Jump to content

sbimos

Members
  • Content Count

    14
  • Joined

  • Last visited

Posts posted by sbimos


  1. tried that and got:

    Quote
    Parsing header:
    This header is incomplete. Please supply the full headers of the spam you're trying to report.
    No source IP address found, cannot proceed.
    Add/edit your mailhost configuration
    Finding full email headers
    Submitting spam via email (may work better)
    Example: What spam headers should look like
    No tracking information found in header:
    
    Delivered-To: x
    
    Probably not full headers - see FAQ:
    Email software FAQ

     

    no header

     


  2. I'm getting the following result after reporting, however, my receiving email address (gmail) is already registered.  Not sure if there's anything I can do next.

    spam is incoming from an apparently legitimate local source business on an account I never give out.  No idea how they got it, no way to unsubscribe, really want to burn the guy.

    Feel free to relocate if I posted in wrong section.

     

    Quote
    Parsing header:

    host 2002:a1c:708:0:0:0:0:0 (getting name) no name

     

    0: Received: by 2002:a1c:708:0:0:0:0:0 with SMTP id 8-v6csp558035wmh; Mon, 23 Jul 2018 13:12:17 -0700 (PDT)
    No unique hostname found for source: 2002:a1c:708:0:0:0:0:0

     

    Possible forgery. Supposed receiving system not associated with any of your mailhosts
    Will not trust this Received line.

     

    Mailhost configuration problem, identified internal IP as source
    Mailhost:
    Please correct this situation - register every email address where you receive spam

     

    No source IP address found, cannot proceed.
    Add/edit your mailhost configuration
    Finding full email headers
    Submitting spam via email (may work better)
    Example: What spam headers should look like

     

    Nothing to do.

     


  3. I'm back. The old computer died, and I completely forgot to get my custom scri_pt off the backup drive, so I am starting over (back a few steps).

    I reinstalled the scri_pt above, and now I am getting an error from Spamcop that I thought was fixed in the previous incarnation of the scri_pt:

    See sample report below:

    http://www.spamcop.net/sc?id=z5014485383z5...894e78d3ead746z

    Ok, what do I need to do?

    Thanks


  4. -[at]Wazoo: Seriously, I was TRYING on the quotes, sorry.

    -[at]Rconner: I try to keep my reporting ultra-simple, so I will avoid personal reports.

    -[at]Rconner: I hadn't heard of Knujon before, Thanks.

    -[at]Rconner: So should I change my scri_pt from "(This line added to ensure proper spam reporting.)" to something even more minimal like a " " or a "."?


  5. There's more wrong with these headers than simply the lack of a blank line between header and body. We might be able to read this mess and guess what to fix, but it would be a GUESS -- not the sort of thing we are supposed to be doing with mail submitted to SpamCop.

    Yeah, I noticed it was skipping the URLs too. That's why I was wondering if setting the scri_pt to duplicate all the info might be a better answer. It sounds like my current scri_pt, doing minimal changes is more acceptable...

    P.S. I have now set up my mailhosts.


  6. The tracker you posted shows just the same kind of damage as the one from the other day. So, the new scri_pt did not change anything (or are you saying it did?).

    Aha! Here's a new one. Got another "no-body" this morning. Processing fine by spamcop. I screenshotted it just in case, to prove I'm not loony.

    http://www.spamcop.net/sc?id=z2705043662zc...9dc5c6d8586648z

    Ohhh... As soon as I sent the spamcop report, reloaded the above link, it added this line: "Reports regarding this spam have already been sent:" and at first glance it LOOKS like it didn't process.


  7. Please feel free to kick me to the answers if they have been posted elsewhere and I missed them.

    I am trying to do the initial mailhosts setup. FYI, Mac OS X 10.5.6, Mail 3.5.

    1. The "[at]mac.com" service I use is also "[at]me.com". My username at either domain shows up in the same inbox. So which do I set up if they are both technically the same service? Both? If both, which first?

    2. I have two "Primary" POP email accounts, one "[at]mac.com" and one "[at]gmail.com". They each have their own inbox in the Mail app. There is no FWDing going on. I report spam to Spamcop from both, but I only registered the "[at]mac.com" with Spamcop. I think I understand that I need to set up both, but which do I do first?

    Thanks


  8. The tracker you posted shows just the same kind of damage as the one from the other day. So, the new scri_pt did not change anything (or are you saying it did?). The good news is that this probably lets your computer & software off the hook.

    WTF? I know it worked, because that was the whole reason I was satisfied! I tried it again, but the spam is too old. I'll wait for the next one and try again. FYI, a spam-IN-body (normal spam) will still work with the scri_pt... if anybody didn't figure that out already.

    Idea:

    A colleague suggested that instead of adding two text breaks and my "(This line added to ensure proper spam reporting.)", that I set the scri_pt to add two text breaks and then DUPLICATE the original contents of the spam. That way I haven't technically added anything other than the text breaks.

    How does that sound?

    A few of the previous times this has come up ....

    I set them to "immediate", so we'll see how that works. I didn't catch what they were before I changed them.

    What we (or I at any rate) would like to know is what the spam looked like when it hit your computer.

