RANT: Spam and Sonic.net

General discussions and other topics.
148 posts Page 14 of 15
by patty1 » Tue Sep 02, 2014 2:32 pm
I've had a flood of spam the past few days. Probably a couple dozen per day. I just noticed that one had a SpamAssassin score of only 1.7, so it would be hard to find rules to get that up to the 4.5 minimum I'm currently running.

I suspect that this latest crop is being generated by the same underlying software, because it all has nonsense header lines such as:

Flaky-Nieve: 17340241.17340241
Sochi-Angel: 953-2758916
Primo-Sensa: 7275b789176218448a5e35a1cb0fbd1f
Hinder-Maths: 2758916.2758916

The nonsense headers vary from message to message, but most (if not all) of today's messages have had them.
by tensigh » Tue Sep 02, 2014 4:01 pm
I've been lucky; I've only seen 2 spams in my mailbox over the past month.

I AM seeing my own messages getting flagged as spam despite the fact that I've whitelisted my own email address. But other than that, SA has been getting fooled less in my case.
by virtualmike » Tue Sep 02, 2014 10:29 pm
A couple of my email addresses used for registration at a couple of sites (and otherwise dormant for more than five years) suddenly have started getting hammered. I'm guessing those site were hacked and the email addresses sold.
by tensigh » Thu Oct 02, 2014 5:07 am
I've been getting a number of spams again. I forwarded a few to support just to help, and naturally they ignored my email.

You guys need to get rid of SA and put something in that doesn't suck. SA was the rage 10 years ago, but it's getting fooled too often. You need to switch.

Dane, if you're listening, please consider a better solution.
by ankh » Wed May 29, 2019 7:45 pm
I've used the Spamcop reporting service for many years now.
It used to provide an email address "@spamcop.net"
but they dropped that and now anything that comes addressed to me there is simply forwarded to my Sonic address.

Unfortunately, sporadically, I get flurries of spam report failures where something added to the mail headers somewhere screws up the report. I assume it's a clever spammer who's worked around the spam filtering.

If anyone here is a knowledgeable user of Spamcop's reporting, could you take a look at the Spamcop forum discussion?
One knowledgeable user there says:
it seems your present email provider has gobbledegook headers that don't stamp received line properly/orderly.
http://forum.spamcop.net/topic/37788-ma ... ent-139321
by ankh » Fri May 31, 2019 3:40 pm
I asked Sonic Support about this, but the Support person replied:
This seems more like a question that would be appropriate for our forum crew. .... Many of our back end folks hang out in there and can help you resolve your issues more readily than our email support can.
So -- the problem is when Spamcop can't parse headers on spam mail and replies
Mailhost configuration problem, identified internal IP as source
Some bits of an answer came in the Spamcop forum at
http://forum.spamcop.net/topic/37788-re ... ce/?page=2
but several people there have continued to ask why Sonic is messing up email headers.

So this is for any of the "back end folks" -- are Sonic's email headers nonstandard?

Yes, I realize that the blessed thing about standards is that there are so damn many of them.
by drew.phillips » Fri May 31, 2019 4:42 pm
ankh wrote:I asked Sonic Support about this, but the Support person replied:
This seems more like a question that would be appropriate for our forum crew. .... Many of our back end folks hang out in there and can help you resolve your issues more readily than our email support can.
So -- the problem is when Spamcop can't parse headers on spam mail and replies
Mailhost configuration problem, identified internal IP as source
Some bits of an answer came in the Spamcop forum at
http://forum.spamcop.net/topic/37788-re ... ce/?page=2
but several people there have continued to ask why Sonic is messing up email headers.

So this is for any of the "back end folks" -- are Sonic's email headers nonstandard?

Yes, I realize that the blessed thing about standards is that there are so damn many of them.
I pasted a few messages to my Sonic account from outside sources into SpamCop and didn't get any errors.

Do you have headers from an example message that is being rejected? I tried following some of the links in the SC thread and didn't see any that had issues.

A typical set of received headers we add looks like this, which are standard:

Code: Select all

Received: from a.local-delivery (a.local-delivery.sonic.net [157.131.224.82])
	by a.spam.sonic.net (8.14.4/8.14.4) with ESMTP id x4S2loZr005654
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <x@sonic.net>; Mon, 27 May 2019 19:47:50 -0700
Received: from a.spam.sonic.net (a.spam.sonic.net [69.12.221.231])
	by a.mx.sonic.net (8.14.7/8.14.7) with ESMTP id x4S2loBm293762
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <x@sonic.net>; Mon, 27 May 2019 19:47:49 -0700
Received: from e.mx.sonic.net (b.spam-proxy.sonic.net [69.12.208.80])
	by a.local-delivery (8.14.7/8.14.7) with ESMTP id x4S2ln3H013751
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <privacy@lds.sonic.net>; Mon, 27 May 2019 19:47:49 -0700
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180])
	by e.mx.sonic.net (8.14.7/8.14.7) with ESMTP id x4S2lcA7183590
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
	for <x@sonic.net>; Mon, 27 May 2019 19:47:47 -0700
Received: by mail-pf1-f180.google.com with SMTP id r22so7628893pfh.9
        for <x@sonic.net>; Mon, 27 May 2019 19:47:44 -0700 (PDT)
Received: from 426803448907 named unknown by gmailapi.google.com with
 HTTPREST; Mon, 27 May 2019 19:47:37 -0700
Drew Phillips
Programmer / System Operations, Sonic.net
by ankh » Fri May 31, 2019 5:47 pm
This link should show you what Spamcop complains of.
This is the full text of their rejection message:
https://www.spamcop.net/sc?id=z65512565 ... 5d226c5f0z
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
by ankh » Fri May 31, 2019 5:49 pm
This is the "view entire message" link from that error message:

https://www.spamcop.net/sc?id=z65512565 ... on=display
by ankh » Fri May 31, 2019 5:52 pm
The discussion at Spamcop's forums that raised the issue of bad headers is here:

http://forum.spamcop.net/topic/37788-re ... ent-139239
148 posts Page 14 of 15

Who is online

In total there are 20 users online :: 1 registered, 0 hidden and 19 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Google [Bot] and 19 guests