tmuhonnen Posted September 22, 2006 Share Posted September 22, 2006 Hi! I have noticed, that some mail from my whitelist had ended to held folder. It seems, that SpamAssasin operates before whitelist operator, because these messages have been validated as spam by SA. Could the mailing system work in different order and the whitelist rule would come first? Tero Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 22, 2006 Share Posted September 22, 2006 I have noticed, that some mail from my whitelist had ended to held folder. It seems, that SpamAssasin operates before whitelist operator, because these messages have been validated as spam by SA. Could the mailing system work in different order and the whitelist rule would come first? I have had messages whitelisted with high SA scores. I don't have any currently in my inbox, however. When I get home, I will work on finding the most recent example I have. Is it possible that the whitelist entry has problems? Can you post the headers of the message or submit the message for parsing then cancel the report and provide the Tracking URL here so we can see what we are dealing with? Also posting the whitelist entry you have that you think will match may be helpful. Link to comment Share on other sites More sharing options...
tmuhonnen Posted September 22, 2006 Author Share Posted September 22, 2006 Is it possible that the whitelist entry has problems? Can you post the headers of the message or submit the message for parsing then cancel the report and provide the Tracking URL here so we can see what we are dealing with? Also posting the whitelist entry you have that you think will match may be helpful. The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly. Here's a heading from a blocked .fi -message and I can't figure out, why it has been blocked. Return-Path: <johanna.kurela[at]kolumbus.fi> Delivered-To: spamcop-net-tmuhonnen[at]spamcop.net Received: (qmail 23912 invoked from network); 22 Sep 2006 12:24:00 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade1 X-spam-Level: X-spam-Status: hits=0.8 tests=HTML_MESSAGE,J_CHICKENPOX_21,TW_SY,TW_YY version=3.1.1 Received: from unknown (192.168.1.103) by blade1.cesmail.net with QMQP; 22 Sep 2006 12:24:00 -0000 Received: from fe11.mail.saunalahti.fi (62.142.5.26) by mx53.cesmail.net with SMTP; 22 Sep 2006 12:23:48 -0000 Received: from fep01-app.kolumbus.fi (fep01-0.kolumbus.fi [193.229.0.41]) by fe11.mail.saunalahti.fi (Postfix) with ESMTP id 24E436B0002 for <Tero.Muhonen[at]3angle.fi>; Fri, 22 Sep 2006 15:23:48 +0300 (EEST) Received: from yournhtv55f634 ([81.197.18.126]) by fep01-app.kolumbus.fi with SMTP id <20060922122345.FQAC10406.fep01-app.kolumbus.fi[at]yournhtv55f634>; Fri, 22 Sep 2006 15:23:45 +0300 Message-ID: <000901c6de41$f5874000$02ffa8c0[at]yournhtv55f634> From: "Johanna Kurela" <johanna.kurela[at]kolumbus.fi> To: "Heikki Lahelma" <heikki.lahelma[at]luukku.com>, "Ilmari Homanen" <ilmari.homanen[at]kolumbus.fi>, "Pasi Ritoniemi" <pasi.ritoniemi[at]kolumbus.fi>, "Pekka Mauranen" <pekka.mauranen[at]netti.fi>, "Ritva Kivi" <ritva.kivi[at]karjalansivistysseura.fi>, "Sakari Vuoristo" <sakari.vuo[at]phnet.fi>, "Tero Muhonen" <Tero.Muhonen[at]3angle.fi> Subject: Yhteenveto juhlasta Date: Fri, 22 Sep 2006 15:23:49 +0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0005_01C6DE5B.1A78EA80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-SpamCop-Checked: 192.168.1.103 62.142.5.26 193.229.0.41 81.197.18.126 X-SpamCop-Disposition: Blocked list.dsbl.org Link to comment Share on other sites More sharing options...
agsteele Posted September 22, 2006 Share Posted September 22, 2006 spamcop.net' post='48201' date='Sep 22 2006, 02:34 PM']The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly. I may be wrong but I think the entry should be simply fi No * or . That should pick any Email address ending in fi That said, looks like this example was not trapped by SpamAssassion but by a listing in list.dsbl.org Andrew Link to comment Share on other sites More sharing options...
