I've encountered a problem on 2.65 where spammers, whose posts used to trigger e-mail notifications to me, seem to have figured out how to post comments and disable the notification.

I've tested and confirmed that the various Levitra, etc. spammers are suppressing the notification to me, whereas normal comments always trigger a notification.

This would indicate that there's some variable they're able to pass that bypasses the notification setting in MT's config.

Anyone have a similar experience or a fix?

I haven't heard of anything like this; as I understand how MT sends the comment notices, it shouldn't be possible. Do you have spam filtering on your email that might be trapping the comment notices because of their spam content?

That happens to me quite often - I check my Spam Assassin folder regularly and find nasty comments there that I would have otherwise missed.

If you're already using an RSS reader, you might try setting up an RSS feed of all recent comments--there's no way they could bypass that (I think). I've got a template for one (you may need to "view source" on it).

I do have SpamCop. However, it quarantines all suspicious messages and I check it regularly. It has caught none of these messages.

I'll try the RSS feed, but if anybody has any ideas on how to diagnose further, I'd be happy to hear them. In the meantime, I still think there may be a minor vulnerability on this issue.

ISPs are also getting a lot smarter about spam. It's entirely possible that these emails never make it to your Inbox at all because the ISP doesn't let them through.

(At one point, I stopped getting notification emails from the support forum here, because my host inadvertently blacklisted the forum's email server. Once they removed it from the blacklist, everything was back to normal and I started getting the emails again.)

SandyS1, please check the PM I sent you. I think I have a clue, but got to clarify something.

girlie-

I doubt it's my ISP. MT uses my server's mailer to send them to me on my own box on that same server, and my own box then simply forwards them on to Spamcop, where they are then forwarded to the e-mail account my ISP provides me. So if anybody gets a chance to filter it, it would be SpamCop, and they would catch this sort of thing first. If my webserver had blacklisted itself, no comment notification would get through. I'll double-check with my server host, though.

Another thing I've noticed, they're getting around my IP bans. I've banned 213.91.217.14 for a couple of days now and that's where they're POSTing from. This makes me suspicious they've found a hole or two.

The RSS thing is working when I check my feeds, so that's a workaround.

OK, good call, girlie. :-)

After testing, it seems that server host is indeed checking for spams and doing hyperagressive filtering with no notification to me of held mail. I shall be speaking with them about that.

It's the second point that's now bugging me--the IP bans don't seem to have an effect. I'll do some more research on that one, though.

While adding an IP address of a comment troll to my ban list recently, I noticed that the same address was already on the ban list, yet the comment appears to have gone through so that I had to ban the IP again. So I'm with Sandy on this one.

Can't spammers spoof IP addresses?

Or perhaps you had a space at the end of the first IP ban?

I'll check for the space. This isn't a spammer, it's a troll who has been banned from my site repeatedly for posting abusive comments towards me and others. I suppose he could be using IP spoofing but it's more likely that there's a space or some other invisible difference in the IP address.