Spamcop listed gmail?

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

Spamcop listed gmail?

Robert Fitzpatrick-2
Perhaps this is not the place for this, I didn't find a mailing list on
the spamcop site and just looking to see if this is experienced by
others. Got two calls this morning, both not receiving mail from gmail
users and both being blocked by my usage of 'reject_rbl_client
bl.spamcop.net'. Anyone other users of this config parameter seeing this?

Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
unavailable; Client host [209.85.214.175] blocked using bl.spamcop.net;
Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
from=<[hidden email]> to=<[hidden email]> proto=ESMTP
helo=<mail-tul01m020-f175.google.com>
--
Robert <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Stan Hoeppner
On 1/16/2012 1:12 PM, Robert Fitzpatrick wrote:

> Perhaps this is not the place for this, I didn't find a mailing list on
> the spamcop site and just looking to see if this is experienced by
> others. Got two calls this morning, both not receiving mail from gmail
> users and both being blocked by my usage of 'reject_rbl_client
> bl.spamcop.net'. Anyone other users of this config parameter seeing this?
>
> Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
> mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
> unavailable; Client host [209.85.214.175] blocked using bl.spamcop.net;
> Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> helo=<mail-tul01m020-f175.google.com>

From:  http://spamcop.net/fom-serve/cache/291.html
How do I configure my mailserver to reject mail based on the blocklist?

"We recommend that when using any spam filtering method, users be given
access to the filtered mail - don't block the mail as documented here,
but store it in a separate mailbox. Or tag it and provide users
documentation so that they can filter based on the tags in their own
MUA. We provide this information only for administrators who cannot use
a more subtle approach for whatever reason."

In other words, maybe it's best to not use bl.spamcop.net for outright
rejections at smtp time.  Alternatively, you can change the reply code
for this dnsbl or all your dnsbls to a 4xx so the sending host can get
the mail delivering to you once the dnslbl stops listing "the world".
See: http://www.postfix.org/postconf.5.html#reject_rbl_client

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Benny Pedersen
In reply to this post by Robert Fitzpatrick-2
On Mon, 16 Jan 2012 14:12:48 -0500, Robert Fitzpatrick wrote:

> Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
> mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
> unavailable; Client host [209.85.214.175] blocked using
> bl.spamcop.net;
> Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> helo=<mail-tul01m020-f175.google.com>

thats why dnswl exists ?

http://moensted.dk/spam/?addr=209.85.214.175&Submit=Submit

> --

dash dash space



Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Benny Pedersen
In reply to this post by Stan Hoeppner
On Mon, 16 Jan 2012 13:28:34 -0600, Stan Hoeppner wrote:
> the mail delivering to you once the dnslbl stops listing "the world".
> See: http://www.postfix.org/postconf.5.html#reject_rbl_client

http://www.postfix.org/postconf.5.html#permit_dnswl_client
http://www.dnswl.org/tech#postfix



Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Stan Hoeppner
On 1/16/2012 2:34 PM, Benny Pedersen wrote:
> On Mon, 16 Jan 2012 13:28:34 -0600, Stan Hoeppner wrote:
>> the mail delivering to you once the dnslbl stops listing "the world".
>> See: http://www.postfix.org/postconf.5.html#reject_rbl_client
>
> http://www.postfix.org/postconf.5.html#permit_dnswl_client
> http://www.dnswl.org/tech#postfix

Given the amount of leakage out of Gorilla mailers, especially Google
and especially Google Groups, why would you use dnswl to accept every
message from their outbounds, given they have a trustworthiness score of
1?  IMHO this is the only sane default setting:

permit_dnswl_client list.dnswl.org=127.0.[2..14].[2..3]

which doesn't automatically allow Google originating email into the
queue, nor Yahoo, nor AOL, etc.

