Welcome, Guest

1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts.

Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!"
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the ~~strikethrough~~ member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.

Page:
1

TOPIC:

Sudden spam problem 6 years 1 month ago #75194

kerint
Topic Author
Offline
New Member
Posts: 14
Thank you received: 4

Hi, our Contact Us is suddenly getting inundated with spam, 3 in the last hour alone, some really gross x rated stuff. I add domains to the black list as they come in (but they are all different, and it's getting time consuming). I added the Spam button to the bottom of each email, and I changed our SpamAssassin threshold to 3 (the most protection possible) to no avail.

1) Is there a way to "check our spam folder" to see if we've missed any legit messages?
2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?
3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/

Last edit: by kerint.

The topic has been locked.

Sudden spam problem 6 years 1 month ago #75195

Brian Offline Administrator Posts: 10476 Thank you received: 3867	1) there is no spam folder, we do not store any email just forward them. 2) if you look at the email header and look for the originating IP address we can block that.
	The topic has been locked.

Sudden spam problem 6 years 1 month ago #75196

SteveTheTechie
Offline
Administrator
Posts: 11526
Thank you received: 3795

kerint wrote:
1) Is there a way to "check our spam folder" to see if we've missed any legit messages?

While we do retain spam emails, that retention is strictly for our internal use (for troubleshooting and tweaking of the spam filtering) and those emails are concatentated together in one large text file on the server... no segregation by club number. There is no way for you to inspect what was filtered out at the current time for administration purposes. Perhaps I will add some sort of inspection mechanism in the future but none exists currently.

2) Is there a way to set specific KEYWORDS instead of just domains or email addresses? Then I could block any emails with any icky terms?

We can tweak the spam filter we use for certain keywords, but that is applied globally throughout the system, not just for one club. There is no way for you to access the spam filtering settings directly, and I doubt we would ever allow that.

3) Seems like they all end with .icu. Can I somehow add just the extension .icu to the black list?

I purposely set up the domain syntax for the club blacklists to use complete domain names. It speeds and simplifies processing (simpler pattern matches and domain verification) and is sufficient for the vast majority of use cases.

Kerin
4664 Plaza Toastmasters
plaza.toastmastersclubs.org/

Last edit: by SteveTheTechie.

The topic has been locked.

Sudden spam problem 6 years 1 month ago #75197

SteveTheTechie Offline Administrator Posts: 11526 Thank you received: 3795	Kerin, If you are unsure how to find the originating IP addresses for the emails, then post the raw email headers here using the <> code icon above the message editor (prevents mangling) and Brian or I can probably help you determine them from the headers.
	Last edit: by SteveTheTechie. The topic has been locked.

Sudden spam problem 6 years 1 month ago #75201

kerint
Topic Author
Offline
New Member
Posts: 14
Thank you received: 4

Hi! Thanks for your help. Is this the info you're looking for, or should I copy further down the header? (Or do I have the wrong info altogether?) So I know for the future, which one is the originating IP? Once you tell me this one, I can look for the IP for the others.

Received: from BN3NAM01HT057.eop-nam01.prod.protection.outlook.com
 (2603:10b6:3:9a::15) by DM5PR0101MB2988.prod.exchangelabs.com with HTTPS via
 DM5PR19CA0029.NAMPRD19.PROD.OUTLOOK.COM; Wed, 29 May 2019 22:09:46 +0000
Received: from BN3NAM01FT047.eop-nam01.prod.protection.outlook.com
 (10.152.66.56) by BN3NAM01HT057.eop-nam01.prod.protection.outlook.com
 (10.152.66.242) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16; Wed, 29 May
 2019 22:09:45 +0000
Authentication-Results: spf=pass (sender IP is 50.19.253.65)
 smtp.mailfrom=toastmastersclubs.org; outlook.com; dkim=fail (body hash did
 not verify) header.d=toastmastersclubs.org;outlook.com; dmarc=pass
 action=none header.from=toastmastersclubs.org;
Received-SPF: Pass (protection.outlook.com: domain of toastmastersclubs.org
 designates 50.19.253.65 as permitted sender) receiver=protection.outlook.com;
 client-ip=50.19.253.65; helo=toastmastersclubs.org;
Received: from toastmastersclubs.org (50.19.253.65) by
 BN3NAM01FT047.mail.protection.outlook.com (10.152.66.97) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.1922.16 via Frontend Transport; Wed, 29 May 2019 22:09:45 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:1859CB2F0C141C0B1D6E95EC2B9A879CF0DC6132320918E7792CF6F34177D57C;UpperCasedChecksum:285BEC65360600C6811B612B092355314AA2555BC3078D44DB035F3211FD6085;SizeAsReceived:1947;Count:19
Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1])
	by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9jWa008511
	for <KERIN’S EMAIL@outlook.com>; Wed, 29 May 2019 22:09:45 GMT
Message-ID: <201905292209.x4TM9jWa008511@toastmastersclubs.org>
Received: from steamjury.icu ([70.96.202.5])
	by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TM9dJJ008386
	for <OUR CONTACT US EMAIL@toastmastersclubs.org>; Wed, 29 May 2019 22:09:43 GMT
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=steamjury.icu;

Last edit: by SteveTheTechie.