DavidT Posted September 22, 2006 Share Posted September 22, 2006 The entry for the whitelist is *.fi. I can't figure out, why it has been blocked Look at these last two lines: X-SpamCop-Checked: 192.168.1.103 62.142.5.26 193.229.0.41 81.197.18.126 X-SpamCop-Disposition: Blocked list.dsbl.org The last IP on the "Checked" line is listed on the "Open relays" list at DSBL.org, and in your SpamCop email settings, you have selected that list (I recommend against it, as I get false positives with that list). In my SpamCop settings, I don't use the "DSBL open relays" or the "SORBS DNSbl." More important, however, is that you're using a "wildcard" asterisk in your whitelist entry, but you shouldn't. Remove that entry and replace it with this: fi Even if you don't remove the "list.dsbl.org" from your settings, mail sent from that source will be whitelisted, and you'll then see this in the headers: X-SpamCop-Whitelisted: fi One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you? DT Link to comment Share on other sites More sharing options...
Wazoo Posted September 22, 2006 Share Posted September 22, 2006 One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you? Spammers love Forum name = e-mail address .. title changed a time or two, still ignored by many .... SECTION 7 - Change of Username also ignored by many .... I only do requests .... trying to PM these folks ended up having the Forum-sent notifications of a new PM being reported as spam by way too many people ... others would receive my PM, which pointed to the Announcement which pointed to the FAQ and then decide to give Don/Deputies a hard time ... others stated that they "wanted" their address out there in the glare so they would get more spam .... I soon tired of trying to be proactive about this .... Link to comment Share on other sites More sharing options...
DavidT Posted September 22, 2006 Share Posted September 22, 2006 I only do requests Which makes perfect sense. Hopefully, our friend from Finland will be back soon and ask you to change the user name. DT Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 22, 2006 Share Posted September 22, 2006 The entry for the whitelist is *.fi. Finns sell so few spam, that I can handle it personaly. As stated elsewhere, and in the description on the whitelist page, the whitelist entry should be fi Enter a domain or an entire email address on each line. Incoming email addresses are checked against the whitelist starting from the right and working toward the left. That is, if you enter spamcop.net, it will match any email address with spamcop.net at the right, including foo[at]spamcop.net or foo[at]bar.spamcop.net. Link to comment Share on other sites More sharing options...
tmuhonnen Posted September 22, 2006 Author Share Posted September 22, 2006 One more unrelated thing....you've used your actual email address as a forum username, but due to web-crawlers, spammers, etc., that's not a good idea. Perhaps Wazoo (the forum admin) can alter your login to protect you? Thank everyone to find the right form to my whitelist. My spamcop adress is not the final adress I have and the mail goes thru the same filtering as all my public mail will do. I do not consider it as a problem - as long the mail is filtered. Tero Link to comment Share on other sites More sharing options...
DavidT Posted September 22, 2006 Share Posted September 22, 2006 I do not consider it as a problem - as long the mail is filtered. Maybe we're being too subtle. Tero, the reason we recommend that you change your username here is that you will probably receive a LOT more spam at that address if it remains unprotected. No matter how good your filters are, some will get through, so it's wise to take the simple step of asking Wazoo to change your username. DT Link to comment Share on other sites More sharing options...
Wazoo Posted September 22, 2006 Share Posted September 22, 2006 My spamcop adress is not the final adress I have and the mail goes thru the same filtering as all my public mail will do. I do not consider it as a problem - as long the mail is filtered. Hmmmm ... I consider it an issue, that's why the FAQ entry, the Announcement posting ... JT would rather not have the much un-needed extra traffic coming into his servers .... more spam, more filtering, more storage translates into more processing power, more drive space needed to offset the user complaints of 'slow' service .... so I'm suspecting that it's an issue for him also ... Link to comment Share on other sites More sharing options...
