Jump to content

Brian Kendig

  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Brian Kendig

  • Rank
  1. Aha. I think I've figured it out. A few days ago, on the Mailhosts tab, I had set up the entry for my server by having Spamcop send me an email and then I copy/pasted it with full headers back into Spamcop's form. This created the Mailhosts entry - but the "Hosts/Domains" pulldown menu for it was empty. This was before I had put the FQDN into the email headers, so my server was only identifying itself with its local name, "www". I think this confused Spamcop. Yesterday I fixed my mail server to put its FQDN into its email headers. And just now I deleted that Mailhosts entry and created it again the same way - only, now the "Hosts/Domains" pulldown menu lists "www.enchanter.net" and "enchanter.net". I resubmitted this morning's spam, and Spamcop was able to handle it with no problem. Thank you both for your help! tl;dr: If the mail server doesn't put its FQDN into its Received header, then Spamcop's Mailhosts setup won't be able to read the domain name, and Spamcop will reject spam reports for that server with the "identified internal IP as source" error.
  2. "by www.enchanter.net with esmtps" still gives me the "Mailhost configuration problem, identified internal IP as source" / "No source IP address found, cannot proceed" error. "by (www.enchanter.net) withy esmtps" also gives me the same error. "by with esmtps" also isn't working for me on another message, now. Same error. I'm perplexed - I no longer seem to be able to report any spam for my mail server. Not a critical issue, of course, but I wonder what's going on. I don't see other servers needing to put their IP address into their Received header.
  3. No success yet. I submitted spam with this header, which includes my FQDN and IP address: Received: from net-mkting.com ([]) by www.enchanter.net ( with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <sales@net-mkting.com>) id 1kCAPa-0001f8-Pi for brian@enchanter.net; Sat, 29 Aug 2020 19:37:31 -0400 but SpamCopy still says "Mailhost configuration problem, identified internal IP as source". (https://www.spamcop.net/sc?id=z6647849203zdc6a9633e3bd43a0c4fc48a74c4b0f42z) I just don't understand what it thinks is an "internal IP" that's being used as a "source." Edit: aha, when I remove my FQDN and just say "by", then SpamCop accepts it, interesting...
  4. Aha, you're saying that your example spam message has "Received: by" with a numeric IP address, while my spam headers have "Received: by www" with no IP. I'll look into how to get Exim to put my external IP address there and have it show 'enchanter.net' instead of 'www'. (It's probably a matter of editing Exim's received_header_text setting, though I'm surprised the IP address isn't appearing by default.) Thank you! As for reverse DNS, I don't know if I can do anything about that because I'm using FreeDNS to resolve my hostname, but IP to hostname conversion is being handled by my ISP. I'll need to ask them if they'll fix it on their end, but they might not want to be bothered. Thank you for your help!
  5. petzl - I appreciate your help but I don't understand what that means. Yes, my spam is from a Chinese botnet IP, but what do you mean by "Not stamping received IP only"? Is that a problem on my end? As for my email server test - looks like it checks out okay except for reverse DNS on my server. That's because my ISP's DNS apparently takes precedence over the nameserver I chose for my domain. I don't think that can be fixed, but it's not a factor here, is it? Your example shows SpamCop handling your spam correctly, but I still don't understand what "identified internal IP as source" means for mine.
  6. Tracking URL for the most recent one of these: https://www.spamcop.net/sc?id=z6647673526z717f1b3f9f3bda2be59f7a5a44fe732ez Nope, not Chinese; I and my site are in the US. I just don't see how SpamCop thinks that's an internal IP. My SpamCop Mailhosts config shows "Relaying IPsv4" as my external IP address,
  7. I've got a personal email server (named enchanter.net) that I recently migrated to Exim. I used SpamCop's Mailhosts tab to send me a test email and then I gave it back to SpamCop so that it knows about my mailhost; but still, there are two messages in my Junk mail folder that tell me "Mailhost configuration problem, identified internal IP as source" when I try to submit them to SmapCop. Here are the headers from one of them (the other one is similar, and I edited out the long signatures): Return-path: <info@themailertools.com> Envelope-to: brian@enchanter.net Delivery-date: Wed, 26 Aug 2020 19:15:42 -0400 Received: from themailertools.com ([]) by www with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <info@themailertools.com>) id 1kB4dp-000XhP-Ex for brian@enchanter.net; Wed, 26 Aug 2020 19:15:42 -0400 DKIM-Signature: ... DomainKey-Signature: ... Reply-To: <908618401@qq.com> Message-ID: <20200827071535733026@themailertools.com> From: "unlimited smtp seller" <info@themailertools.com> To: <brian@enchanter.net> Subject: Re:quality SMTP for bulk mailing/fresh office 365 emails Date: Thu, 27 Aug 2020 07:15:30 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 X-mailer: Jxxflinct 0 What does "identified internal IP as source" mean here? The only IP in the headers is, and that's in China. I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong?
  8. Brian Kendig

    Add checkboxes for "this is a bounce", etc.

