emails not getting through

[Pommie]

Hmm

I'm not really confident in doing that and spamassassin has performed pretty well for me before I moved here - in fact it worked here for the first month or so.

Is anyone from WebHostingUK

a: listening?
b: interested?
c: able to address this problem?

or should I just start searching now for a new hosting provider?

I was really impressed when I first came here, but this issue is just too risky to my business for me to hang around if it's not going to fixed.

[jon123]

hi Pommie, are you sure it is a spam assassin problem? Because as you say it doesn't appear to be in the header info.
I know many (including me) have had problems with hotmail, yahoo, aol recently, there are a few posts on here related to this. These big 3 changed their filtering recently and I wonder if this is why you seem to be experiencing this problem now, especially as you said it used to work.

I personally would be inclined to change the 'reply to' and 'from' fields, and also set the return path.

I take it that you have also checked the usual suspects: rDNS and spf are set correctly?

hope you find a solution

Jon

[Administrator]

Quote:

Originally Posted by Pommie

Hmm

I'm not really confident in doing that and spamassassin has performed pretty well for me before I moved here - in fact it worked here for the first month or so.

Is anyone from WebHostingUK

a: listening?
b: interested?
c: able to address this problem?

or should I just start searching now for a new hosting provider?

I was really impressed when I first came here, but this issue is just too risky to my business for me to hang around if it's not going to fixed.

First thing you need to do is get your form redesigned from someone who has expertise in php. Your online form is submitted at least 1000 times a day and 99% of them are rejected by our server as the sender email address is found to be listed in spamhaus.org. I tried to troubleshoot with help of logs related to your domain name, but its impossible to read 10,000 lines to troubleshoot.

You will need to add some sort of captcha image verification in your form to stop spammers from abusing your forms. let me know once you get your forms sorted as I can proceed to troubleshoot with help of logs once spamming though your forms comes to an end. I have included few lines from logs on server for your reference :-

Quote:

2008-04-14 23:12:17 H=(WWW-C7A07417673) [121.16.177.132]:3957 I=[91.186.0.9]:25 F= rejected RCPT <46daf793.3060508@*lan***t.co.uk>: "JunkMail rejected - (WWW-C7A07417673) [121.16.177.132]:3957 is in an RBL, see http://www.spamhaus.org/query/bl?ip=121.16.177.132"
2008-04-14 23:13:01 H=74-40-17-190.fibertel.com.ar [190.17.40.74]:1473 I=[91.186.0.9]:25 F= rejected RCPT : "JunkMail rejected - 74-40-17-190.fibertel.com.ar [190.17.40.74]:1473 is in an RBL, see http://www.spamhaus.org/query/bl?ip=190.17.40.74"
2008-04-14 23:13:08 H=(18924220223.user.veloxzone.com.br) [189.24.220.223]:26045 I=[91.186.0.9]:25 F= rejected RCPT : "JunkMail rejected - (18924220223.user.veloxzone.com.br) [189.24.220.223]:26045 is in an RBL, see http://www.spamhaus.org/query/bl?ip=189.24.220.223"
2008-04-14 23:13:55 H=(darks0ul-b2f6f4) [212.55.113.226]:3358 I=[91.186.0.9]:25 F= rejected RCPT <46daf793.3060508@*lan***t.co.uk>: "JunkMail rejected - (darks0ul-b2f6f4) [212.55.113.226]:3358 is in an RBL, see http://www.spamhaus.org/query/bl?ip=212.55.113.226"
2008-04-14 23:14:38 H=(darks0ul-b2f6f4) [212.55.113.226]:4865 I=[91.186.0.9]:25 F= rejected RCPT <46daf793.3060508@*lan***t.co.uk>: "JunkMail rejected - (darks0ul-b2f6f4) [212.55.113.226]:4865 is in an RBL, see http://www.spamhaus.org/query/bl?ip=212.55.113.226"
2008-04-14 23:14:56 H=(190-48-178-96.speedy.com.ar) [190.48.178.96]:1286 I=[91.186.0.9]:25 F= rejected RCPT <46daf854.3060508@*lan***t.co.uk>: "JunkMail rejected - (190-48-178-96.speedy.com.ar) [190.48.178.96]:1286 is in an RBL, see http://www.spamhaus.org/query/bl?ip=190.48.178.96"
2008-04-14 23:15:03 H=([41.221.23.145]) [41.221.23.145]:3133 I=[91.186.0.9]:25 U=daemon F= rejected RCPT <20jhobson@*lan***t.co.uk>: "JunkMail rejected - ([41.221.23.145]) [41.221.23.145]:3133 is in an RBL, see http://www.spamhaus.org/query/bl?ip=41.221.23.145"
2008-04-14 23:15:36 H=(adsl-mde-190-3-200-98.edatel.net.co) [190.3.200.98]:4778 I=[91.186.0.9]:25 F= rejected RCPT : "JunkMail rejected - (adsl-mde-190-3-200-98.edatel.net.co) [190.3.200.98]:4778 is in an RBL, see http://www.spamhaus.org/query/bl?ip=190.3.200.98"
2008-04-14 23:17:36 H=host211-36-dynamic.6-87-r.retail.telecomitalia.it (cicciariell) [87.6.36.211]:3767 I=[91.186.0.9]:25 F= rejected RCPT <46daf793.3060508@*lan***t.co.uk>: "JunkMail rejected - host211-36-dynamic.6-87-r.retail.telecomitalia.it (cicciariell) [87.6.36.211]:3767 is in an RBL, see http://www.spamhaus.org/query/bl?ip=87.6.36.211"

