Setup for abuse dept

[ComCept]

As I report spam for hundreds of mail boxes for our company (they all

come to the same MX servers, but end up at 7 different internal mail

servers) does the new mailhost configuration mean I have to identify

every mail account in our company? If so, it's never going to happen

and I doubt I'm alone. There has to be a way for an abuse dept at a

company to report for the entire company and not just one or two mail

boxes. When an abuse report reaches my desk I pull the raw message

from the mail server logs and post it to Spamcop. How am I supposed

to setup each of the hundreds of mail boxes for this or am I just

misunderstanding something?

One final thing, this forum is VERY hard to read compared to the NNTP news.spamcop.net. Threads don't follow (you have to skip around to find replies) and you can't save posts for easy future reference. Julian, please move this back to a real NNTP reader and dump this or get an NNTP reader like others have that allow both WWW posting/reading and NNTP posting/reading. I read through the posts and didn't see any like this but who knows if I missed one with all the HTML garbage here. Thanks....

Brian Bergin

ComCept Solutions, LLC

[StevenUnderwood]

I don't know about your internal configuration, you will need to test that yourself.

I will tell you that I just got my mailhost configuration setup (Thanks Julian) and I can report sucessfully messages from any of my users. I regularly report for all 5 of our public receive-only addresses. We only have one SMTP server, however, as Lotus Notes does internal transfers and spamcop ignores those.

[Ellen]

As I report spam for hundreds of mail boxes for our company (they all

come to the same MX servers, but end up at 7 different internal mail

servers) does the new mailhost configuration mean I have to identify

every mail account in our company?  If so, it's never going to happen

and I doubt I'm alone.  There has to be a way for an abuse dept at a

company to report for the entire company and not just one or two mail

boxes.  When an abuse report reaches my desk I pull the raw message

from the mail server logs and post it to Spamcop.  How am I supposed

to setup each of the hundreds of mail boxes for this or am I just

misunderstanding something?

One final thing, this forum is VERY hard to read compared to the NNTP news.spamcop.net.  Threads don't follow (you have to skip around to find replies) and you can't save posts for easy future reference.  Julian, please move this back to a real NNTP reader and dump this or get an NNTP reader like others have that allow both WWW posting/reading and NNTP posting/reading.  I read through the posts and didn't see any like this but who knows if I missed one with all the HTML garbage here.  Thanks....

Brian Bergin

ComCept Solutions, LLC

The mailhosts system is designed to identify the mailhosts that a user's mail travels thru to get to them. The idea is that if the system knows what IPs/servers are vaild for a given user then it can determine the correct injection point for the spam rather than reporting the user's own hosts and/or being too accepting and taking forged headers as real. So it it not an issue of mailbox names/email addresses but rather one of what servers does the mail travel thru. Based on my understanding of what you have written below all the mail travels thru the same series of hosts so registering one should handle any mail that you want to report that traveled thru the same hosts.

The way to test whether you have set up mailhosts properly is to set it up for one of those email addresses and then using either copy/paste or forwarding -- whatever you normally do -- run a few messages thru the parser and look at the output. Do *not* use quick submit for several days until you are sure that you are not reporting yourself. It may mean that you have to dump some spam for those few days rather than report it all but it will let you know if you are having a problem.

The nntp newsgroups are still in existence on news.spamcop.net -- the help group is fairly quiet but the spamcop group is as lively as ever :-)

[mrmaxx]

The nntp newsgroups are still in existence on news.spamcop.net -- the help group is fairly quiet but the spamcop group is as lively as ever :-)

Yes, the NNTP newsgroups are still in existence, however, the posts there do not show up here and vice versa. I agree with the OP that it would be really nice to have this "gated" to the newsgroups and vice versa. That way, those of us who prefer the "old" way of accessing the information can do so, and those who can't be bothered to set up a newsreader can do so as well. There's got to be some folks elsewhere using this sort of setup with a bi-directional gateway!

[ComCept]

As I report spam for hundreds of mail boxes for our company (they all

come to the same MX servers, but end up at 7 different internal mail

servers) does the new mailhost configuration mean I have to identify

every mail account in our company?  If so, it's never going to happen

and I doubt I'm alone.  There has to be a way for an abuse dept at a

company to report for the entire company and not just one or two mail

boxes.  When an abuse report reaches my desk I pull the raw message

from the mail server logs and post it to Spamcop.  How am I supposed

to setup each of the hundreds of mail boxes for this or am I just

misunderstanding something?

One final thing, this forum is VERY hard to read compared to the NNTP news.spamcop.net.  Threads don't follow (you have to skip around to find replies) and you can't save posts for easy future reference.  Julian, please move this back to a real NNTP reader and dump this or get an NNTP reader like others have that allow both WWW posting/reading and NNTP posting/reading.  I read through the posts and didn't see any like this but who knows if I missed one with all the HTML garbage here.  Thanks....

Brian Bergin

ComCept Solutions, LLC

The mailhosts system is designed to identify the mailhosts that a user's mail travels thru to get to them. The idea is that if the system knows what IPs/servers are vaild for a given user then it can determine the correct injection point for the spam rather than reporting the user's own hosts and/or being too accepting and taking forged headers as real. So it it not an issue of mailbox names/email addresses but rather one of what servers does the mail travel thru. Based on my understanding of what you have written below all the mail travels thru the same series of hosts so registering one should handle any mail that you want to report that traveled thru the same hosts.