    To get around the "check/report everything" problem, just make the "what kind of report is this" be a radio-button selection. One radio button for "this is a worm email", one for "this is an incorrect bounce", etc. That way the user won't select more than one different kind. What recipient should receive the note? Any recipient who is responsible for allowing the offending email through their system - which should be all of the recipients that SpamCop chooses, because I don't think SpamCop sends reports to people who have nothing to do with the problem. Copying/pasting the comments from a text file is a workaround for now, but it's a real pain for the amount of spam that I get.
  9. I've started using SpamCop to report worm emails and incorrect email bounces. Each time I submit one of these, I want to tell the site what I'm reporting - like: * "this is a worm email sent by someone through your network, you really should look into this and cut 'em off" * "this is an incorrect bounce, I never sent the email in question, you need to reconfigure your mail server to stop sending out bounce messages to forged addresses" * "you idiot, why is your antivirus software blaming ME for being infected by the Sober worm and SENDING ME A COPY OF IT in the bounce message?" Problem is, I don't want to have to type these notes out every time into the "Additional notes" field when I submit an email through the web form. And since I copy/paste email into the web form, I can't keep one of these notes in my copy buffer to keep pasting each time. I'd like SpamCop to add some checkboxes so that I can specify exactly what it is I'm sending, and alter the complaint that's being sent so that hopefully the site admin will be clued in. All it would take are "this is a worm email", "this is an incorrect bounce", and "this is a misdirected antivirus email" checkboxes which would add a line of explanation to the complaint email.
  10. Brian Kendig

    "Virus removed from your message!"

    The problem with reporting this worm thru SpamCop is that the worm emails will mention the domain that the email is falsely claiming to be sent thru, as in: In this example, SpamCop will think that www.mac.com is a domain being advertised by the spam, and will send an abuse email. (Well, not to mac.com in particular because it says that site doesn't accept reports, but it'll send abuse emails to other sites when named.) The result is that if you report these worm emails through SpamCop, you've got to uncheck the addresses for the domain which has nothing to do with the spam.
  11. Brian Kendig

    "Virus removed from your message!"

    Wazoo: I think my eye reflexively skipped over that "Rules - everybody read!" link because it was red, the usual color of links I've already visited. I probably assumed I'd already visited that page as I was wandering around looking for information. turetzsr: I've started using SpamCop to report everything that ends up in my "junk" folder, including worm emails and erroneous bounces. Thank you again! I have one more question: when I use SpamCop to report a worm email or an improper bounce, what does the message say that gets sent to the site administrators? Does it say "you allowed spam on your network", or is it smart enough to recognize what kind of message is being dealt with and say "a PC on your network has a virus" or "stop making your mail server send out bounce messages" instead?
  12. Brian Kendig

    "Virus removed from your message!"

    Thanks for that link! I did read the pinned post in question, but I missed that one link among the dozens of others on the page. I didn't think this was a rules issue - I was looking specifically for links about bounce messages. (Perhaps that pinned post could be made a summary of what people need to know, rather than a site map.) So, from that link you gave me, it looks like the second part of the definition of spam is no longer as strict - a message doesn't have to be bulk, if it was misdirected to me unsolicited, and not just due to human error? Thank you for the info!
  13. Brian Kendig

    "Virus removed from your message!"

    My spam filters are pretty good - but now the largest source of messages in my junk mailbox are the bounces from antivirus software that's trying to be helpful, but is too stupid to realize that the address on the spam is forged. That sort of thing. I'm getting really annoyed by them, because they're a form of spam, too. I'd like opinions - should I use SpamCop to report these? I'm also getting really tired of the "delivery failed" bounce messages from servers which only decide to bounce a message *after* they've accepted delivery. I don't understand why anyone would configure a server to accept first and bounce later. Does anybody here have a good methodology for dealing with these? And, is there a service like SpamCop that I can use to report worm emails, like all the "Good day" and "hello" messages I'm getting, to automatically figure out what network they're coming from so that network's administrators can cut off the infected PCs?