Spamcop listed gmail?

[Robert Fitzpatrick]

Perhaps this is not the place for this, I didn't find a mailing list on
the spamcop site and just looking to see if this is experienced by
others. Got two calls this morning, both not receiving mail from gmail
users and both being blocked by my usage of 'reject_rbl_client
bl.spamcop.net'. Anyone other users of this config parameter seeing this?

Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
unavailable; Client host [209.85.214.175] blocked using bl.spamcop.net;
Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
from=<us...@gmail.com> to=<us...@example.com> proto=ESMTP
helo=<mail-tul01m020-f175.google.com>
--
Robert <rob...@webtent.org>

[Stan Hoeppner]

From: http://spamcop.net/fom-serve/cache/291.html
How do I configure my mailserver to reject mail based on the blocklist?

"We recommend that when using any spam filtering method, users be given
access to the filtered mail - don't block the mail as documented here,
but store it in a separate mailbox. Or tag it and provide users
documentation so that they can filter based on the tags in their own
MUA. We provide this information only for administrators who cannot use
a more subtle approach for whatever reason."

In other words, maybe it's best to not use bl.spamcop.net for outright
rejections at smtp time. Alternatively, you can change the reply code
for this dnsbl or all your dnsbls to a 4xx so the sending host can get
the mail delivering to you once the dnslbl stops listing "the world".
See: http://www.postfix.org/postconf.5.html#reject_rbl_client

--
Stan

[Benny Pedersen]

On Mon, 16 Jan 2012 14:12:48 -0500, Robert Fitzpatrick wrote:

> Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
> mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
> unavailable; Client host [209.85.214.175] blocked using
> bl.spamcop.net;
> Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
> from=<us...@gmail.com> to=<us...@example.com> proto=ESMTP
> helo=<mail-tul01m020-f175.google.com>

thats why dnswl exists ?

http://moensted.dk/spam/?addr=209.85.214.175&Submit=Submit

> --

dash dash space

[Benny Pedersen]

On Mon, 16 Jan 2012 13:28:34 -0600, Stan Hoeppner wrote:
> the mail delivering to you once the dnslbl stops listing "the world".
> See: http://www.postfix.org/postconf.5.html#reject_rbl_client

http://www.postfix.org/postconf.5.html#permit_dnswl_client
http://www.dnswl.org/tech#postfix

[Stan Hoeppner]

Given the amount of leakage out of Gorilla mailers, especially Google
and especially Google Groups, why would you use dnswl to accept every
message from their outbounds, given they have a trustworthiness score of
1? IMHO this is the only sane default setting:

permit_dnswl_client list.dnswl.org=127.0.[2..14].[2..3]

which doesn't automatically allow Google originating email into the
queue, nor Yahoo, nor AOL, etc.

No, permit_dnswl_client isn't the right solution for the OP in this case.

--
Stan

[Reindl Harald]

Am 16.01.2012 22:22, schrieb Stan Hoeppner:
> On 1/16/2012 2:34 PM, Benny Pedersen wrote:
>> On Mon, 16 Jan 2012 13:28:34 -0600, Stan Hoeppner wrote:
>>> the mail delivering to you once the dnslbl stops listing "the world".
>>> See: http://www.postfix.org/postconf.5.html#reject_rbl_client
>>
>> http://www.postfix.org/postconf.5.html#permit_dnswl_client
>> http://www.dnswl.org/tech#postfix
>
> Given the amount of leakage out of Gorilla mailers, especially Google
> and especially Google Groups

naturally big players like google, yahoo... have a big
amount of mails each day and 1% of a big amount is
a hughe number - that does not classify them as spammer

if you send only 1000 messages each day and 900 of them are
spam you have a lower total count as google but percentual
90% junk

[Benny Pedersen]

On Mon, 16 Jan 2012 15:22:41 -0600, Stan Hoeppner wrote:
> No, permit_dnswl_client isn't the right solution for the OP in this
> case.

its a free world :-)

yep sure one could skip dnsbl from freemail domains if wanted that way

[Tonu Samuel]

On 01/17/2012 07:17 AM, Reindl Harald wrote:
>
> naturally big players like google, yahoo... have a big
> amount of mails each day and 1% of a big amount is
> a hughe number - that does not classify them as spammer
>
> if you send only 1000 messages each day and 900 of them are
> spam you have a lower total count as google but percentual
> 90% junk

Still they are ignorant and I report daily about one of their mails to
spamcop. I tried contacting their abuse@, I tried to contact listowner
etc but
I still receive mailing list I never asked for. And this is their
problem if they do not report spam reports either.