[optrex]

Tha man talks sense. If you've got no captcha or recaptcha on your PHP message scripts you are asking for trouble. At the very best you are going to get delays with that sort of submission rate now that your details have been harvested.

I was just about to reply with a suggestion that you look at services like http://www.digiportal.com/comparison.html but you need to get your end sorted first.

What mail script are you currently using - make and version? If I get 30 mins tomorrow I will have a look round.

[Pommie]

Thanks for the responses

I am using form@ailer plus as the form script. I will take a look at upgrading it to the latest version which has limited captcah and a blank robot field in it.

It's interesting that nobody else in support had identified any issues with spamming on the form over the course of our chats over the last 4 weeks, and as I have only once in 2 years ever received a spam submission I am grateful for this alternative view of things

It does make me wonder how many other valid enquiries I am misssing.

Alex P has now down something that allows submissions from hotmail addesses to get through so we are making some progress.

Apparently the spammers have still decided not to send any emails to any of my 15 email addresses me that might be scored between 5 and 15 by spam assassin - how do they DO that so consistently? It's amazing

[Pommie]

"Your online form is submitted at least 1000 times a day"

One question - and forgive me if I'm being naive or stupid admin, in that case how come according to the AWSTATS my form has only been fired 53 time this month up until yesterday?
Viewed Average size Entry Exit
/html/formmailer.php 53 466 Bytes 1 15

(and about 30 of them were me)

And how come I have only had 921 unique visitors this months and a total of 1221 visits if someone is firing my form 1,000 a day? Are they staying logged on permanenetly do you think? CAn you tell?

Do the web stats not collate visits from RBL'd IPs then

..or is there something wrong with my web stats as WELL?

J

[optrex]

I would imaging its the way the spam script works, they are not acutally visiting the page and pressing the submit button.

Take a look at these. form-maker.com/overview.html

I've not used them myself, but for £35 you get updates and support for 12 months, there is a members section, which I sugguest you register with for questions before you buy. It will make your forms look more professional, you will have a database of the responses and there is spam protection measures built in. There is also a demo. You would need to ask about a captcha or better still recaptcha plugin.

[Pommie]

Hmm

How can they execute the script without accessing formmailer.php
(or how can they access it without it showing in the logs?)

I'll take a look at the link you sent.

Admin do you have any comment there?

[Pommie]

[quote]Take a look at these. form-maker.com/overview.html

Looks worth it if only for the deatbase storage option that would get around some of missing emails issues.

Thanks

J

[Administrator]

Quote:

Originally Posted by Pommie

"Your online form is submitted at least 1000 times a day"

One question - and forgive me if I'm being naive or stupid admin, in that case how come according to the AWSTATS my form has only been fired 53 time this month up until yesterday?
Viewed Average size Entry Exit
/html/formmailer.php 53 466 Bytes 1 15

(and about 30 of them were me)

And how come I have only had 921 unique visitors this months and a total of 1221 visits if someone is firing my form 1,000 a day? Are they staying logged on permanenetly do you think? CAn you tell?