The way to test whether you have set up mailhosts properly is to set it up for one of those email addresses and then using either copy/paste or forwarding -- whatever you normally do -- run a few messages thru the parser and look at the output. Do *not* use quick submit for several days until you are sure that you are not reporting yourself. It may mean that you have to dump some spam for those few days rather than report it all but it will let you know if you are having a problem.

The nntp newsgroups are still in existence on news.spamcop.net -- the help group is fairly quiet but the spamcop group is as lively as ever :-)

You still did NOT answer my question. Are you saying I have to setup everyone of my company's hundred's of accounts to use the mail host feature? It will NEVER happen. I can pretty much guarantee you that no company has the time for their abuse dept to do this. Either you have not thought this through or I'm missing something. Please address the issue I've asked so I can proceed.

[Miss Betsy]

I don't think that you will have to identify all the mail accounts since there are many abuse desks submitting to spamcop.

I think (but since I don't really understand how it works, I am not sure) is that you set up mailhosts for the account you are submitting from. It may possibly be that you would have to identify each of the 7 servers you mentioned. But I don't think that you have to identify each email address. I think that what they are looking for is the servers that serve a particular IP address (or do I mean the domain part after the [at]?). For instance, my hotmail mailhosts has grown to about half a page without any more submissions on my part. Part of the mailhosts registration is to identify the common name (like hotmail or yourcompany.com) and then it identifies the IP addresses that go with that.

HTH

Miss Betsy

[Wazoo]

You still did NOT answer my question. Are you saying I have to setup everyone of my company's hundred's of accounts to use the mail host feature?

Sorry, but yes, Ellen did answer your question (as did Miss Betsy) .. though apparently in language you didn't understand. Here's what you missed;

designed to identify the mailhosts that a user's mail travels thru .... it it not an issue of mailbox names/email addresses but rather one of what servers does the mail travel thru

That said, back to your original post - "come to the same MX servers, but end up at 7 different internal mail servers"

The spefic answer start with however many "MX servers" you're talking about. These are the start of the key. Then we move to the "7 internal servers" that you want to see picked up. So, though still not having the exact number of servers / mailhosts we're taliking about, it's you math here ... 7 internal servers plus how ever many MX servers equals total servers that need to be handled.

[Wazoo]

The nntp newsgroups are still in existence on news.spamcop.net -- the help group is fairly quiet but the spamcop group is as lively as ever :-)

Yes, the NNTP newsgroups are still in existence, however, the posts there do not show up here and vice versa. I agree with the OP that it would be really nice to have this "gated" to the newsgroups and vice versa. That way, those of us who prefer the "old" way of accessing the information can do so, and those who can't be bothered to set up a newsreader can do so as well. There's got to be some folks elsewhere using this sort of setup with a bi-directional gateway!

One of the first issues is that this entire Topic should have been conducted over in http://forum.spamcop.net/forums/index.php?showtopic=723 .. and this is per Julian's request.

Next issue might be "where were you when this specific issue was hotly commented upon over in the newsgroups?" ... Boatloads of commentary, suggestions, even rude remarks were made <g> So, not that a few more posts would have made much difference, but the rumours are, if you check one of the front pages at spamcop.net, you'll see hat there is an alleged "survey" being conducted. Perhpas you want to head on over there and add to the comments that some have already expressed about the NNTP vice / in conjuction with / in leiu of / etc. .. the web-based Forum thing.

[Jeff G.]

The spefic answer start with however many "MX servers" you're talking about.  These are the start of the key.  Then we move to the "7 internal servers" that you want to see picked up.  So, though still not having the exact number of servers / mailhosts we're taliking about, it's you math here ... 7 internal servers plus how ever many MX servers equals total servers that need to be handled.

Please note that "7 internal servers times how ever many MX servers equals total unique confirmation emails that need" to be processed in ComCept's situation (to make sure that ComCept doesn't report any of his internal servers).

[Ellen]

Please note that "7 internal servers times how ever many MX servers equals total unique confirmation emails that need" to be processed in ComCept's situation (to make sure that ComCept doesn't report any of his internal servers).

Um I am not sure that what you say is true actually. Howver the place to start is with *one* mailhosts entry and see what happens from there.

[Jeff G.]

Please note that "7 internal servers times how ever many MX servers equals total unique confirmation emails that need" to be processed in ComCept's situation (to make sure that ComCept doesn't report any of his internal servers).

Um I am not sure that what you say is true actually. Howver the place to start is with *one* mailhosts entry and see what happens from there.

OK, I have reconsidered the logic I was using, after getting some sleep.

Given X internal servers randomly chosen by Y external servers, it is possible to hit all of them with max(X,Y) equally distributed attempts at sending through the external servers, but unlikely. Any of the internal servers that are missed in the initial attempts can be retried through any of the external servers, with a 1/X chance of success.

Practically, if X is 7 and Y is 2, this means that 7 attempts could work, but more would probably be needed. Of course, if the administrative accounts are served by separate internal servers, they would need separate attempts from the normal user account attempts.

[James Cridland]

The nntp newsgroups are still in existence on news.spamcop.net -- the help group is fairly quiet but the spamcop group is as lively as ever :-)

Yes, the NNTP newsgroups are still in existence, however, the posts there do not show up here and vice versa. I agree with the OP that it would be really nice to have this "gated" to the newsgroups and vice versa. That way, those of us who prefer the "old" way of accessing the information can do so, and those who can't be bothered to set up a newsreader can do so as well. There's got to be some folks elsewhere using this sort of setup with a bi-directional gateway!

NewsSync for phpBB

- synchronizes messages between usenet and phpBB

http://www.phpbb.com/phpBB/viewtopic.php?t=121946

Oh, this isn't phpBB, is it? Oops.