And please, if anyone from Google reads, remove that annoying
"shiitenews" coming to me.

Tõnu

[Robert Schetterer]

Am 16.01.2012 20:12, schrieb Robert Fitzpatrick:
> Perhaps this is not the place for this, I didn't find a mailing list on
> the spamcop site and just looking to see if this is experienced by
> others. Got two calls this morning, both not receiving mail from gmail
> users and both being blocked by my usage of 'reject_rbl_client
> bl.spamcop.net'. Anyone other users of this config parameter seeing this?
>

> Jan 16 13:52:25 mx1 postfix/smtpd[72538]: NOQUEUE: reject: RCPT from
> mail-tul01m020-f175.google.com[209.85.214.175]: 554 5.7.1 Service
> unavailable; Client host [209.85.214.175] blocked using bl.spamcop.net;
> Blocked - see http://www.spamcop.net/bl.shtml?209.85.214.175;
> from=<us...@gmail.com> to=<us...@example.com> proto=ESMTP
> helo=<mail-tul01m020-f175.google.com>

> --
> Robert <rob...@webtent.org>

why do you use spamcop ?

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

[Dennis Carr]

On Tue, 17 Jan 2012, Tonu Samuel wrote:

> Still they are ignorant and I report daily about one of their mails to
> spamcop. I tried contacting their abuse@, I tried to contact listowner etc
> but
> I still receive mailing list I never asked for. And this is their problem if
> they do not report spam reports either.

Well, rather than contributing to the problem for those of us who a) use
spamcop for rbl, and b) want to receive email from Gmail for our users,
why not use the mechanisms that Google has in place instead?

It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
route you to the instructions on how to remove yourself in the Google
Groups help documentation, and this also contains a handy link to find out
how to report a group for abuse if you are so inclined.

-Dennis

[Stan Hoeppner]

On 1/17/2012 1:53 AM, Dennis Carr wrote:

> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
> route you to the instructions on how to remove yourself in the Google
> Groups help documentation, and this also contains a handy link to find
> out how to report a group for abuse if you are so inclined.

This is the same as offering to band-aid someone's knuckles after they
punch you in the mouth out of the blue. They created the problem--no
COI. Why would anyone waste their own time farting with unsub
instructions when they didn't sub in the first place?

This is the proper way to do it:

/etc/postfix/header_checks.pcre
...
# Google Groups spam
/X-Google-Group-Id:/ REJECT Google Groups spam
/X-BeenThere: .*googlegroups.com/ REJECT Google Groups spam
...

--
Stan

[Robert Fitzpatrick]

On 1/16/2012 2:28 PM, Stan Hoeppner wrote:
> "We recommend that when using any spam filtering method, users be given
> access to the filtered mail - don't block the mail as documented here,
> but store it in a separate mailbox. Or tag it and provide users
> documentation so that they can filter based on the tags in their own
> MUA. We provide this information only for administrators who cannot use
> a more subtle approach for whatever reason."

And then I just followed their listed examples, crazy I know. The thing
that gets me is these are the first and only calls I have received on
this in all our years of using this config parameter. I'll definitely
look into it more...thanks.
--
Robert <rob...@webtent.org>

[Robert Fitzpatrick]

On 1/17/2012 2:08 AM, Robert Schetterer wrote:
> why do you use spamcop ?

Why wouldn't I?

--
Robert <rob...@webtent.org>

[Dennis Carr]

On Tue, 17 Jan 2012, Stan Hoeppner wrote:

> On 1/17/2012 1:53 AM, Dennis Carr wrote:
>
>> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
>> route you to the instructions on how to remove yourself in the Google
>> Groups help documentation, and this also contains a handy link to find
>> out how to report a group for abuse if you are so inclined.
>
> This is the same as offering to band-aid someone's knuckles after they
> punch you in the mouth out of the blue. They created the problem--no
> COI. Why would anyone waste their own time farting with unsub
> instructions when they didn't sub in the first place?

Point being, though, Stan, is that there's the link I mentioned at the
bottom of the page. Tonu's not getting any results from forwards to
abuse@ or reports to spamcop (and the latter just breaks things for those
of us who use spamcop's rbl in the first place) - so armed with that
knowledge, I expect he will have better results.

