Jump to content

nh905

Members
  • Content Count

    8
  • Joined

  • Last visited

Everything posted by nh905

  1. I am getting a growing amount of spam that Spamcop does not appear to be able to process. Here is an example: Return-Path: <bounce@facebook.com> Delivered-To: nxxxxxx-sinet:ca-x X-Envelope-To: x Received: from nxxxxxx.mail.pairserver.com [216.146.195.93] by aws.sinet.ca with IMAP (fetchmail-6.3.17) for <x> (single-drop); Fri, 12 Apr 2019 19:10:05 -0400 (EDT) Received: (qmail 55752 invoked from network); 12 Apr 2019 10:53:51 -0000 Received: from localhost (HELO mta.mail1.g20.pair.com) (127.0.0.1) by localhost with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 12 Apr 2019 10:53:51 -0000 Received: from localhost (localhost [127.0.0.1]) by mta.mail1.g20.pair.com (Postfix) with SMTP id 64B5CB816D for <x>; Fri, 12 Apr 2019 04:53:51 -0600 (MDT) X-Virus-Check-By: mail1.g20.pair.com Received: from localhost (localhost [127.0.0.1]) by mta.mail1.g20.pair.com (Postfix) with SMTP id E5FB9B8167 for <x>; Fri, 12 Apr 2019 04:53:50 -0600 (MDT) Received-SPF: fail (facebook.com ... _spf.facebook.com: Sender is not authorized by default to use 'bounce@facebook.com' in 'mfrom' identity (mechanism '-all' matched)) receiver=mail1.g20.pair.com; identity=mailfrom; envelope-from="bounce@facebook.com"; helo=mx-out.facebook.com; client-ip=85.119.146.106 Received: from mx-out.facebook.com (unknown [85.119.146.106]) by mta.mail1.g20.pair.com (Postfix) with ESMTP for <x>; Fri, 12 Apr 2019 04:53:49 -0600 (MDT) Received: from localhost (127.0.0.1) by .tFPOSZzTeEdkt6@facebook.com id FlkmbeavpeML for <x>; Fri, 12 Apr 2019 10:34:40 +0200 (envelope-from <contact@facebook.com>) From: Loblaw Companies Limited <CADB@facebook.com> Content-Type: text/html References: x Message-ID: <Flkm____________________QAeQ@mail.facebook.com> Reply-To: x To: x List-ID: 4SnNh9SKemslH4Awfatr Subject: Checkout // Confirmation needed Date: Fri, 12 Apr 2019 10:34:40 +0200 View entire message Parsing header: Reading from the bottom, my interpretation is that the mail was accepted by a mail gateway at 85.119.146.106 that claims to be mx-out.facebook.com, which forwarded the mail to the pair.com mail gateway that I use. However, 85.119.146.106 does not have a reverse DNS entry, and is definitely not associated with mx-out.facebook.com. Since Spamcop cannot figure out where to send the abuse report, it stops. It looks like the root cause is that pair.com is not following mail gateway 'best practices' by accepting email from a mail gateway that does not have a reverse DNS entry. Am I on the right track? Thanks, Norbert
  2. @petzl, several people have reported the same problem. The 'solution' is to remove mailhosts support or drop the dot/period in front of .yu57f1N5JknNfW@expressdeal.world. I currently use fetchmail to pull mail in my spam folder and then forward it to Spamcop. I tried writing an awk scri_pt to remove the dot/period but that causes multiple mail messages to be concatenated into one. There appears to be a way to force an end-of-stream conditions between mail files but I do not have the cycles to investigate further. Regards, Norbert
  3. Following the tracking URL reveals my email address, and I get enough spam,. Many people have already provided tracking URLs related to this problem . The header record that appears to cause the problem is: Received: from localhost (127.0.0.1) by .yu57f1N5JknNfW@expressdeal.world id YnC0jEIIBD7P for <x>; Sun, 08 Sep 2019 00:07:39 +0100 (envelope-from <contact@expressdeal.world>) Pasting the headers with the dot/period removed along with body text into SpamCop allows parsing to complete successfully. Regards, Norbert
  4. I am starting to see more examples where SpamCop is not parsing lines similar to "Received: from localhost (127.0.0.1) by .7E3tTgaTrxrjG0@track.list-manage7.net id MgFLi65tFAWB". I can successfully resubmit the spam by manually removing the dot/period, but the new reporting mechanism requires that I paste the headers separate from the body text. How do we get this issue escalated to someone at SpamCop.net who can get the parser updated? Thanks, Norbert
  5. @MIGsee https://www.spamcop.net/sc?id=z6551810734z18e8e17fdf9218b1235dc26a129e99c9z. Removing the period in front of the host in "Received: from localhost (127.0.0.1) by .7E3tTgaTrxrjG0@track.list-manage7.net id MgFLi65tFAWB" results in Spamcop parsing the headers properly. I configured Mailhosts. some years ago. Thanks, Norbert
  6. I am seeing an increasing number of spam with "Received: from localhost (127.0.0.1) by .<domain>", almost all from Russian. I can consistently get Spamcop to report the spam by removing the dot before the domain, but this is time-consuming given the volume. I am trying to automate the editing and reporting process but running into a few issues. I reported the problem to Spamcop on May 17th but heard nothing back. Does anyone have ideas on how to get this issue resolved by spamcop.net? Thanks, Norbert
  7. I just logged into a private Firefox session (I normally use Chrome) and displayed what I think is a Tracking URL (the one in the response from SpamCop when it has accepted an email for processing. Although I see several instances of <x>, I also see my email in several places. That might be due to the way I am getting spam to SpamCop. My Mail application does not retain headers in the right sequence for SpamCop. I have automation on one of my servers that uses IMAP to pull mail from a SpamReporting folder I set up and then forwards the message to SpamCop. Thanks, Norbert
  8. @gnarlymarley, that was it. I viewed the entire message, copied it and removed the leading period, and created a new report which SpamCop successfully processed and sent to abuse@selectel.ru. Next step is to see if I can brush up on my Linux scripting to remove the leading period programmatically. I would provide SpamCop tracking URLs if my email address were obfuscated. Thanks to everyone who responded. I knew SELECT-NET controls the address range that the mail gateway is using but am trying to streamline the reporting of spam.
×