For what I know, Razor works on message hashes (more or less like DCC and IXHash do). So, the Cloudmark site doesn't supply any delisting tool because it is not the source IP to get listed, but the spammy messages hashes.

I don't even know details about how razor hashes the message, so it *may* eventually be that some piece of message (like, in example, an automatic foot sign, or an automatic logo image) triggers the razor plugin. I would suggest to manage with the recipient to attempt razor-revoking the FP messages.

You could also attempt to get help at the Vipul's Razor list: Razor-***@lists.sourceforge.net .

Regards,

Giampaolo

actually, from the perspective of cloudmark, it did what it was supposed
to do.
it protected the clients who use if from a compromised system.

getting on a blacklist is easy. anyone's, sorbs, barracuda, DCC,
spamcop, anyones.

getting off is hard.

What you need to understand is that its really your clients fault for
not taking care of the security issue BEFORE he had a problem.

Sorry, but really, its your clients fault, and the world really needs to
protect itself from botnets.

Eventually (based on how cloudmark updates their system), your clients
ip will be removed from their database.

MAYBE (like barracuda, sorbs) they might have a way to for an
accelerated removal.
(barracuda, you either pay per domain, or fight your way though to
someone who will do it for you)
spamcop will automatically remove in (7 days?) if no more spam.
DCC is 30 days (if using the DCC reputation filter)

asking SpamAssassin group how to get off of cloudmark's list will be
useless.

Ask cloudmark.
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Wikipedia has a decent enough explanation of how it works.
Well, I don't think this is possible since Cloudmark wraps the Razor
system in a blanket, the ISP that buys Cloudmark is never told that
Razor is behind it, and Comcast further wraps whatever Cloudmark
gives them, so that their own users don't know what it is that
Comcast uses for spam filtering (Comcast probably rebrands Cloudmark
as "comcast spam filter" or some such.)

I would presume, knowing Comcast, and knowing the average ability
of the typical Comcast e-mail user, that the razor-report and
rezor-revoke is being done silently, automatically, behind the
scenes. Perhaps when a user pulls a message out of their junk
mail folder, it razor-revokes it.

The customer already called Comcast and complained, they were told
essentially to do nothing and the system will fix itself eventually.
It's not really my problem, to be honest. In this scenaro we are
only assisting our customer with running their -own- mailserver,
the customer -isn't- using -our- mailserver. If they were, this
never would have happened.

The situation is your typical small-company-mentality of well we
have 15 employees here and Exchange is so superior that we are gonna
spend 10 thousand dollars on it, on a server for it, and on paying
someone (our ISP in this case) to put it together for us since we
don't know how it goes together - instead of merely paying our ISP
a nominal fee per year per mailbox hosted on a UNIX system. You cannot
argue with this logic, which is why we decided a long time ago we
wouldn't, and got into the on-site support business as well as the
ISP.

In actuality, in this situation it technically wasn't the mailserver
that actually got compromised, it was a desktop PC - but since the
desktops and exchange server are both behind a NAT, from the outside
world they are considered the same device.

Our role is that of a consultant - and we have to play ball by
their rules, not ours. Meaning that once the helpful people on this
list pointed me in the right direction so that I could figure out
what we were dealing with, the ball is now in our customers court.
They don't want to pay our labor to sit for hours on the phone with
Comcast tech support, and I can't blame them, I wouldn't either.

Ted

Your response was to correct an onlist reply to an onlist remark. Is
there some reason why you would feel it appropriate to off-list that?
AFAIR it's good manners to *not* send off list replies in general?
Butnotwithstanding that, you could have easily cleared up any confusion
by posting onlist.

As said elsewhere, some folk are a little too big for their boots
perhaps? It's quite OK for them to be rude, off list, off topic and show
bad netiquette whilst pointing out their loathing of others doing it. Me
thinks that == 'hypocritical' yes?

You may, btw, wish to configure your mailer so the 'reply to' does not
populate with your own email address - but instead
'***@spamassassin.apache.org' , a good read of the documentation
should help.