[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Mailing list gateway getting reportted at SpamCop

Dennis Oelkers

1/6/2005 10:16:00 AM

Hello list,

during the last few days we are receiving SpamCop-reports concerning the
submission of mails originating
from one of our host repeatedly. We found out that all of those reports
are related to someone (or something)
submitting mails from ruby-talk which were forwarded by the Usenet <->
mailing list gateway running at our site,
so SpamCop determined the gateway as the origin of those mails.

Those mails were not even close to uce, they are just 100% legitimate
comp.lang.ruby postings, and it seems
that the person (or the script?) submitting those postings to SpamCop is
always the same.

Nevertheless we fear that we might get listed in the SpamCop-RBLs, and
one of my Co-Admins (who is
my supervisor) concluded the situation in our last conversation with the
sentence "do something so it will stop".
I guess I don't have to explain that "something" may mean "shut the
gateway down" in the long run.

My questions:
- Do we have the same problem with other mailing list traffic getting
reported?
- Is it possible to find out who is submitting the legitimate traffic to
SpamCop, and manually unsubscribe that
address from ruby-talk?
- Are there really people stupid enough to mix up mail they received
from a mailing list (and which they probably
subscribed themself to) with uce, or is it a script which is reporting
us at SpamCop?
- Does anyone here has experience with SpamCop and false submissions?

I do not want to shut down the gateway in any case, but I might get
forced to. I hope for your help.

Kind regards,
Dennis Oelkers
8 Answers

Robert Klemme

1/6/2005 12:38:00 PM

0


"Dennis Oelkers" <dennis@lauschmusik.de> schrieb im Newsbeitrag
news:41DD0FCE.80301@lauschmusik.de...

First thing I'd probably do is to contact SpamCop and try to sort out with
them:

- how we got on their list and

- whether they can whitelist us or

- change their algorithm to just include original posters not gateways.

I don't know how promising this approach is though...

Kind regards

robert

Craig Moran

1/6/2005 12:50:00 PM

0

I'd like to add a piece to this puzzle. Maybe this will help to
trigger a solution. I am using Gmail (as are plenty of other folks),
which does some SPAM filtering automatically. I have received a few
bonafide SPAM messages via ruby-talk and have labelled them as such.
However, Gmail's SPAM filtering has taken over and has started
labelling a few legitimate messages as SPAM and moves them from my
Inbox without me ever seeing them. Does Gmail report these
automatically?

I don't wish to point the finger at anyone in case it is their fault
(and to save their pride), but I have noticed that these legitimate
postings to ruby-talk are all from the very same sender. Only 6 such
email messages were auto-labelled as SPAM from 28 DEC 2004 to 5 JAN
2005. Have any of our other Gmail users experienced this?

If the person's name and email will help clear this up, please request
a private message from me with a private email addy.
Warm Regards-
Craig

On Thu, 6 Jan 2005 19:16:02 +0900, Dennis Oelkers <dennis@lauschmusik.de> wrote:
> Hello list,
>
> during the last few days we are receiving SpamCop-reports concerning the
> submission of mails originating
> from one of our host repeatedly. We found out that all of those reports
> are related to someone (or something)
> submitting mails from ruby-talk which were forwarded by the Usenet <->
> mailing list gateway running at our site,
> so SpamCop determined the gateway as the origin of those mails.
>
> Those mails were not even close to uce, they are just 100% legitimate
> comp.lang.ruby postings, and it seems
> that the person (or the script?) submitting those postings to SpamCop is
> always the same.
>
> Nevertheless we fear that we might get listed in the SpamCop-RBLs, and
> one of my Co-Admins (who is
> my supervisor) concluded the situation in our last conversation with the
> sentence "do something so it will stop".
> I guess I don't have to explain that "something" may mean "shut the
> gateway down" in the long run.
>
> My questions:
> - Do we have the same problem with other mailing list traffic getting
> reported?
> - Is it possible to find out who is submitting the legitimate traffic to
> SpamCop, and manually unsubscribe that
> address from ruby-talk?
> - Are there really people stupid enough to mix up mail they received
> from a mailing list (and which they probably
> subscribed themself to) with uce, or is it a script which is reporting
> us at SpamCop?
> - Does anyone here has experience with SpamCop and false submissions?
>
> I do not want to shut down the gateway in any case, but I might get
> forced to. I hope for your help.
>
> Kind regards,
> Dennis Oelkers
>
>

Robert McGovern

1/6/2005 1:48:00 PM

0

> trigger a solution. I am using Gmail (as are plenty of other folks),
> which does some SPAM filtering automatically. I have received a few
> bonafide SPAM messages via ruby-talk and have labelled them as such.
> However, Gmail's SPAM filtering has taken over and has started
> labelling a few legitimate messages as SPAM and moves them from my
> Inbox without me ever seeing them. Does Gmail report these
> automatically?