The topic has been locked.

Sudden spam problem 6 years 1 month ago #75202

SteveTheTechie
Offline
Administrator
Posts: 11526
Thank you received: 3795

Yes those are the headers. I threw the code formatting on it for you... much more readable.

I think Brian should weigh in on this, but I think it may be the 10.152.66.56 or 10.152.66.242 IP Address that is relevant, but I am not sure which the FTH server would actually see on incoming email. (50.19.253.65 is the FTH server) Received: from steamjury.icu ([70.96.202.5]) is likely more relevant.

The way I read this is to start at the top for where the email orginated... I believe each "Received: from" is a different server along the "delivery path".

Brian: What do you think?

Last edit: by SteveTheTechie.

The topic has been locked.

Sudden spam problem 6 years 1 month ago #75203

kerint
Topic Author
Offline
New Member
Posts: 14
Thank you received: 4

OH right I forgot you requested code formatting. I pulled headers from 3 others if you want to compare. Here's one. I thought it might be toward the bottom of this where it says Received: from glidewife.icu ([70.96.202.4]). Could that be it?

Received: from BN3NAM01HT181.eop-nam01.prod.protection.outlook.com
 (2603:10b6:5:177::22) by DM5PR0101MB2988.prod.exchangelabs.com with HTTPS via
 DM6PR02CA0045.NAMPRD02.PROD.OUTLOOK.COM; Wed, 29 May 2019 21:40:04 +0000
Received: from BN3NAM01FT048.eop-nam01.prod.protection.outlook.com
 (10.152.66.54) by BN3NAM01HT181.eop-nam01.prod.protection.outlook.com
 (10.152.67.175) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1922.16; Wed, 29 May
 2019 21:40:03 +0000
Authentication-Results: spf=pass (sender IP is 50.19.253.65)
 smtp.mailfrom=toastmastersclubs.org; outlook.com; dkim=fail (body hash did
 not verify) header.d=toastmastersclubs.org;outlook.com; dmarc=pass
 action=none header.from=toastmastersclubs.org;
Received-SPF: Pass (protection.outlook.com: domain of toastmastersclubs.org
 designates 50.19.253.65 as permitted sender) receiver=protection.outlook.com;
 client-ip=50.19.253.65; helo=toastmastersclubs.org;
Received: from toastmastersclubs.org (50.19.253.65) by
 BN3NAM01FT048.mail.protection.outlook.com (10.152.66.124) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.1922.16 via Frontend Transport; Wed, 29 May 2019 21:40:03 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:57306BA8721987974A141438AC97F385498270C1E926E1FA00EDCB466D4B064A;UpperCasedChecksum:62AD6308B8BF864717AF9F6F368AFBB4BE55D7993072179A8F5741CE91E72D12;SizeAsReceived:2008;Count:19
Received: from localhost.localdomain (toastmastersclubs.org [127.0.0.1])
	by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TLe3bB028775
	for <KERIN'S EMAIL@ outlook.com>; Wed, 29 May 2019 21:40:03 GMT
Message-ID: <201905292140.x4TLe3bB028775@toastmastersclubs.org>
Received: from glidewife.icu ([70.96.202.4])
	by toastmastersclubs.org (8.14.4/8.14.4) with ESMTP id x4TLdwHE028723
	for <OUR CONTACT US EMAIL@ toastmastersclubs.org>; Wed, 29 May 2019 21:40:01 GMT
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=glidewife.icu;
 b=je9QNLT5JGlXLjAfqLwbyTETfffwGz2ysGPRkol8kL30ZtjomEfH67OlNzhBp/bMudo1NG/Z8sD1
   NW5rvSchBSPVpanjpmi6RpbegkOfPxQoQAAgSIp1PD0P94NOjsP+TDJRx/zKT4dK/9apiiUdIYIb
   YZJnQHLRxT/1GZPRgZ0=;
Date: Wed, 29 May 2019 16:32:52 -0500

The topic has been locked.

Sudden spam problem 6 years 1 month ago #75207

SteveTheTechie Offline Administrator Posts: 11526 Thank you received: 3795	I think you are probably correct. Brian can add a block for a range of IP addresses in the FTH server firewall config. (Hoping Brian chimes in here.)
	Last edit: by SteveTheTechie. The topic has been locked.

Sudden spam problem 6 years 1 month ago #75211

Brian Offline Administrator Posts: 10476 Thank you received: 3867	Originating IP are Received: from steamjury.icu ([70.96.202.5]) Received: from glidewife.icu ([70.96.202.4]) They have been blocked The following user(s) said Thank You: SteveTheTechie, kerint
	The topic has been locked.

Sudden spam problem 6 years 3 weeks ago #75335

kerint Topic Author Offline New Member Posts: 14 Thank you received: 4	Thank you both so much for your help with this issue, and for all you do. And thank you for teaching me how to find th originating IP! I hate to jinx anything, but the problem seems to have subsided. Nothing new since you blocked these. Fingers crossed! Have a great day! Kerin The following user(s) said Thank You: SteveTheTechie
	The topic has been locked.