martind Posted April 7, 2004 Share Posted April 7, 2004 I subscribe to an academic e-mail list hosted at world.std.com messages to this list get trapped by SpamCop in my Held Mail list. What I want to do is apply a filter such that any messages sent to me where the to: address field is system-dynamics[at]world.std.com is passed to my Inbox. Can I/How do I do this? Messages sent to the address come from many different 'from' addresses (potentially any member of the list) At present the only way I've found is to white list each individual from address when I detect messages on the Held List. The danger is because I receive so much spam that I might inadvertently mis-report a proper message to the list as spam. Any help or advice much appreciated - Thanks. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 7, 2004 Share Posted April 7, 2004 1. A filter will only work if/when you log into the webmail system so it may not be the best answer for you. I don't know if you are aware of this, but enough people have asked that question that I wanted to get it out of the way first. 2. To create a filter, Open webmail and click the Filter option then click the Edit your filter rules link. *Note*: The stop processing checkmark means no further processing of any message and or filter will occur. That has also been the topic of many questions. 3. You should be able to whitelist most lists by adding the Return-Path: address of the list, where you would send your submissions to. It is supposed to check that field as well. Link to comment Share on other sites More sharing options...
Jeff G. Posted April 9, 2004 Share Posted April 9, 2004 From http://www.spamcop.net/fom-serve/cache/306.html: How do I whitelist yahoo groups? Yahoo Groups mail should have a Return-Path header that looks like ...[at]returns.groups.yahoo.com In order to pass all Yahoo Groups mail through to your inbox, add "returns.groups.yahoo.com" (without the quotes) to your whitelist. If whitelisting the Return-Path of those academic e-mail list messages does not work for you, please post the headers from two of those messages you'd like to whitelist (so that we can help you determine which parts of the addresses are static and which parts are dynamic), along with the address that you attempted to whitelist. Link to comment Share on other sites More sharing options...
martind Posted April 24, 2004 Author Share Posted April 24, 2004 Hi - about 1-3% of spam messages I receive are getting through the SpamCop filters; instead of being trapped in Held Mail they end up in my In Box. Looking at the headers for these messages they have a common feature - they all include the first part of my main e-mail address in the From field [forged naturally]. For example assume my e-mail address was donald.duck[at]quack.com the header for the spam message would show something like: From: donald.duck[145.45.89.1] etc. It's as if because the From: includes part of my e-mail address it evades the SpamCop filter. Is this a known problem or limitation of the SpamCop filters and/or is there something I should be doing by way of settings to avoid this problem? I've already been through and set up the various Mailhosts settings for the addresses and accounts I use. With thanks in anticipation of your help. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 24, 2004 Share Posted April 24, 2004 1. Try adjusting your spam filters by adding more blocklists or adjusting spamassasin setting lower, keeping in mind that more legitimate messages will be caught with more stringent settings. 2. If you want to know why a particular message made it through the blocklist, look at the X-spam-* and X-Spamcop-* headers which are added by spamcop at the bottom of the headers. If you don't understand them, post them here. Link to comment Share on other sites More sharing options...
martind Posted April 24, 2004 Author Share Posted April 24, 2004 Many thanks ... will do Link to comment Share on other sites More sharing options...
martind Posted April 24, 2004 Author Share Posted April 24, 2004 Example Message 1 - Headers. This one made it to my In Box ... X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: * X-spam-Status: hits=1.5 tests=DATE_IN_PAST_06_12,HTML_40_50, HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_MESSAGE, MIME_HTML_ONLY version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 200.75.98.183 200.75.98.183 Not sure what this means Link to comment Share on other sites More sharing options...
martind Posted April 24, 2004 Author Share Posted April 24, 2004 Example Message 2 - this one made it to my In Box Headers ... X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 82.160.40.66 looks like this one has 'tests=none'. Does that mean it was able to evade any incoming SpamCop tests? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 24, 2004 Share Posted April 24, 2004 Message 1: X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: * X-spam-Status: hits=1.5 tests=DATE_IN_PAST_06_12,HTML_40_50, HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_MESSAGE, MIME_HTML_ONLY version=2.63 Spamassasin assigned a 1.5 to this message. If your spamassasin setting were set to 1 (not recommended), it would have been caught. X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 200.75.98.183 200.75.98.183 I checked all of these hosts and at this time, none of them are on the bl. The last two (the source end) of them have "history" though and reporting may get them back on the list. You can check them yourself at: http://www.spamcop.net/bl.shtml Message 2: X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 I have never noticed the test=none. The only guess I could provide is that this was a spam with no body, so nothing to check. X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 82.160.40.66 Again, all of these hosts are currently not listed. In fact the source is not known to spamcop at all. There was no reason for spamcop mail system to hold these messages as there have not been enough reports at the IP's and the body did not trip enough of the tests for them to be held. Link to comment Share on other sites More sharing options...
martind Posted April 24, 2004 Author Share Posted April 24, 2004 many thanks Steve - beginning to understand how SpamCop does its stuff now! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 24, 2004 Share Posted April 24, 2004 That's why I hang around Link to comment Share on other sites More sharing options...
martind Posted April 25, 2004 Author Share Posted April 25, 2004 I've had other spam messages reaching my Inbox with the 'tests=none' header that do have a message body. Any ideas what might cause this? Should I post an example of such a message in the forum or report it in some special way? Message 2: QUOTE X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 I have never noticed the test=none. The only guess I could provide is that this was a spam with no body, so nothing to check. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 25, 2004 Share Posted April 25, 2004 I would email support<at>spamcop.net with the details and the spam source showing the body and that message. Is it possible that this is caused because of inappropriate boundries so the scanner can not see the body? Link to comment Share on other sites More sharing options...
martind Posted April 26, 2004 Author Share Posted April 26, 2004 ok - thanks - I'll do that and let you know the outcome. I'll have to wait until the next one since I've deleted that message. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.