    Finally checked it. They are exactly the same.

    I was assuming that you had put your e-mail addresses through the SpamCop Mail Hosts Configuration

    I joined YEARS ago, so I don't think I did. Crud, it looks like I need help with that too:

    http://forum.spamcop.net/forums/index.php?...f=7&t=10170


  9. Odd, Spamcop forum didn't notify me that anyone had responded yet... I'll have to catch up on those later.

    Update:

    I received a fresh no-body spammy-spam today. I ran the original scri_pt and it did not fix the problem. I ran a modified version of the scri_pt, and it worked just as expected:

    http://www.spamcop.net/sc?id=z2695227880zc...f0773d223c8b30z

    I think I am satisfied with the result now. I will probably make two copies, one each for [at]mac and [at]gmail, both will also go to Spamcop, and to that FTC.gov address. scri_pt as follows:

    -added lots of instructions

    -switched to BCC

    -added the 'add two breaks and note to end of the file'

    (* SendToSpamCop V2.0

    written by S.J.L. v/d Velden

    The code below is open source and you may freely edit and redistribute it. Though I would appreciate it if you gave credits to the original author (me).

    Modified by Sbimos and Legioss to allow reporting of "no-body" spam, reporting to multiple services, reporting via bcc, and use of Address Book groups.

    Assistance from:

    StefanK at Macscriptor.net

    RConner at Spamcop.net

    Wazoo at Spamcop.net

    --------------------------------------------------------

    You have to customize the recipient variable to make this scri_pt

    work with your SpamCop-account and, or, other reporting services.

    Below you see the line that begins with "set SCaccount..."

    Replace the text YOURACCOUNT with the intended recipient address or addresses.

    Use the personalized reporting address you received from SpamCop.net to forward your spam to, or the reporting address of other services you may use.

    If you are using multiple reporting services, seperate the email addresses with a comma and a space.

    If you have an Address Book group, simply replace with the group name.

    *)

    --

    set SCaccount to "YOURACCOUNT"

    (* Below is the rest of the sourcecode of the scri_pt.

    Please be very carefull editing this code *)

    -- Create a SpamCop folder on the desktop

    set theOutputFolderPath to path to desktop folder

    set theNewFolderName to "SpamCop"

    tell application "Finder"

    if (exists folder (theOutputFolderPath & theNewFolderName as string)) = false then

    make new folder at desktop with properties {name:theNewFolderName}

    end if

    end tell

    -- Create a new message in mail bcc addressed to the user's SpamCop account, and, or, other reporting services. Read the source from the selected messages in mail and save it as SpamCop readable file in the newly created SpamCop folder. Then attach each file to the new message. Two line breaks and note "(This line added to ensure proper spam reporting.)"appended to the end of each file.

    tell application "Mail"

    set theMessages to the selection

    set counter to 1

    set theMessage to (make new outgoing message with properties {visible:true, subject:"report spam", content:" "})

    repeat with thisMessage in theMessages

    set sourceFile to ((theOutputFolderPath & theNewFolderName as string) & ":ml" & counter & ".src")

    set thisSource to the source of thisMessage as string

    set f to open for access sourceFile with write permission

    set eof of f to 0

    write thisSource & return & return & "(This line added to ensure proper spam reporting.)" to f

    close access f

    tell "Finder"

    set theAttachment to sourceFile as alias

    end tell

    tell the theMessage

    tell content

    make new attachment with properties {file name:theAttachment} at before the first character

    end tell

    end tell

    set counter to counter + 1

    end repeat

    tell theMessage

    make new to recipient at end of bcc recipients with properties {address:SCaccount}

    end tell

    end tell


  10. If you did this sort of surgery to the spam when you pasted it into the form (as opposed to just hitting return twice and typing in a little message at the bottom), this would certainly account for differences in parser results. The answer to the problem, however, is not to keep altering the spam but to get the mail service (mac.com?) to fix it as Wazoo suggests.

    I played around with the scri_pt myself, to add a means to let me select which of my several e-mail addresses to send from. Seems to be a pretty simple and robust scri_pt, but you are right that it could use some installation notes. I would be interested to know, however, if this scri_pt has solved your original problem.

    One thing you might do for us is to examine the mail as it sits in your Apple Mail spool. Do you see the same things at the end of the header that we see in the tracking URL you provided? If you do not, then you may have a problem with Apple Mail. If you do, then you may have a problem with mac.com. You could report this problem to them and actually give them the tracking link you gave us so they can see where the stuff is difficult to parse.

    -I added something that would not run afoul of the Spamcop rules, but it was so late lastnight, I don't remember what it was.

    -Regarding [at]mac.com fixing things, like I said, I'm not comfortable giving them feedback on the technical details, but I still report the spam "fwd as attach..." and add a note about the spam strangeness in layman's terms. I honestly think that's the best way to get them to deal with it anyway. Usually, if I don't include a note, the report would be bounced.

    -Oooh, can you post your mod scri_pt?

    -Regarding examining the mail, you lost me at "spool"...

    -Regarding does this scri_pt eliminate the "no-body" issue, I already deleted the original spam, so I will try with the next one.