I have seen this as well, its possible. I've had to mark a few
messages as legitamate but I can't remember who they where from.

Rob

Jared Richardson

1/6/2005 7:02:00 PM

0

I don't know if this is an option for most people, but I use the newsgroup,
not the mailing list. Perhaps turning the list into a newsgroup only (w/a
handy web interface for those who don't do usenet) would solve the problem?

Jared


Sam Roberts

1/6/2005 8:17:00 PM

0

Quoteing jared.RMOVE_THS_richardson@sas.com, on Fri, Jan 07, 2005 at 05:06:37AM +0900:
> I don't know if this is an option for most people, but I use the newsgroup,
> not the mailing list. Perhaps turning the list into a newsgroup only (w/a
> handy web interface for those who don't do usenet) would solve the problem?

That would make a number of folks very unhappy, I suspect.

Imagine if you were told you had to abandon your newsreader and use the
mailling list, but that you could use some lame web interface (and all
web interfaces to mail and/or news are lame in comparison to native
apps, IMHO) instead...

Cheers,
Sam

Jared Richardson

1/7/2005 1:11:00 AM

0


"Sam Roberts" <sroberts@uniserve.com> wrote in message
news:20050106201658.GA3142@ensemble.local...
> Quoteing jared.RMOVE_THS_richardson@sas.com, on Fri, Jan 07, 2005 at
> 05:06:37AM +0900:
>> I don't know if this is an option for most people, but I use the
>> newsgroup,
>> not the mailing list. Perhaps turning the list into a newsgroup only (w/a
>> handy web interface for those who don't do usenet) would solve the
>> problem?
>
> That would make a number of folks very unhappy, I suspect.
>
> Imagine if you were told you had to abandon your newsreader and use the
> mailling list, but that you could use some lame web interface (and all
> web interfaces to mail and/or news are lame in comparison to native
> apps, IMHO) instead...
>
> Cheers,
> Sam


I agree with you... I only mentioned it as it sounds like the hosting
provider is going to terminate the list if a solution can't be found
quickly... and so far there don't seem to be any other solutions.


Dennis Oelkers

1/10/2005 3:36:00 PM

0

Hello Robert,

Robert Klemme wrote:

>
> "Dennis Oelkers" <dennis@lauschmusik.de> schrieb im Newsbeitrag
> news:41DD0FCE.80301@lauschmusik.de...
>
> First thing I'd probably do is to contact SpamCop and try to sort out
> with them:
>
> - how we got on their list and
>
> - whether they can whitelist us or

I already used their supplied response form, to tell both the submitter
and SpamCop that the reported mails are legitimate
postings of comp.lang.ruby, forwarded to ruby-talk. I did not receive a
response yet.

>
> - change their algorithm to just include original posters not gateways.

Well, in fact it is already almost working like that. Instead of the
original poster (which could only be determined by the
From-header (which could be forged), it looks at the Received-header and
mails the site-contact which is listed in the whois db
of the netblock where the mail originates from. Due to the fact that the
gateway is the first hop where the mail enters SMTP space,
it will always be our host, no matter who wrote the mail.

We didn't receive any mails in the last few days, maybe the problem
solved itself. If it didn't, I hope we'll find a solution so I do not
have to shut down the gateway.

>
> I don't know how promising this approach is though...
>
> Kind regards
>
> robert
>
Kind regards,
Dennis Oelkers

Sam Roberts

1/10/2005 3:45:00 PM

0

Quoteing dennis@lauschmusik.de, on Tue, Jan 11, 2005 at 12:35:57AM +0900:
> >"Dennis Oelkers" <dennis@lauschmusik.de> schrieb im Newsbeitrag
> >news:41DD0FCE.80301@lauschmusik.de...
> >- change their algorithm to just include original posters not gateways.
>
> Well, in fact it is already almost working like that. Instead of the
> original poster (which could only be determined by the
> From-header (which could be forged), it looks at the Received-header and
> mails the site-contact which is listed in the whois db
> of the netblock where the mail originates from. Due to the fact that the
> gateway is the first hop where the mail enters SMTP space,
> it will always be our host, no matter who wrote the mail.

I might be in outer-space here, but the gateway shouldn't be the first
hop... is there information in the Usenet message that can be used to
construct a received header (by the gateway) that points backwards to
the sender so that it doesn't look like its the gateway that originates
the email?

Cheers,
Sam