Wazoo Posted July 17, 2007 Share Posted July 17, 2007 PM received today I believe I got all the other instances edited. Dear Wazoo! It seems that my mistake - using existing adress as a user name - still exists on the "Posts of this Topics" list: Posts in this topic tmuhonnen[at]spamcop.net spamassasin blocks messages from whitelist Sep 22 2006, 03:46 AM StevenUnderwood Could you remove my address also from the list? I wold be gratefull, because I have tried to clean my operational addresses form the Internet quite hard. tmuhonnen Initial action: finally got around to doing a bit of an update to SECTION 7 - Change of Username .. had meant to this back when I received an 'official' response from IPB staff that adding in code to handle the 'embedded' instances wasn't going to happen. ok, so then went to look for the remaining instances of the previous username in the Topics/Discussions that tmuhonnen was involved with, as the 'underlined description' was not in fact a link. went through all posts, looking for the usual "quoted", the salutations, etc .... couldn't find any that I had missed previously .... so then, started looking at content .... gee whiz .... this topic includes an e-mail header, which includes many e-mail addresses ....ok, so now .. 10 months after the fact ....although the mung action did it's thing here ... should this next edit also include deleting of all the (other prople's exposed) matrerial that has been sitting here all this time? Simply noting that by now, it has also been picked up, indexed, and stored in numerous seravh engine listings/databases ..... PM sent with a ponter to 'here' in Reply. And, while thinking about it, modified the Title/Description of this Topic Link to comment Share on other sites More sharing options...
GrahamIX Posted January 9, 2009 Share Posted January 9, 2009 I have a recurring situation with the Jobserve daily mailing list. I have (a) jobserve.com and ( the actual email address that sends the mailing in my whitelist However, the headers do not show any Whitelisting status, and the SpamAssassin score puts it in the Held Folder. I've also tried running with just jobserve.com in the whitelist, and I have triple checked that jobserve.com is not somehow in my blacklist. FYI, Jobserve is one of the oldest recruitment email newsletters on the Net! My SpamCop setup is: PUBLIC ADDRESS --pop3fetch----> SPAMCOP -------> PRIVATE MAILBOX Return-Path: <srs0=hboqpe=5l=mail.jobserve.com=jobserve.jobsbyemail[at]example> Delivery-Date: Fri, 09 Jan 2009 12:53:03 +0100 Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49]) by mx.kundenserver.de (node=mxeu5) with ESMTP (Nemesis) id 0MKqpg-1LLFvC0Ycg-0004AD for removed; Fri, 09 Jan 2009 12:53:03 +0100 Received: from unknown (HELO beta.cesmail.net) ([192.168.1.150]) by c60.cesmail.net with SMTP; 09 Jan 2009 06:53:01 -0500 Received: (qmail 18383 invoked by uid 0); 9 Jan 2009 11:53:01 -0000 Delivered-To: imnotshowingthis[at]dasdspamcop.net Received: (qmail 10436 invoked from network); 7 Jan 2009 21:45:18 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: ********* X-spam-Status: hits=9.4 tests=FUZZY_MERIDIA,MIME_QP_LONG_LINE,RDNS_NONE, SARE_LWSHORTT,SARE_PROLOSTOCK_SYM3,TVD_STOCK1 version=3.2.4 Received: from unknown (192.168.1.107) by filter7.cesmail.net with QMQP; 7 Jan 2009 21:45:18 -0000 Received: from unknown (HELO fetchmail.cesmail.net) (64.88.168.84) by mx70.cesmail.net with SMTP; 7 Jan 2009 21:45:15 -0000 Delivery-date: Wed, 07 Jan 2009 16:32:49 -0500 Received: from pop.readyhosting.com [65.254.231.80] by fetchmail.cesmail.net with POP3 (fetchmail-6.2.1) for imnotshowingthis[at]gybuybspamcop.net (single-drop); Wed, 07 Jan 2009 16:13:50 -0500 (EST) Received: from impinc01.yourhostingaccount.com ([10.1.13.101] helo=impinc01.yourhostingaccount.com) by mailscan07.yourhostingaccount.com with esmtp (Exim) id 1LKg1A-00046T-KB for removed; Wed, 07 Jan 2009 16:32:48 -0500 Received: from xss9.mail.jobserve.com ([213.246.144.138]) by impinc01.yourhostingaccount.com with NO UCE id 0lYn1b03m2zNlcM02lYoAg; Wed, 07 Jan 2009 16:32:48 -0500 X-EN-OrigIP: 213.246.144.138 X-EN-IMPSID: 0lYn1b03m2zNlcM02lYoAg Date: Wed, 07 Jan 2009 21:32:43 +0000 FROM: "JobServe Subscription" <JobServe.JobsByEmail[at]mail.jobserve.com> TO: removed[at]example Reply-To: "JobServe Subscription" <JobServe.JobsByEmail[at]mail.jobserve.com> X-Priority: 3 X-Mailer: JobServe-XSS.2.0.0 Message-ID: <000848000000ab18b760[at]xss9.mail.jobserve.com> Subject: JobServe UK Subscription : Thursday, 08 January 2009 MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="XSSXSSJOBSERVEXSSXSS000848000000ab18b760" X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=9 Envelope-To: removed Link to comment Share on other sites More sharing options...
