~~~~~~~~~~~~ IMPORTANT INFORMATION -- Please read! ~~~~~~~~~~~~

1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the [strike]strikethrough[/strike] member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.

Sudden spam problem

More
6 years 1 month ago - 6 years 1 month ago #75194 by kerint
Sudden spam problem was created by kerint
Hi, our Contact Us is suddenly getting inundated with spam, 3 in the last hour alone, some really gross x rated stuff. I add domains to the black list as they come in (but they are all different, and it's getting time consuming). I added the Spam button to the bottom of each email, and I changed our SpamAssassin threshold to 3 (the most protection possible) to no avail.

1) Is there a way to "check our spam folder" to see if we've missed any legit messages?
2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?
3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/
Last edit: 6 years 1 month ago by kerint.
The topic has been locked.
More
6 years 1 month ago #75195 by Brian
Replied by Brian on topic Sudden spam problem
1) there is no spam folder, we do not store any email just forward them.

2) if you look at the email header and look for the originating IP address we can block that.
The topic has been locked.
More
6 years 1 month ago - 6 years 1 month ago #75196 by SteveTheTechie
Replied by SteveTheTechie on topic Sudden spam problem

kerint wrote: 1) Is there a way to "check our spam folder" to see if we've missed any legit messages?

While we do retain spam emails, that retention is strictly for our internal use (for troubleshooting and tweaking of the spam filtering) and those emails are concatentated together in one large text file on the server... no segregation by club number. There is no way for you to inspect what was filtered out at the current time for administration purposes. Perhaps I will add some sort of inspection mechanism in the future but none exists currently.


2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?

We can tweak the spam filter we use for certain keywords, but that is applied globally throughout the system, not just for one club. There is no way for you to access the spam filtering settings directly, and I doubt we would ever allow that.


3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

I purposely set up the domain syntax for the club blacklists to use complete domain names. It speeds and simplifies processing (simpler pattern matches and domain verification) and is sufficient for the vast majority of use cases.


Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/

Last edit: 6 years 1 month ago by SteveTheTechie.
The topic has been locked.
More
6 years 1 month ago - 6 years 1 month ago #75197 by SteveTheTechie
Replied by SteveTheTechie on topic Sudden spam problem
Kerin,

If you are unsure how to find the originating IP addresses for the emails, then post the raw email headers here using the <> code icon above the message editor (prevents mangling) and Brian or I can probably help you determine them from the headers.
Last edit: 6 years 1 month ago by SteveTheTechie.
The topic has been locked.
More
6 years 1 month ago - 6 years 1 month ago #75201 by kerint
Replied by kerint on topic Sudden spam problem
Hi! Thanks for your help. Is this the info you're looking for, or should I copy further down the header? (Or do I have the wrong info altogether?) So I know for the future, which one is the originating IP? Once you tell me this one, I can look for the IP for the others.
Code:
Received: from BN3NAM01HT057.eop-nam01.prod.protection.outlook.com (2603:10b6:3:9a::15) by DM5PR0101MB2988.prod.exchangelabs.com with HTTPS via DM5PR19CA0029.NAMPRD19.PROD.OUTLOOK.COM; Wed, 29 May 2019 22:09:46 +0000 Received: from BN3NAM01FT047.eop-nam01.prod.protection.outlook.com (10.152.66.56) by BN3NAM01HT057.eop-nam01.prod.protection.outlook.com (10.152.66.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16; Wed, 29 May 2019 22:09:45 +0000 Authentication-Results: spf=pass (sender IP is 50.19.253.65) smtp.mailfrom=toastmastersclubs.org; outlook.com; dkim=fail (body hash did not verify) header.d=toastmastersclubs.org;outlook.com; dmarc=pass action=none header.from=toastmastersclubs.org; Received-SPF: Pass (protection.outlook.com: domain of toastmastersclubs.org designates 50.19.253.65 as permitted sender) receiver=protection.outlook.com; client-ip=50.19.253.65; helo=toastmastersclubs.org; Received: from toastmastersclubs.org (50.19.253.65) by BN3NAM01FT047.mail.protection.outlook.com (10.152.66.97) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16 via Frontend Transport; Wed, 29 May 2019 22:09:45 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:1859CB2F0C141C0B1D6E95EC2B9A879CF0DC6132320918E7792CF6F34177D57C;UpperCasedChecksum:285BEC65360600C6811B612B092355314AA2555BC3078D44DB035F3211FD6085;SizeAsReceived:1947;Count:19 Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9jWa008511 for <KERIN’S EMAIL@outlook.com>; Wed, 29 May 2019 22:09:45 GMT Message-ID: <201905292209.x4TM9jWa008511@toastmastersclubs.org> Received: from steamjury.icu ([70.96.202.5]) by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9dJJ008386 for <OUR CONTACT US EMAIL@toastmastersclubs.org>; Wed, 29 May 2019 22:09:43 GMT DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=steamjury.icu;
Last edit: 6 years 1 month ago by SteveTheTechie.
The topic has been locked.
More
6 years 1 month ago - 6 years 1 month ago #75202 by SteveTheTechie
Replied by SteveTheTechie on topic Sudden spam problem
Yes those are the headers. I threw the code formatting on it for you... much more readable.

[strike]I think Brian should weigh in on this, but I think it may be the 10.152.66.56 or 10.152.66.242 IP Address that is relevant, but I am not sure which the FTH server would actually see on incoming email. (50.19.253.65 is the FTH server)[/strike] Received: from steamjury.icu ([70.96.202.5]) is likely more relevant.

The way I read this is to start at the top for where the email orginated... I believe each "Received: from" is a different server along the "delivery path".

Brian: What do you think?
Last edit: 6 years 1 month ago by SteveTheTechie.
The topic has been locked.
Time to create page: 0.150 seconds

Copyright © 2025 FreeToastHost 3 Support. All Rights Reserved.