Help - Search - Members - Calendar
Full Version: Mailhosts - No source IP address found, cannot proceed
SpamCop Discussion > Discussions & Observations > Mailhost Configuration of your Reporting Account
motiv8d
Feb 26 2007, 04:19 AM
Since configuring mail hosts all spam seems to be unreportable. As such I must have done something incorrectly when configuring but cannot see what. Could someone please advise?

I have a domian (call it mydomain.loc - real domain name withheld) and subdomain mymail.mydomain.loc test.mydomain.loc for which reporting seemed to be working fine before adding mail hosts. The above domain and subdomains resolve to same ip (say 111.111.111.111) (main domain name is rdns for the ip). There is a backup mail server at an entirely separate domain and ip (say 222.222.222.222) (backupdomain.loc - real name withheld). I also have an individual email account at the backup domain forwarded to an address at mydomain.loc eg: myname[at]backupdomain.loc.
I have added the mailhosts in the order below (address - standard name) and confirmed emails for both mail and backup mail servers.
1) address[at]mydomian.loc - mydomain.loc
2) address[at]mymail.mydomain.loc - mymail.mydomain.loc
3) address[at]test.mydomain.loc - test.mydomain.loc
4) myname[at]backupdomain.loc - backupdomain.loc

After confirming the configuration emails for these I have in my mailhosts:

Hosts/domains: 1) mine. [name of my assp server] 2) mail.backupdomain.loc [external dns name of backup mail server]
Relaying ips: 1) 111.111.111.111 2) 222.222.222.222
In the "delete host" dropdown there is only myname[at]backupdomain.loc

I have included a sample of the spamcop report that is unreportable below
QUOTE

[SpamCop.net - protecting the internet through technology]
Help | Site Map
| Text size: - +
xxxxxxxx
Report Spam Mailhosts Statistics Past Reports Preferences
SpamCop v 630 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
http://www.spamcop.net/sc?id=xxxxxxxx
Skip to Reports

Return-Path: <belf[at]jazzmebluesmusic.com>
Received: from eleventhirtytwo.wbb.net.cable.rogers.com ([127.0.0.1])
by mail.mydomain.loc
with hMailServer ; Mon, 26 Feb 2007 12:07:49 +0900
Received: from 74.210.6.8 ([74.210.6.8] helo=eleventhirtytwo.wbb.net.cable.rogers.com)
by MINE.; 26 Feb 2007 12:07:29 +0900
Received: from cpbse ([195.219.87.130])
by eleventhirtytwo.wbb.net.cable.rogers.com (8.13.4/8.13.4) with SMTP id l1Q3BrB3067036;
Sun, 25 Feb 2007 20:11:53 -0700
Message-ID: <0019______________________dbc3[at]cpbse>
From: "Kimball" <belf[at]jazzmebluesmusic.com>
To: <x>
Subject: parking brake unclear
Date: Sun, 25 Feb 2007 20:04:02 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0015_01C75918.981A5C20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Assp-Delay: delayed for 15m 4s; 26 Feb 2007 12:07:31 +0900
X-Assp-Received-SPF: pass (MINE.: local policy includes SPF record at
spf.trusted-forwarder.org) client-ip=74.210.6.8; envelope-from=belf[at]jazzmebluesmusic.com;
helo=eleventhirtytwo.wbb.net.cable.rogers.com;
X-Assp-Received-RBL: pass (MINE.: local policy) rbl=none; client-ip=74.210.6.8;
X-Assp-Bayes-Confidence: 0.00000
X-Assp-Spam-Prob: 0.00000
X-Assp-Envelope-From: belf[at]jazzmebluesmusic.com
X-Assp-Intended-For: x

View entire message
Parsing header:
0: Received: from 74.210.6.8 ([74.210.6.8] helo=eleventhirtytwo.wbb.net.cable.rogers.com) by MINE.; 26 Feb 2007 12:07:29 +0900
Hostname verified: eleventhirtytwo.wbb.net.cable.rogers.com
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust anything beyond this header
No source IP address found, cannot proceed.


Thanks and regards
StevenUnderwood
Feb 26 2007, 07:59 AM
QUOTE(motiv8d @ Feb 26 2007, 04:19 AM) *

Since configuring mail hosts all spam seems to be unreportable. As such I must have done something incorrectly when configuring but cannot see what. Could someone please advise?

You have munged quite a bit that helping might not be completely possible. Using the data you DID supply:

Is your server, defined in the error line by "MINE" specifically listed in your mailhost list? That is the receiving server being talked about.

