SpamCop Discussion > comcast outbound mail wierdness

jondoran

Apr 20 2006, 11:29 AM

Regarding this report:

http://www.spamcop.net/sc?id=z924259737z3b...db10c6e7c3d0caz

Repeating the relevant section

CODE

Received: from unknown (192.168.1.103)
by blade5.cesmail.net with QMQP; 20 Apr 2006 16:02:44 -0000
Received: from sccrmxc22.comcast.net (204.127.202.102)
by mx53.cesmail.net with SMTP; 20 Apr 2006 16:02:44 -0000
Received: from pool-138-88-74-46.res.east.verizon.net ([138.88.74.46])
by sccrmxc22.comcast.net (sccrmxc22) with SMTP
id <20060420160226s22000ejd2e>; Thu, 20 Apr 2006 16:02:37 +0000

This was mail I had forwarded from comcast.net to spamcop.net. Would it be correct to interpret this as a misconfigured comcast server? (I didn't think that 192.168 was routable, but it has been a while since I've worked in this area).

If so, who would I contact at comcast to point this out?

Edit: by the way...

goodeatingg.com is reachable (some sort of diet spam). It resolves to 217.170.20.22

CODE

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 217.0.0.0 - 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2000-06-05
Updated: 2005-07-27

Somehow the automated link testing didn't catch this.

Wazoo

Apr 20 2006, 12:44 PM

QUOTE(jondoran @ Apr 20 2006, 11:29 AM)

This was mail I had forwarded from comcast.net to spamcop.net. Would it be correct to interpret this as a misconfigured comcast server? (I didn't think that 192.168 was routable, but it has been a while since I've worked in this area).

I'd say you need to step back, take a deep breath, and head off to do some research on how to read headers .... links provided in the SpamCop FAQ here, links at the top of the page.

Verizon Internet Services Inc. VZGNI-PUB-1 (NET-138-88-0-0-1)
138.88.0.0 - 138.88.255.255
AT&T WorldNet Services ATTPLS (NET-204-127-0-0-1)
204.127.0.0 - 204.127.255.255
(and in this case, AT&T = ComCast)

mx53.cesmail.net is one of JT's servers, which then passed it on bis an internal network to blade5.cesmail.net, another of JT's servers.

I don't see any ComCast mis-configured server evidence in your sample.

QUOTE

goodeatingg.com is reachable (some sort of diet spam). It resolves to 217.170.20.22
Somehow the automated link testing didn't catch this.

Tons of existing Topics/Discussion in the Reporting Help Forum, some in this Forum, FAQ entries exist .... let's wait until you do some of that initial research before starting yet another one on this specific iem right now.

StevenUnderwood

Apr 20 2006, 06:51 PM

QUOTE(jondoran @ Apr 20 2006, 11:29 AM)

CODE

Received: from unknown (192.168.1.103)
by blade5.cesmail.net with QMQP; 20 Apr 2006 16:02:44 -0000
Received: from sccrmxc22.comcast.net (204.127.202.102)
by mx53.cesmail.net with SMTP; 20 Apr 2006 16:02:44 -0000
Received: from pool-138-88-74-46.res.east.verizon.net ([138.88.74.46])
by sccrmxc22.comcast.net (sccrmxc22) with SMTP
id <20060420160226s22000ejd2e>; Thu, 20 Apr 2006 16:02:37 +0000

Line1: Internal routing within the spamcop domain
Line2: Spamcop receives message from comcast
Line3: Comcast received message from verizon