Do the web stats not collate visits from RBL'd IPs then

..or is there something wrong with my web stats as WELL?

J

They don't deploy people to go and browse all forms and submit those manually

URL to your mailer is stored in their mailer's database and their mailer runs 24x7. They never hit port 80 so awstats will never record their visit as awstats is updated from apache logs only. Mailers traffic can be seen in exim logs.

[Pommie]

Quote:

They don't deploy people to go and browse all forms and submit those manually

Wow that's a relief - I really thought that that was how they did it!

So now I just need to know why I'm not getting any spam mail in spite of all this spam that's being sent!

[Administrator]

Quote:

Originally Posted by Pommie

Wow that's a relief - I really thought that that was how they did it!

So now I just need to know why I'm not getting any spam mail in spite of all this spam that's being sent!

read those logs once again. see what error message is shown after each incoming email. All those spams are rejected as the senders are listed in spamhaus. Spamassassin has nothing to do if the sender is listed in spamhaus or spamcop RBL.

[Pommie]

Quote:

read those logs once again.

Read my post again

I understand now that there is spam being generated from the form and that it is happening in a way that was /is invisible to me. I also understand that you are saying that the removal method was mostly via RBL which is upstream from the spam filter. I will deal with this as soon as I can.

Now will you explain to me why there is NO EMAIL At ALL FROM ANY SOURCE (FORGET ABOUT MY FORM)HITTING ANY OF MY ACCOUNTS WHICH SCORES BETWEEN 5 and 15 SO THAT I CAN FILTER IT WITH RULES?

I originally thought that this was linked to missing enquiries from the form but you appear to be suggesting that it is not.

Unless you have found a foolproof way of filtering all email that scores >5 with no false positives and you are keeping this a secret (I have been told you filter only 15+) then why is it not hitting my account.

(Hint I don't think it's because spammers are having a holiday )

[optrex]

Its interesting you pick those values.

If email comes in from an RBL it gets rejected, otherwise it goes through spam assasin.

*Generally* If spam assasin scores 10 or more it gets rejected. If it scores under 5 it gets delivered, if it scores 5 to 10 it gets marked with a spam header.

If you are not getting the 5 to 10 range it looks like you may have an email rule set (either in your client on your PC or in your web filter settings) to prevent delivery or put it on a junk folder or similar.

I still recommend disabling it and using digiportal.com or similar.

The University of Essex has a great page for their users on SPAM. Its suggestions can be adopted for home use too. http://www2.essex.ac.uk/cs/services/...pam/index.html

[Pommie]

Quote:

Its interesting you pick those values.

It's not really me that's picked them as you will see below

Quote:

*Generally* If spam assasin scores 10 or more it gets rejected. If it scores under 5 it gets delivered, if it scores 5 to 10 it gets marked with a spam header.

If you are not getting the 5 to 10 range it looks like you may have an email rule set (either in your client on your PC or in your web filter settings) to prevent delivery or put it on a junk folder or similar.

Your understanding is very similar to mine then

I have been told very specifically by WHUK that tey set a level of 15 above which email is automatically deleted.

Mail that gets through should be tagged with a score - e.g 7 and a marker eg "Spam +++++++". Either of these can be use in an account level filter to move junk mail to a specified folder.

The only rules I have are designed to do this:

Spam bar contains +++++
Subject contains spam
Spam bar contains spam

All 3 are set to refirect the mail to spam@mydomain.

Spam Asassin is enabled
Autodelete is disabled
Spambox is disabled

ergo any mail that scores >5 and < 15 should end up in spam@mydomain.

This account has received no email at all over the last 3 days and almost none over the last 4 weeks (except for the resposnses from support that have "spam" in the header, proving that the rules work, and presumably proving that something very odd is happening upstream that is stopping a load of mail hitting my accounts.)

Perhaps there is some setting to which i don't have access that is actually deleting spam with scores > 5 before it even hits my account?

Admin - any comment?