The only thing you should have included is the unmodified tracking URL.
Farelf
Feb 26 2007, 08:01 AM
I can't see where it has gone wrong. When someone who knows this stuff comes along, here is the tracking URL for that data parsed without mailhosts: http://www.spamcop.net/sc?id=z1236872688z2...6abd9a9aa6dcf4z
motiv8d
Feb 26 2007, 07:48 PM
QUOTE(StevenUnderwood @ Feb 26 2007, 09:59 PM) *

You have munged quite a bit that helping might not be completely possible. Using the data you DID supply:

Is your server, defined in the error line by "MINE" specifically listed in your mailhost list? That is the receiving server being talked about.

The only thing you should have included is the unmodified tracking URL.


Hi Steven
The specific things munged were:
1) the domain (mydomain.loc)
2) backup domain (backupdomain.loc)
3) domain external IP (111.111.111.111)
4) backup domain external IP (222.222.222.222) and
5) spamcop user - xxxxxxxx.

They have been munged consistently throughout the copy.

The server defined by the error line "MINE." is listed in the dropdown for Hosts/domain under the mail hostname "mydomain.loc" as "MINE." (the MINE is not munged, it is the identifier used for my ASSP server). Under the same dropdown is also the backup mail server "mail.backupdomain.loc". Within the same section the dropdown for Relaying IPs shows both the external ip for mydomain.loc and also the external ip for backupdomain.loc (munged as 111.111.111.111 and 222.222.222.222 respectively).

Thanks
motiv8d
Feb 26 2007, 09:19 PM
I have a single external IP and single mail server but hosting several domains.
The mail server dns entry is different also for each domain also.
An example of the structure is below (real names not used) :

Domain: mydomain.loc
Mail server in DNS: mail.mydomain.loc
Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc)

Domain. sub1.mydomain.loc
Mail server in DNS: mail.sub1.mydomain.loc
Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc)

Domain. sub2.mydomain.loc
Mail server in DNS: mail.sub2.mydomain.loc
Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc)

There is a backup mail server used for all of the above.
Domain. backupdomain.loc
Mail server in DNS: mail.backupdomain.loc
Resolving IP: 222.222.222.222 (rdns PTR of this is mail.backupdomain.loc)

I cannot work out what I should be using for mailhosts. Is just doing the entry for the first domain "mydomain.loc" enough?

Also I use ASSP and it has a field for "My Name" (usually set to "ASSP.nospam"). If I use this name I get several extra IP's listed in my mailhosts that have nothing to do with me. What should I be setting this name to? mail.mydomain.loc?

Thanks


UPDATE: I have changed the ASSP name as "mail.mydomain.loc" (real domain used of course) and put all mailhosts via the following order:
reportspam[at]mydomain.loc - standardname: mydomain.loc
reportspam[at]sub1.mydomain.loc - standardname: sub1.mydomain.loc
reportspam[at]sub2.mydomain.loc - standardname: sub2.mydomain.loc

It is now allowing me to report spam and 'seems' correct, however, now the headers that are being reported include my actual domain and mail server name, Does that pose any problem with creating additional spam by providing the spammer with this information in the spam report?

Also some of the host/domain and relaying ip dropdowns are now empty. Although it seems to be working does this sound like a problem?
Miss Betsy
Feb 27 2007, 07:12 AM
QUOTE
It is now allowing me to report spam and 'seems' correct, however, now the headers that are being reported include my actual domain and mail server name, Does that pose any problem with creating additional spam by providing the spammer with this information in the spam report?

The consensus seems to be that it is a washout - some spammers will listwash you and that spam will be reduced; some spammers seem to add those addresses to their lists. And the actual volume of spam you get is about the same, though it flucuates for unknown reasons (there is a holiday in the spammer's country?).

There are people who do not like to give the spammers this information, but they cannot use spamcop to send reports. They can use spamcop to find the correct abuse address to report manually (on their own with heavy munging) or spamcop email to filter spam out. Once a person starts to get spam the only recourse is to filter; there is no way to stop it. In many people's opinion, the volume of spam doesn't matter since email has to be filtered. In fact, the more spam you can report, the better it is for everyone. OTOH, there are enough reporters that, if reporting becomes a burden, only a portion needs to be submitted.

Although there are some instances of whitehat ISPs getting reports and acting on them (mistakes do happen), most of the benefit of reporting is to feed the blocklist which is used to filter (or block, by some).

Miss Betsy
motiv8d
Feb 27 2007, 09:37 PM
Thanks Miss Betsy
I will continue to use, even a little more spam is acceptable if it will help shutdown some of the spamming &%*&^&'s.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.