Jump to content

Are spammers getting cleverer?


Rebekah

Recommended Posts

Shall "we" assime that you don't have Technical Details turned on? Trying to figure out how / why you left out the more obvious problem seen in the lines;

Parsing header:

0: Received: from aamta02-winn.mailhost.ntl.com ([212.250.162.8]) by mta13-winn.mailhost.ntl.com with ESMTP id <20041117085425.IPSN5690.mta13-winn.mailhost.ntl.com[at]aamta02-winn.mailhost.ntl.com> for <x>; Wed, 17 Nov 2004 08:54:25 +0000

Hostname verified: mailhost.ntl.com

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

It would appear from here that you need to follow through and finish setting up your MailHost configuration .... or delete what you've got and start over ... but you also need to stop trying to report stuff until you sort it out.

Link to comment
Share on other sites

I do have Technical Details turned on. I have followed your suggestion and deleted the Main Host configuration. I have set it up again and nothing has changed. Latest spam below and it can be seen SpamCop cannot find the IP address in the header. I can however (218.25.10.39) and the report should go to abuse[at]cnc-noc.net IMHO

I do think it has anything to do with the Possible forgery. Supposed receiving system not associated with any of your mailhosts. I get this message on spam received my on other Mail Hosts and SpamCop can trace the email sback to source.

Return-Path: <sweetdp101[at]hotmail.com>

Received: from aamta04-winn.mailhost.ntl.com ([212.250.162.8])

by mta08-winn.mailhost.ntl.com with ESMTP

id <20041121223204.MVRI8585.mta08-winn.mailhost.ntl.com[at]aamta04-winn.mailhost.ntl.com>

for <x>; Sun, 21 Nov 2004 22:32:04 +0000

Received: from server02.lanthost.com ([195.86.57.5])

by aamta04-winn.mailhost.ntl.com with SMTP

id <20041121223204.MDWK2076.aamta04-winn.mailhost.ntl.com[at]server02.lanthost.com>

for <x>; Sun, 21 Nov 2004 22:32:04 +0000

Received: (qmail 10618 invoked by uid 110); 21 Nov 2004 22:34:18 -0000

Delivered-To: x

Received: (qmail 10615 invoked from network); 21 Nov 2004 22:34:18 -0000

Received: from unknown (HELO allsaintsfan.com) (218.25.10.39)

by www2.lanthost.com with SMTP; 21 Nov 2004 22:34:18 -0000

To: <x>

From: "Alan" <ricky21florida[at]hotmail.com>

Date: Sun, 21 Nov 2004 22:30:05 GMT

Message-Id: <1101________1585[at]excite.com>

Sender: ra1ywrite[at]hotmail.com

Subject: Super Cheap Rates on Best Sexual Health Drug!

X-Content-Type: text/html;

Content-Type: text/html

X-SpamCop-note: Converted to text/html by SpamCop (outlook/eudora hack)

View entire message

Parsing header:

0: Received: from aamta04-winn.mailhost.ntl.com ([212.250.162.8]) by mta08-winn.mailhost.ntl.com with ESMTP id <20041121223204.MVRI8585.mta08-winn.mailhost.ntl.com[at]aamta04-winn.mailhost.ntl.com> for <x>; Sun, 21 Nov 2004 22:32:04 +0000

Hostname verified: mailhost.ntl.com

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

Link to comment
Share on other sites

A couple of interesting tidbits there .... first of all, here's my parse of a 'recreation' of your spam ... line wraps fixed, no mailhosts involved .... http://www.spamcop.net/sc?id=z694988268z24...8d0057d943da95z

Easy guess at this point would be that your parse hit yet another of the problematic DNS look-up failures due to time-out issues .. my parse hitting after the cache had been refreshed along the way ... There a number of other Topics dealing with the sugestion of doing a Refresh on the parser output page that sometimes brings this data into existence ...

Another interesting issues is your apparent problem with a mailhost configuration ... that the same ISP seems to be involved with another recent user complaint scenarios ... note the issues seen in Topics started within the Help and MailHost Forums started by Stickems ... curious that you're showing the same parse output issues from the same ISP ....????

Link to comment
Share on other sites

I am getting more spam where Spamcop cannot read the headers. I get the error message

No source IP address found, cannot proceed.

Tracking URL for latest

http://www.spamcop.net/sc?id=z693018925zaf...de2d47ee5b0077z

Is this a problem shared by others?

;)

20224[/snapback]

OK I got the parser to this header:

Received: from server02.lanthost.com ([195.86.57.5]) by aamta02-winn.mailhost.ntl.com with SMTP id <20041117085425.EYIT10991.aamta02- winn.mailhost.ntl.com[at]server02.lanthost.com> for <x>; Wed, 17 Nov 2004 08:54:25 +0000

Now the question is: what is lanhost -- is this part of ntl.com or part of some system that is forwarding your mail to ntl or the legit source of the spam. A whois lookup seems to indicate that it belongs to nl.easynet

Link to comment
Share on other sites

I can work the system which is simple enough - successfully reported spam on another account earlier today - but the technicalities of this are beyond me!! I have looked at the postings you suggested and I don't understand them.

I do note, however, than one or others are having the same problem. The strange this is that I set up the MailHost and it worked fine until a fortnight ago.

Link to comment
Share on other sites

I did point out that Stickems was using the same ISP and was displaying the same MailHost "problem" ... the catch is that Ellen posted that she fixed Stickems' problem somehow (still hoping she'll dig up what the fix was, maybe it eill deal woth your issue also ..??) ....

The technical details thus far are only asking about the systems that your e-mail is flowing through / from. It's believed that you are paying ntl.com for a connection. But Ellen's last was some outfit called lanthost.com .... are you signed up with them / paying them any money .. something along that line?

Link to comment
Share on other sites

I did point out that Stickems was using the same ISP and was displaying the same MailHost "problem" ... the catch is that Ellen posted that she fixed Stickems' problem somehow (still hoping she'll dig up what the fix was, maybe it eill deal woth your issue also ..??) ....

The technical details thus far are only asking about the systems that your e-mail is flowing through / from.  It's believed that you are paying ntl.com for a connection.  But Ellen's last was some outfit called lanthost.com .... are you signed up with them / paying them any money .. something along that line?

20470[/snapback]

Link to comment
Share on other sites

lanthost.com seem to be the ultimate source for a website with which I am closely connected and where the spamming happens.

I did wonder if the fact that the spammed email address is redirected from lanthost through another ISP (NLT as it happens) causes the problem.

However, the site has changed servers and the redirection has been altered so that there is no change of ISP. Cancelled and set up the MailHost again - so we'll see how we go!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...