btech Posted January 5, 2007 Share Posted January 5, 2007 Since the update, I noticed that there are some odd occurances when I manually look up a spamvertized link. Parsing input: super-Raffle.com Host super-raffle.com (checking ip) = 194.54.31.40 host 194.54.31.40 (getting name) no name Host super-raffle.com (checking ip) = 194.54.31.40 host 194.54.31.40 (getting name) no name [report history] Routing details for 24.215.134.33 [refresh/show] Cached whois for 24.215.134.33 : abuse[at]abuse.earthlink.net Using abuse net on abuse[at]abuse.earthlink.net abuse net abuse.earthlink.net = abuse[at]abuse.earthlink.net Using best contacts abuse[at]abuse.earthlink.net Statistics: 24.215.134.33 not listed in bl.spamcop.net More Information.. 24.215.134.33 not listed in dnsbl.njabl.org 24.215.134.33 not listed in dnsbl.njabl.org 24.215.134.33 not listed in cbl.abuseat.org 24.215.134.33 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 24.215.134.33 not listed in relays.ordb.org. Reporting addresses: abuse[at]abuse.earthlink.net The spammer is using DNS tricks, because that destination IP and address changes everytime you check it: http://www.dnsstuff.com/tools/tracert.ch?ip=super-Raffle.com But the parser shows 194.54.31.40 as the address and then looks up the abuse information for 24.215.134.33. I did the look up 5 times and came across this error (albeit different IP addresses) 2 times. Link to comment Share on other sites More sharing options...
Wazoo Posted January 5, 2007 Share Posted January 5, 2007 Since the update, I noticed that there are some odd occurances when I manually look up a spamvertized link. I'll ask .... what update? IronPort doesn't talk to me, the only thing stated in a newsgroup post by Ellen was a 'maintenance window' ..... and the only 'public' data showing hasn't changed ... From my record keeping file; 10 Oct 2006 - SpamCop v 1.600 Copyright ? 1998-2006 15 Nov 2006 - SpamCop v 1.603 Copyright ? 1998-2006 07 Dec 2006 - SpamCop v #612 Copyright © 1998-2006 This last is still showing in a parse done a few minutes ago ... Link to comment Share on other sites More sharing options...
btech Posted January 5, 2007 Author Share Posted January 5, 2007 I assumed v #612 was the reason for the maintenance yesterday, because I noticed it was v #611 prior. Link to comment Share on other sites More sharing options...
Wazoo Posted January 5, 2007 Share Posted January 5, 2007 I assumed v #612 was the reason for the maintenance yesterday, because I noticed it was v #611 prior. Have no idea on how to respond to that actually .... I believe that there are multiple systems in use, and apparently not all running the same codebase at all times. On the other hand, I don't report spam myself through SpamCop.net for the most part, so it's usually when I'm working on someone else's issue and I'll follow their provided Tracking URL to see what's happening. The first thing I look at is the version number, and if it's changed, I make a note of that and add it to my little database. Issues/problems with a 'new' version have in fact caused a couple of 'rollbacks' when I pointed them out. As noted in my list, the jumps in version numbers are rather significant ... this last one really catching my eye due to the changed numbering scheme. On the other hand, I can state that I never saw version #611 .. and that the #612 showed up last month and has been what I've seen since .... again, perhaps luck of the draw on just what (parsing) server is hit, I do not know. It's more than a bit frustrating in that no one from IronPort says anything here or in the newsgroups ... and the "engineering reports" have been described as technical mumbo-jumbo by the paid-staff that do receive that bit of data ... and of course, none of that info is passed out either .... So, as has been the case since Julian first started this thing, 'how it works' has been an exercise in noting just what happens when and where, then trying to figure out why / how something changed .... in this last but of 'maintenance window' it appears that major code has been changed and the network exchange of some critical data is not happening for some reason .... and that 'guess' comes from wearing that systems analyst hat and applying lessons learned over the years elsewhere to the results being displayed/complained about currently .... Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted January 5, 2007 Share Posted January 5, 2007 I assumed v #612 was the reason for the maintenance yesterday, because I noticed it was v #611 prior.The maintenance window was for a hardware upgrade. The new releases don't require taking down the system. We just publish the new code and there it is. Anyway, the hardware upgrade turned on the IT guys somehow, and they were forced to quit and run away. During all this, a database was disabled somehow, which has been causing all sorts of parse and lookup goofiness, he said with his best technical voice. Sorry for all the trouble. The database is back on line now and things are back to normal. - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
Wazoo Posted January 5, 2007 Share Posted January 5, 2007 database issues .... Report History issues - Ellen says it's being worked BL data issues - possibly working as intended now and now the latest .. with confirmation .... MailHost database issues Edit: see that Don posted while I was composing this one ..... but will leave it in place ... Link to comment Share on other sites More sharing options...
Wazoo Posted January 5, 2007 Share Posted January 5, 2007 Feedback provided by another user, offering up data as received from Ellen .... yet another affirmation of my 'guess' <g> Link to comment Share on other sites More sharing options...
btech Posted January 5, 2007 Author Share Posted January 5, 2007 ahhh that explains it. Thanks Don. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.