No, permit_dnswl_client isn't the right solution for the OP in this case.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Reindl Harald-2


Am 16.01.2012 22:22, schrieb Stan Hoeppner:

> On 1/16/2012 2:34 PM, Benny Pedersen wrote:
>> On Mon, 16 Jan 2012 13:28:34 -0600, Stan Hoeppner wrote:
>>> the mail delivering to you once the dnslbl stops listing "the world".
>>> See: http://www.postfix.org/postconf.5.html#reject_rbl_client
>>
>> http://www.postfix.org/postconf.5.html#permit_dnswl_client
>> http://www.dnswl.org/tech#postfix
>
> Given the amount of leakage out of Gorilla mailers, especially Google
> and especially Google Groups
naturally big players like google, yahoo... have a big
amount of mails each day and 1% of a big amount is
a hughe number - that does not classify them as spammer

if you send only 1000 messages each day and 900 of them are
spam you have a lower total count as google but percentual
90% junk


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Benny Pedersen
In reply to this post by Stan Hoeppner
On Mon, 16 Jan 2012 15:22:41 -0600, Stan Hoeppner wrote:
> No, permit_dnswl_client isn't the right solution for the OP in this
> case.

its a free world :-)

yep sure one could skip dnsbl from freemail domains if wanted that way
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Tõnu Samuel
In reply to this post by Reindl Harald-2
On 01/17/2012 07:17 AM, Reindl Harald wrote:
>
> naturally big players like google, yahoo... have a big
> amount of mails each day and 1% of a big amount is
> a hughe number - that does not classify them as spammer
>
> if you send only 1000 messages each day and 900 of them are
> spam you have a lower total count as google but percentual
> 90% junk

Still they are ignorant and I report daily about one of their mails to
spamcop. I tried contacting their abuse@, I tried to contact listowner
etc but
  I still receive mailing list I never asked for. And this is their
problem if they do not report spam reports either.

And please, if anyone from Google reads, remove that annoying
"shiitenews" coming to me.

    Tõnu
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Robert Schetterer
In reply to this post by Robert Fitzpatrick-2
Am 16.01.2012 20:12, schrieb Robert Fitzpatrick:

> Perhaps this is not the place for this, I didn't find a mailing list on
> the spamcop site and just looking to see if this is experienced by
> others. Got two calls this morning, both not receiving mail from gmail
> users and both being blocked by my usage of 'reject_rbl_client
> bl.spamcop.net'. Anyone other users of this config parameter seeing this?
>
> Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
> mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
> unavailable; Client host [209.85.214.175] blocked using bl.spamcop.net;
> Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
> from=<[hidden email]> to=<[hidden email]> proto=ESMTP
> helo=<mail-tul01m020-f175.google.com>
> --
> Robert <[hidden email]>

why do you use spamcop ?

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

dennisthetiger
In reply to this post by Tõnu Samuel
On Tue, 17 Jan 2012, Tonu Samuel wrote:

> Still they are ignorant and I report daily about one of their mails to
> spamcop. I tried contacting their abuse@, I tried to contact listowner etc
> but
> I still receive mailing list I never asked for. And this is their problem if
> they do not report spam reports either.

Well, rather than contributing to the problem for those of us who a) use
spamcop for rbl, and b) want to receive email from Gmail for our users,
why not use the mechanisms that Google has in place instead?

It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
route you to the instructions on how to remove yourself in the Google
Groups help documentation, and this also contains a handy link to find out
how to report a group for abuse if you are so inclined.

-Dennis

Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Stan Hoeppner
On 1/17/2012 1:53 AM, Dennis Carr wrote:

> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
> route you to the instructions on how to remove yourself in the Google
> Groups help documentation, and this also contains a handy link to find
> out how to report a group for abuse if you are so inclined.

This is the same as offering to band-aid someone's knuckles after they
punch you in the mouth out of the blue.  They created the problem--no
COI.  Why would anyone waste their own time farting with unsub
instructions when they didn't sub in the first place?

This is the proper way to do it:

/etc/postfix/header_checks.pcre
...
# Google Groups spam
/X-Google-Group-Id:/               REJECT Google Groups spam
/X-BeenThere: .*googlegroups.com/  REJECT Google Groups spam
...

--
Stan

Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Robert Fitzpatrick-2
In reply to this post by Stan Hoeppner
On 1/16/2012 2:28 PM, Stan Hoeppner wrote:
> "We recommend that when using any spam filtering method, users be given
> access to the filtered mail - don't block the mail as documented here,
> but store it in a separate mailbox. Or tag it and provide users
> documentation so that they can filter based on the tags in their own
> MUA. We provide this information only for administrators who cannot use
> a more subtle approach for whatever reason."

