Pegasus Mail & Mercury

I have just implemented MercuryS and plan to use this only for accepting external mail (not from local users).  I have also set up MS_SPAM.MER to use SpamCop for tagging (at the moment) recognized spam.  Is there any way that a "spam" test message can be generated from somewhere that can checkout this tagging operation.

Thank you

GordonM

Is there any way that a "spam" test message can be generated from somewhere that can checkout this tagging operation.

Not really unless you have a blacklisted server someplace.  Blacklists only test the connecting IP addresses for presence on a list.  That said, if you send a couple of messages from the server or have the e-mail address on a web page someplace the testing will be pretty automatic. It takes only hours for the spammers to find the server.  Even if you do nothing at all there are a number of search tools out there looking for an open port 25  that will find your server as well, it will only take a bit longer.

Thank you for the reply, Thomas.  I have been looking at the SpamCop web-site to see what might be sufficient to cause a message to be recognized as spam.  I haven't found a clear answer to this question, but in the part of the site that describes the SpaCop mail service (which is not what I am using, of course) it states that:

All email received is checked to see if it has passed through a system which is in the database. If it is, then the message is flagged as probable spam.

If using the SpamCop database from Mercury acts in the same way, it would appear that any spammer IP addresses in a message header e.g. From: X-Originating-IP: Recieved: etc would be sufficient for the message to be labelled as spam, not only the immediately connecting source.  Do you know whether this is a correct assumption?  If so, it would seem to be sufficient to use the forwarding capability at my ISP to divert messages (some of which will be spam) to the MercuryS server, to test the SpamCop function.  Would this be correct?

Thank you

GordonM

If using the SpamCop database from Mercury acts in the same way, it would appear that any spammer IP addresses in a message header e.g. From: X-Originating-IP: Recieved: etc would be sufficient for the message to be labelled as spam, not only the immediately connecting source.  Do you know whether this is a correct assumption?  If so, it would seem to be sufficient to use the forwarding capability at my ISP to divert messages (some of which will be spam) to the MercuryS server, to test the SpamCop function.  Would this be correct?

When using the SpamCop blacklist in MercuryS you have an option to either bounce the message back to the sending system when there is a match or tag the message.  If you select the option to tag the message there are a number of options.

1.  Create a Mercury filter to move the message to a spam user account.  You as postmaster would review the received spam and forward the false positives on to the users.

2.  Tell your users what header you are adding to the message and then have them do what they want with it using the filters in their mail client.

3.  Create a second account for each user (i.e. user-spam) and filter based on the users e-mail address and spam tag to move the spam the the second account.  The users can then connect to the second account to process the spam.  Normally PMail would use "Add mailbox to list" to attach the account, PMail and other mailers could also use IMAP4 to connect if you are running MercuryI.

I tagged using option 1 for about a year using both the Spamcop and Spamhaus blacklists.  After that period of time with zero false positives I reverted to rejecting the mail based on these two blacklists. 

Thank you for the summary, Thomas.  I have redirected all of the mail, on my most spammed account, from my ISP to my MercuryS server.  However, although I have received about a dozen spam messages since then, there is no sign that SpamCop is doing anything.

 I am still not clear whether the above ought to work or whether MercuryS has to see a connection directly from a blacklisted site.

 Gordon

I have redirected all of the mail, on my most spammed account, from my ISP to my MercuryS server.  However, although I have received about a dozen spam messages since then, there is no sign that SpamCop is doing anything.

If all of the mail is coming from the same source (i.e. Your ISP's forwarding server) it has zero affect since every connection is from the same IP address.  In fact your ISP's server should be whitelisted.  SMTP type blacklisting only comes into play when the sending server is connecting directly to your MercuryS server.

Thank you, this is the clarification that I was looking for.  I was confused by the wording related to SpamCop accounts talking about "passing through" a system which is in the database.  I suppose that to test SpamCop, I am going to have to create a sacrificial account, as you originally stated.

Thank you for your time.

Gordon

I am going to have to create a sacrificial account, as you originally stated

You will need a sacraficial server rather than account.

Mercury looks up the connecting address only.

A daemon or policy could extract the ip's from the received headers and look them up as well, but I suspect that would be more trouble (and cycles) than it's worth.

I think the 'accounts' referred to are mail accounts hosted by Spamcop servers.

As Thomas said, if your mail is all relayed via your ISP using the blacklist will be useless.

If MercS receives incoming mail directly you will already be getting plenty of 'test' messages 

Thanks DLN.  Well, I have done nothing more so far, except turn off the forwarding from my ISP, which is obviously not helpful to do any sort of test.

I don't have a server that I want to sacrifice, so I won't pursue that avenue.

Unfortunately, I have been able to find a thorough "official" description of what SpamCop does with regard to header information.  I couldn't seem to find anything on the SpamCop web-site.

Mercury S has now been running for the best part of a day and nothing is appearing in the MercuryS log other than mail that I sent directly to the server and the forwarded mail from my ISP.

GordonM

GordonM:

Thanks DLN.  Well, I have done nothing more so far, except turn off the forwarding from my ISP, which is obviously not helpful to do any sort of test.

I don't have a server that I want to sacrifice, so I won't pursue that avenue.

Unfortunately, I have been able to find a thorough "official" description of what SpamCop does with regard to header information.

All that happens is that Mercury does a DNS lookup for <reverse.connecting.ip.address>.bl.spamcop.net

If it is on their list(s) you get a "127.0.0.x" response, where x is a number matching which list the ip is on.

If it is not listed you get an "<NXDOMAIN>-IPv4" or whatever your DNS server uses for "not found"

If matched, your selected action is applied to the message.

I couldn't seem to find anything on the SpamCop web-site.

Mercury S has now been running for the best part of a day and nothing is appearing in the MercuryS log other than mail that I sent directly to the server and the forwarded mail from my ISP.

GordonM

Is this your primary means of receiving mail?

Have you set your MX records correctly?

A bot should be along presently 

You can do a lookup on an IP manually at a command prompt

             nslookup reverse.suspect.ip.address.bl.spamcop.net

GordonM:

Unfortunately, I have been able to find a thorough "official" description of what SpamCop does with regard to header information.  I couldn't seem to find anything on the SpamCop web-site.

Testing the IP addresses on all 'received' headers is a different approach, and one that I used to do with a program running in a policy on Mercury.  It was particularly useful for receiving mail via MercuryD where you could not control the spamming connection.  However it was liable to false positives when it looks too far back down the chain of mail handling servers.

DLN - I am now clear about how SpamCop works.  Thank you for the explanation.

No, the connection using MercuryS is for a potential special application that I haven't set up yet.  Normally, I just download mail from several of my ISP accounts using the Distributing POP3 client and read it with IMAP4.

I haven't done anything specific with regard to MX.  My DNS record shows the name of my mail exchanger to be my normal domain name, i.e. not mail.domain_name or something like that.  Given that I have a rather simple arrangement for home use, I didn't think that anything else would be necessary.  I used the DNS check tool at http://www.checkdns.net and the answers that came back were what I expected.

PaulW - Thank you for the comment.  Yes, I can see that looking up the more servers is likely to result in more false positives.

Thank you

Gordon