Three little WHYs


1) Why does Spamcop also scan the 192 IP range?

For instance




2) Why doesn't SpamCop add an IP of its own to the first [last from the bottom] Received in the emails I get by POP3?

For instance



3) Why is there a "from unknown" in the second Received?


Thank you!

1. all IP's in the header are fed to the parser and work is done to resolve them. Thus, each IP checked shows as being looked at in the parser output routine.

2. Take a look at more headers, this is normal.

3. probable network configuration issues within the server farm. Noting that the email was picked up by mailgate.cesmail.net and the next system to handle it was blade1.cesmail.net shows that it was all handled within the cesmail.net network (also indicated by the 192 range IP you first asked about)

Ok, that's how it works.
But I still wonder why that range of IP addresses are fed to the parser.
Shouldn't 192.168.xxx.xxx IPs be skipped?



Yes, I know, that's normal for Spamcop.
But other mail servers add an IP of their own, AFAIK





You mean at Spamcop's?

See answer #3 in my last post, dealing with "breaking the chain test"


Let's put it this way, SpamCop doesn't manufacture the headers. The headers are as you supply them. So repeat, look at other headers.


SpamCop and cesmail.net network go together like Mom and Dad.

All RFC1918-compliant IP Addresses, including 192.168.0.0/16, are skipped by the Parser in the SpamCop Parsing and Reporting System. It would probably be less efficient to try to skip them in the SpamCop Email System as well, so the administrators at Corporate Email Services, which runs the SpamCop Email System, appear to have decided to just scan all of the IP Addresses in the "Received" header lines. Is their decision causing a problem for you?

This is the doing of software called "qmail" which is running on multiple blade servers at Corporate Email Services. qmail's programmers decided to to document their activities within email headers using nonstandard "Received" header lines - I believe they should have used "X-qmail" header lines instead. You are free to discuss this issue with them using the qmail-help list at list.cr.yp.to or learn more about qmail at a qmail mirror near you from the list here. The Administrators at Corporate Email Services have chosen qmail. The combined decisions of Client Email Administrators, qmail Programmers, Corporate Email Services Administrators, ISP Email Administrators, and Microsoft Exchange Programmers caused me a problem last year when one of my ISPs' mail servers (one that I POP from) started barfing on legit emails that had 14 ("too many" according to Microsoft's defaults) "Received" headers, but I got that ISP's Email Administrators to fix that for me. Are their decisions causing a problem for you?

The Administrators at Corporate Email Services would need to maintain a fault-tolerant internal-only DNS server (or hosts file entries) for 1.168.192.in-addr.arpa and/or 168.192.in-addr.arpa in order to change that line to read "Received: from mailgate.cesmail.net (192.168.1.101)
by blade1.cesmail.net with QMQP; 2 Apr 2004 10:28:04 -0000". They appear to have chosen not to do so at this time. Is their decision causing a problem for you?

Please be specific about any such problems. Thanks!