And then I just followed their listed examples, crazy I know. The thing
that gets me is these are the first and only calls I have received on
this in all our years of using this config parameter. I'll definitely
look into it more...thanks.
--
Robert <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Robert Fitzpatrick-2
In reply to this post by Robert Schetterer
On 1/17/2012 2:08 AM, Robert Schetterer wrote:
> why do you use spamcop ?

Why wouldn't I?

--
Robert <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

dennisthetiger
In reply to this post by Stan Hoeppner
On Tue, 17 Jan 2012, Stan Hoeppner wrote:

> On 1/17/2012 1:53 AM, Dennis Carr wrote:
>
>> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
>> route you to the instructions on how to remove yourself in the Google
>> Groups help documentation, and this also contains a handy link to find
>> out how to report a group for abuse if you are so inclined.
>
> This is the same as offering to band-aid someone's knuckles after they
> punch you in the mouth out of the blue.  They created the problem--no
> COI.  Why would anyone waste their own time farting with unsub
> instructions when they didn't sub in the first place?

Point being, though, Stan, is that there's the link I mentioned at the
bottom of the page.  Tonu's not getting any results from forwards to
abuse@ or reports to spamcop (and the latter just breaks things for those
of us who use spamcop's rbl in the first place) - so armed with that
knowledge, I expect he will have better results.

I don't know if unsub'ing will have results, but if it were me, I'd try
the unsub route - and if it continues, then I'd be reporting as spam
through the proper channels that they actually focus on.  And granted that
Google is apparently not reading abuse@ for the purpose, but in recent
years, it seems that abuse@anywhere has pretty much become YEt Another
repository for spam.  (Hell, mine's aliased over to another account so I
can filter it!)  We can gripe about that here on this list, but that isn't
going to solve the problem.

tl;dr version - don't fuck up the rbl for the rest of us, find and use the
proper reporting mechanisms.

-Dennis

Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Stan Hoeppner
On 1/17/2012 2:48 PM, Dennis Carr wrote:

> On Tue, 17 Jan 2012, Stan Hoeppner wrote:
>
>> On 1/17/2012 1:53 AM, Dennis Carr wrote:
>>
>>> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
>>> route you to the instructions on how to remove yourself in the Google
>>> Groups help documentation, and this also contains a handy link to find
>>> out how to report a group for abuse if you are so inclined.
>>
>> This is the same as offering to band-aid someone's knuckles after they
>> punch you in the mouth out of the blue.  They created the problem--no
>> COI.  Why would anyone waste their own time farting with unsub
>> instructions when they didn't sub in the first place?
>
> Point being, though, Stan, is that there's the link I mentioned at the
> bottom of the page.  Tonu's not getting any results from forwards to
> abuse@ or reports to spamcop (and the latter just breaks things for
> those of us who use spamcop's rbl in the first place) - so armed with
> that knowledge, I expect he will have better results.
>
> I don't know if unsub'ing will have results, but if it were me, I'd try
> the unsub route - [snip]

You do know how Google Groups spamming works don't you?

Google Groups spamming 101

1.  Create a new group
2.  Sign up collected victim email addresses
3.  Send spam to group
4.  Rinse & repeat

I believe it's the same with Yahoo Groups, or used to be, as I created a
regex for it as well sometime in the past.

So the problem with your method is that spammers can create new groups
faster than you can unsub, turning you into a dog chasing its tail.  A
single config line in a header_checks file eliminates the entire problem
with a few dozen keystrokes and keeps the burden on Google where it
belongs.  I don't understand why you don't get this.

If you really want to facilitate change here, start an online petition
against non-COI Google Groups sign ups and present it to Google with a
few hundred thousands signatures.  Filing spam reports ain't gonna do
it.  It's incredible that Google doesn't have COI on this in 2011.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Bill Cole-3
In reply to this post by Robert Fitzpatrick-2
On 17 Jan 2012, at 8:20, Robert Fitzpatrick wrote:

> On 1/17/2012 2:08 AM, Robert Schetterer wrote:
>> why do you use spamcop ?
>
> Why wouldn't I?

