

I have used spamcop for perhaps 5 years now and I'm not an expert on this either, but very recently essentially all valid email has been held by "dnsbl.sorbs.net" until specifically whitelisted. Many such emails were previously passed through without problem. I've tried looking up my ISP (Road Runner) per the help FAQ, but can't find anything suspicious. This is getting annoying and something has been changed, but what?

PS. As always before, regardless of my login settings, I never get notices of relies to my posts in this forum, which means I have to make a note of where and when to follow up.

[Wazoo]

but very recently essentially all valid email has been held by "dnsbl.sorbs.net" until specifically whitelisted. Many such emails were previously passed through without problem. I've tried looking up my ISP (Road Runner) per the help FAQ, but can't find anything suspicious. This is getting annoying and something has been changed, but what?

I'm not quite following the flow ... Sorbs is a very different BL, but you don't say (or I simply can't read) that you investigated 'there' ....?????

PS. As always before, regardless of my login settings, I never get notices of relies to my posts in this forum, which means I have to make a note of where and when to follow up.

And I'll yet again reference the Forum FAQ where I included a reference/explantion of some of the 'Subscription options" ... I cannot recall you ever responding to the previous incantations of this ....

My last one http://forum.spamcop.net/forums/index.php?...ost&p=47322

Prior to that http://forum.spamcop.net/forums/index.php?...ost&p=31198

Prior to that: http://forum.spamcop.net/forums/index.php?...ost&p=23370

... and: http://forum.spamcop.net/forums/index.php?...ost&p=23396 and this Topic did include a bit of a response, just no specific data ....

[StevenUnderwood]

very recently essentially all valid email has been held by "dnsbl.sorbs.net" until specifically whitelisted.

Basically, it usually means that one of the systems that your email passes through is listed on the stated list. A way around it is to remove that list from your checking, though that will possibly let more spam through.

There is an explaination of the various headers in the FAQ.

If you want us to help you read your headers to determine why these messages were held, you will need to help us by providing the headers. Specifically, the X-spam-* and X-SpamCop-* headers.

For instance:

X-spam-Checker-Version:

X-spam-Level:

X-spam-Status:

X-SpamCop-Reply-Ids:

X-Spamcop-Return-Path:

X-SpamCop-Checked:

X-SpamCop-Whitelisted:

[DavidT]

A quick little response from another SC email user -- I tried having the "dnsbl.sorbs.net" selected as one of my blacklists, but that one seems to cause too many false positives. I recommend simply "un-selecting" it in your Options.

DT

[elind]

Basically, it usually means that one of the systems that your email passes through is listed on the stated list. A way around it is to remove that list from your checking, though that will possibly let more spam through.

There is an explaination of the various headers in the FAQ.

If you want us to help you read your headers to determine why these messages were held, you will need to help us by providing the headers. Specifically, the X-spam-* and X-SpamCop-* headers.

For instance:

X-spam-Checker-Version:

X-spam-Level:

X-spam-Status:

X-SpamCop-Reply-Ids:

X-Spamcop-Return-Path:

X-SpamCop-Checked:

X-SpamCop-Whitelisted:

Thank you. As I said, I'm not an expert on this and I'm not sure what dns.sorbs is, I thought it was part of spamcop, but I know I haven't changed any settings for years and I did try to follow the x-spamcop suggestion above per the FAQ, but the IP came up as unknown, if I did it right.

The point is, is Road Runner likely to be on any hit list? Why has this started just the past month or so?

I'll try to find a header and submit it, but I'm out for a week now. Thanks for the offer.

[DavidT]

The point is, is Road Runner likely to be on any hit list?

Yes, I think so, because of the dynamic IPs and the tendency of broadband connected computers to get infected and spew spam 24/7.

DT

[Wazoo]

Thank you. As I said, I'm not an expert on this and I'm not sure what dns.sorbs is, I thought it was part of spamcop, but I know I haven't changed any settings for years and I did try to follow the x-spamcop suggestion above per the FAQ, but the IP came up as unknown, if I did it right.

The point is, is Road Runner likely to be on any hit list? Why has this started just the past month or so?

I'll try to find a header and submit it, but I'm out for a week now. Thanks for the offer.

And yet again .... nothing about the "notification" options selected .....

Somebody else want to "quote" my last to rule out the possibility that elind has decided to 'ignore' this lowly admin ...?????

[DavidT]

Hey "elind" - did you read this post from Wazoo?

but very recently essentially all valid email has been held by "dnsbl.sorbs.net" until specifically whitelisted. Many such emails were previously passed through without problem. I've tried looking up my ISP (Road Runner) per the help FAQ, but can't find anything suspicious. This is getting annoying and something has been changed, but what?

I'm not quite following the flow ... Sorbs is a very different BL, but you don't say (or I simply can't read) that you investigated 'there' ....?????

PS. As always before, regardless of my login settings, I never get notices of relies to my posts in this forum, which means I have to make a note of where and when to follow up.

And I'll yet again reference the Forum FAQ where I included a reference/explantion of some of the 'Subscription options" ... I cannot recall you ever responding to the previous incantations of this ....

My last one http://forum.spamcop.net/forums/index.php?...ost&p=47322

Prior to that http://forum.spamcop.net/forums/index.php?...ost&p=31198

Prior to that: http://forum.spamcop.net/forums/index.php?...ost&p=23370

... and: http://forum.spamcop.net/forums/index.php?...ost&p=23396 and this Topic did onclude a bit of a response, just no specific data ....

[Wazoo]

Hey "elind" - did you read this post from Wazoo?

Nope ....

Yet, raises the issue yet again at http://forum.spamcop.net/forums/index.php?showtopic=8032