DavidT Posted January 9, 2009 Share Posted January 9, 2009 I can't say why the whitelisting isn't working, but I'd suggest a simplification of the excessively complicated path which your mail is taking. You're having it "popped" from an external host using the popmail system, then after it passes through spamcop, forwarded onto somewhere else. Is there any reason that you can't set up a forwarding arrangement at the initial email account that would immediately forward to your SpamCop address? I'm not sure how the whitelist works in interaction with the popmail system. DT Link to comment Share on other sites More sharing options...
agsteele Posted January 9, 2009 Share Posted January 9, 2009 As best as I can tell from the information you've provided the first entry should handle all the incoming mail from the jobs service BUT I have a niggling recollection that the whitelist actually works on the Return Path rather than reply to or from lines. The return path in the example you've provided is very unusual and if my possibly faulty recollection is correct then I'm not sure how you could create a whitelist entry that would work. The Wiki and/or FAQ may be the place to check... Andrew FOLLOW UP: Did a check in the Wiki and I was partially correct but the From line is one of the checked headers. So your whitelist entry should work. You might check your blacklists as well and double check you don't have a conflicting entry there. Link to comment Share on other sites More sharing options...
GrahamIX Posted January 20, 2009 Share Posted January 20, 2009 FOLLOW UP: Did a check in the Wiki and I was partially correct but the From line is one of the checked headers. So your whitelist entry should work. You might check your blacklists as well and double check you don't have a conflicting entry there. I already thought about a possible conflict with the personal blacklist, and emptied it. So no conflict there. The thing that puzzles me is that other addresses which are working as expected, show the correct 'SpamCop Whitelisted' headers, all attempts to do the same for JobServe - no headers. Link to comment Share on other sites More sharing options...
GrahamIX Posted January 21, 2009 Share Posted January 21, 2009 [at]DavidT I switched to using POP to get mail into the SpamCop system because forwarding from the original host was causing problems. SpamCop was identifying my external email host as part of the chain of the message that needed reporting, when all it was doing was delivering to SpamCop. Adding my external provider to the mailhosts within SpamCop didn't seem to fix it at the time. Also, bizarrely, it is ONLY JobServe where I am seeing this problem. I am wondering if there is some other issue between JobServe and SpamCop that is outside of the whitelist? Link to comment Share on other sites More sharing options...
DavidT Posted January 22, 2009 Share Posted January 22, 2009 Adding my external provider to the mailhosts within SpamCop didn't seem to fix it at the time. Then you gave up too quickly on the Mailhosts process. The deputies are ready, willing, and able to help you complete that successfully, and I'd recommend that you give that another try. As to why it's only happening with this one source, I don't know. From what you showed us, I think that they really could use some lessons in how to create non-spammy emails. Look at the scoring on the one you posted: X-spam-Status: hits=9.4 tests=FUZZY_MERIDIA,MIME_QP_LONG_LINE,RDNS_NONE, SARE_LWSHORTT,SARE_PROLOSTOCK_SYM3,TVD_STOCK1 They should have RDNS, they shouldn't have long QP lines, etc....I know that doesn't address your issue, but if they want their messages to be deliverable, they should really learn a thing or two about how to properly configure their email system. DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.