Because it has a long-running tendency to intermittently list various
major "legitimate" freemail outlet points. This is not a new behavior or
a rare one. It happens less than it did inn the early years of SpamCop,
but it still happens  frequently enough that I would guess that there's
never a version of the SpamCop BL that does not have one IP listed which
emits some legitimate mail from one of the Big 4.

That's actually not enough of a reason to not use SpamCop for many
people, both because some people can tolerate rejecting a few hundredths
of a percent of their non-spam freemail flow (which may make the losses
so sparse as to be essentially invisible) and because DNSBL's can be use
in non-absolute ways.

Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Steve Fatula-2
In reply to this post by Robert Fitzpatrick-2
From: Robert Fitzpatrick <[hidden email]>
To: Postfix <[hidden email]>
Sent: Monday, January 16, 2012 1:12 PM
Subject: Spamcop listed gmail?

Perhaps this is not the place for this, I didn't find a mailing list on
the spamcop site and just looking to see if this is experienced by
others. Got two calls this morning, both not receiving mail from gmail
users and both being blocked by my usage of 'reject_rbl_client
bl.spamcop.net'. Anyone other users of this config parameter seeing this?

You should not block outright. Either use a scoring system (perhaps postscreen), or, DNSWL to first whitelist the servers. 

I personally report yahoo, gmail, etc. all the time via Spamcop when I get spam from them. My hope is they will at least find the account and disable it, possibly, with luck, even block emails going out just like it in the future.
Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Simon Brereton-2


On Jan 19, 2012 7:13 PM, "Steve Fatula" <[hidden email]> wrote:
>>
>> From: Robert Fitzpatrick <[hidden email]>
>> To: Postfix <[hidden email]>
>> Sent: Monday, January 16, 2012 1:12 PM
>> Subject: Spamcop listed gmail?
>>
>> Perhaps this is not the place for this, I didn't find a mailing list on
>> the spamcop site and just looking to see if this is experienced by
>> others. Got two calls this morning, both not receiving mail from gmail
>> users and both being blocked by my usage of 'reject_rbl_client
>> bl.spamcop.net'. Anyone other users of this config parameter seeing this?
>>
> You should not block outright. Either use a scoring system (perhaps postscreen), or, DNSWL to first whitelist the servers. 
>
> I personally report yahoo, gmail, etc. all the time via Spamcop when I get spam from them. My hope is they will at least find the account and disable it, possibly, with luck, even block emails going out just like it in the future.

What he said...

Simon

Reply | Threaded
Open this post in threaded view
|

Re: Spamcop listed gmail?

Postfix User-2
On Fri, 20 Jan 2012 00:24:33 -0500
Simon Brereton articulated:

> On Jan 19, 2012 7:13 PM, "Steve Fatula" <[hidden email]>
> wrote:
> >>
> >> From: Robert Fitzpatrick <[hidden email]>
> >> To: Postfix <[hidden email]>
> >> Sent: Monday, January 16, 2012 1:12 PM
> >> Subject: Spamcop listed gmail?
> >>
> >> Perhaps this is not the place for this, I didn't find a mailing
> >> list on the spamcop site and just looking to see if this is
> >> experienced by others. Got two calls this morning, both not
> >> receiving mail from gmail users and both being blocked by my usage
> >> of 'reject_rbl_client bl.spamcop.net'. Anyone other users of this
> >> config parameter seeing this?
> >>
> > You should not block outright. Either use a scoring system (perhaps
> postscreen), or, DNSWL to first whitelist the servers.
> >
> > I personally report yahoo, gmail, etc. all the time via Spamcop
> > when I
> get spam from them. My hope is they will at least find the account and
> disable it, possibly, with luck, even block emails going out just
> like it in the future.
>
> What he said...

Personally, I have found NOT receiving mail from Google to be a plus.
In any case, the is a forum on SPAMCOP that is active. I have used it
in the past, although several years ago. I just checked and it is still
there. There is also information on possible configurations for the
Spamcop "lists" and "Postfix" that might prove useful.

--
Jerry ✌
[hidden email]
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Maslow's Maxim:
        If the only tool you have is a hammer,
        you treat everything like a nail.