    Coincidentally or not, this third Received line (from rhzogi) is where the forgery begins, also where the bus left the highway and line breaks started getting removed from the right locations and put in the wrong ones. It is possible, of course, that the spam might have been composed this way (i.e, by a moron). I asked sbimos above to see whether the spam header on his computer looks like the one in this tracker.

    -You lost me at "Mail Host Configuration features"...

    Moderator Edit: way too much stuff being "quoted" .. edited out bunches of stuff to conserve both vertical and disk space.


  11. I would almost conjecture that the original spam had problems, but if you could report it by copy-paste without making any changes to it then that would probably not be the case.

    I have successfully used the AppleScript located here on the forum, contributed by a fellow member, to report multiple spams. I think it uses a different approach, might be worth a try.

    -I was trying to avoid the copy paste route, but I will try adding breaks the next time I get one. I have already deleted to most recent "no-body" spam.

    -Actually, I DID have to make changes (add text) when I copied/pasted to report.

    -Fantastic. That link/scri_pt should be added into the FAQ. I looked for exactly that and had only seen one for Eudora (if I recall correctly).

    -The scri_pt does what it's supposed to do. I guess now I will work on modifying the scri_pt to add some sort of innocuous text to every submittal to address the "no-body" error.

    -I'm not "Mr. scri_pt", but I added some more info to that post to help other users install and run the scri_pt.

    That strangeness is all the more 'interesting' as this is exactly where the header construct goes bad in the third Received: line .... the timestamp is 'broken' .. and from then on one sees the lack of 'newline' characters/actions ... and most definitely the missing blank line between the headers and the single line of text that wuld have made up the body.

    To my eyes, I would first of all ensure that there isn't some kind of corruption found on your own hard drive. After that check comes back good, then I suggest sending this to someone on the networking side of mac.com and see of they can come up with a possibly good explanation as to why their systems would accept and pass on garbage like this. Worst case, are all of your "bad" e-mails crossing this same server?

    -You're already over my head with your analytics...

    -No corruption. I get the EXACT same sort of thing about once a week, always same issue, looks like it's from the same sender. None of my other email ever has this issue. I disk-utilitied-permission/disk-repaired just to be thorough.

    -I don't feel comfortable reporting the details of the issue to mac.com as I don't understand it myself. However, I AM reporting all spam received via their servers to the mac.com reporting address, so hopefully they have picked up on the issue themselves.


  12. Below is the code from my first steps in to the applescript world. I was unsatisfied with the results produced by other scripts mentioned on this forum so I tried to make something that suited my needs better. I'm posting it here so you can try my scri_pt, comment on it, or adapt it to your needs.

    Helpful Info for Newbies

    This scri_pt appears to still work fine as of Mac OS X 10.5.6, with Mail 3.5.

    To Install:

    1. Copy the code provided.

    2. Open "scri_pt Editor.app" on your HD. It should be located 'HD/Applications/Applescript/scri_pt Editor.app'.

    3. Paste it into the top half of the window.

    4. Make any necessary changes as detailed above (Your Spamcop reporting email, etc.)

    5. Hit the "Compile" button.

    6. Pull down 'File>Save as', file format should be 'scri_pt', do not 'hide extension' (good practice).

    7. Save into 'HD/Library/Scripts/Mail Scripts/' (good practice).

    Initial Setup To Use: (my method)

    1. Open "ApplescriptUtility.app" on your HD. It should be located 'HD/Applications/Applescript/ApplescriptUtility.app'.

    2. 'Check' the box 'show scri_pt menu in menu bar'.

    3. Quit

    *This should add the 'scri_pt' icon/menu to your menu bar. You will not need to do this again unless you accidentally remove the icon/menu.*

    To Use In Mail: (my method)

    1. Select spam message(s).

    2. Pull down the 'scri_pt' menu/icon in the menubar, and select your scri_pt.

    3. Once it's done running, send.


  13. Using:

    Mac OS X 10.5.6, Mail 3.5

    [at]mac.com and [at]gmail.com email accounts

    Spamcop reporting service

    Typical Procedure:

    from Apple's email client "Mail", I choose "Forward As Attachment" and send it to my unique Spamcop reporting address. *Normally this works fine*

    Problem/Question (concise):

    How do I add text to "no-body" spam if I report it using the "Forward As Attachment" command?

    Problem/Question (detailed):

    Recently I have been receiving poorly coded spam, and the body of the email appears empty. When I look into the headers, I can see the typical spam 'phrases' and 'websites'. Spamcop processes the submission and says "No body text provided, check format of submission. spam must have body text.". I understand this error, and the Spamcop suggestion to fix this is to "...add some text like 'No body included...'" (see http://forum.spamcop.net/forums/index.php?showtopic=122). However, I cannot figure out how I can still use my typical procedure of "Forward As Attachment" (the method that Spamcop accepts) if I need to add text. Suggestions? I am trying to keep the process as streamlined/fast as possible.

    Sample "no-body" spam processing error:

    http://www.spamcop.net/sc?id=z2690512304zd...99586638847952z

    Laborious Workaround:

    Currently, I have to reveal all headers, copy all, login to Spamcop, paste a report, add text, submit.

×