I don't know if unsub'ing will have results, but if it were me, I'd try
the unsub route - and if it continues, then I'd be reporting as spam
through the proper channels that they actually focus on. And granted that
Google is apparently not reading abuse@ for the purpose, but in recent
years, it seems that abuse@anywhere has pretty much become YEt Another
repository for spam. (Hell, mine's aliased over to another account so I
can filter it!) We can gripe about that here on this list, but that isn't
going to solve the problem.

tl;dr version - don't fuck up the rbl for the rest of us, find and use the
proper reporting mechanisms.

-Dennis

[Stan Hoeppner]

On 1/17/2012 2:48 PM, Dennis Carr wrote:
> On Tue, 17 Jan 2012, Stan Hoeppner wrote:
>
>> On 1/17/2012 1:53 AM, Dennis Carr wrote:
>>
>>> It's pretty well documented at http://tinyurl.com/6p7fmnz - which will
>>> route you to the instructions on how to remove yourself in the Google
>>> Groups help documentation, and this also contains a handy link to find
>>> out how to report a group for abuse if you are so inclined.
>>
>> This is the same as offering to band-aid someone's knuckles after they
>> punch you in the mouth out of the blue. They created the problem--no
>> COI. Why would anyone waste their own time farting with unsub
>> instructions when they didn't sub in the first place?
>
> Point being, though, Stan, is that there's the link I mentioned at the
> bottom of the page. Tonu's not getting any results from forwards to
> abuse@ or reports to spamcop (and the latter just breaks things for
> those of us who use spamcop's rbl in the first place) - so armed with
> that knowledge, I expect he will have better results.
>
> I don't know if unsub'ing will have results, but if it were me, I'd try

> the unsub route - [snip]

You do know how Google Groups spamming works don't you?

Google Groups spamming 101

1. Create a new group
2. Sign up collected victim email addresses
3. Send spam to group
4. Rinse & repeat

I believe it's the same with Yahoo Groups, or used to be, as I created a
regex for it as well sometime in the past.

So the problem with your method is that spammers can create new groups
faster than you can unsub, turning you into a dog chasing its tail. A
single config line in a header_checks file eliminates the entire problem
with a few dozen keystrokes and keeps the burden on Google where it
belongs. I don't understand why you don't get this.

If you really want to facilitate change here, start an online petition
against non-COI Google Groups sign ups and present it to Google with a
few hundred thousands signatures. Filing spam reports ain't gonna do
it. It's incredible that Google doesn't have COI on this in 2011.

--
Stan

[Bill Cole]

On 17 Jan 2012, at 8:20, Robert Fitzpatrick wrote:

> On 1/17/2012 2:08 AM, Robert Schetterer wrote:
>> why do you use spamcop ?
>
> Why wouldn't I?

Because it has a long-running tendency to intermittently list various
major "legitimate" freemail outlet points. This is not a new behavior or
a rare one. It happens less than it did inn the early years of SpamCop,
but it still happens frequently enough that I would guess that there's
never a version of the SpamCop BL that does not have one IP listed which
emits some legitimate mail from one of the Big 4.

That's actually not enough of a reason to not use SpamCop for many
people, both because some people can tolerate rejecting a few hundredths
of a percent of their non-spam freemail flow (which may make the losses
so sparse as to be essentially invisible) and because DNSBL's can be use
in non-absolute ways.

[Steve Fatula]

From: Robert Fitzpatrick <rob...@webtent.org>
To: Postfix <postfi...@postfix.org>
Sent: Monday, January 16, 2012 1:12 PM
Subject: Spamcop listed gmail?

Perhaps this is not the place for this, I didn't find a mailing list on
the spamcop site and just looking to see if this is experienced by
others. Got two calls this morning, both not receiving mail from gmail
users and both being blocked by my usage of 'reject_rbl_client
bl.spamcop.net'. Anyone other users of this config parameter seeing this?

You should not block outright. Either use a scoring system (perhaps postscreen), or, DNSWL to first whitelist the servers. 

I personally report yahoo, gmail, etc. all the time via Spamcop when I get spam from them. My hope is they will at least find the account and disable it, possibly, with luck, even block emails going out just like it in the future.

[Simon Brereton]

What he said...

Simon

[Jerry]

On Fri, 20 Jan 2012 00:24:33 -0500
Simon Brereton articulated:

Personally, I have found NOT receiving mail from Google to be a plus.
In any case, the is a forum on SPAMCOP that is active. I have used it
in the past, although several years ago. I just checked and it is still
there. There is also information on possible configurations for the
Spamcop "lists" and "Postfix" that might prove useful.

--
Jerry ✌
postfi...@seibercom.net
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Maslow's Maxim:
If the only tool you have is a hammer,
you treat everything like a nail.