Jump to content
Sign in to follow this  
grant

Now all my mail is going to the HELD folder

Recommended Posts

Just started using SpamCop on several different accounts over the weekend and generally happy, but...

Today I reported some spam that was in my held folder and it appears that following that event my own email was somehow blocked. In other words, if I mail myself, it goes straight to my held mail folder.

So I took a look at the message source of my own message in the Held folder and it appears to have a reference to someone else's server, which is the one being blocked. Nothing to do with my own server as far as I'm aware.

So is it possible to block yourself in error?

Here's the message header and the offending IP address appears to be: 213.166.65.2 whilst my mailserver IP is 212.23.23.125 and is not on any block lists.

So what do I do from here??

Grant.

Return-Path: <michael[at]howtocorp.com>

Delivered-To: spamcop-net-grant[at]spamcop.net

Received: (qmail 19231 invoked from network); 13 Apr 2004 16:21:26 -0000

Received: from unknown (192.168.1.101)

by blade4.cesmail.net with QMQP; 13 Apr 2004 16:21:26 -0000

Received: from dsl-212-23-23-125.zen.co.uk (HELO mailgate.printhouse.co.uk) (212.23.23.125)

by mailgate.cesmail.net with SMTP; 13 Apr 2004 16:21:25 -0000

Received: from mailgate.printhouse.co.uk (mailgate.printhouse.co.uk [213.166.65.2]) by mailgate.printhouse.co.uk (NTMail 7.02.3037/NY9765.00.9ea0b33f) with ESMTP id ejifeaaa for grant[at]spamcop.net; Tue, 13 Apr 2004 17:20:33 +0100

Received: from [212.23.3.141] by mailgate.printhouse.co.uk (NTMail 7.02.3037/NY9765.00.9ea0b33f) with ESMTP id ejifeaaa for grant[at]printhouse.co.uk; Tue, 13 Apr 2004 17:20:33 +0100

Received: from [212.23.23.120] (helo=grant)

by heisenberg.zen.co.uk with esmtp (Exim 4.30)

id 1BDQcs-0005rA-9S

for grant[at]printhouse.co.uk; Tue, 13 Apr 2004 16:19:06 +0000

Message-ID: <024201c42173$0ab33990$781717d4[at]grant>

Reply-To: "Michael Green" <michael[at]howtocorp.com>

From: "Michael Green" <michael[at]howtocorp.com>

To: <grant[at]printhouse.co.uk>

Subject:

Date: Tue, 13 Apr 2004 17:19:05 +0100

Organization: How To Corp

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1158

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

X-Originating-Heisenberg-IP: [212.23.23.120]

X-VSMLoop: printhouse.co.uk

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=2.63

X-SpamCop-Checked: 192.168.1.101 212.23.23.125 213.166.65.2

X-SpamCop-Disposition: Blocked bl.spamcop.net

Share this post


Link to post
Share on other sites

...Grant -- please don't be offended by the following; it is not intended as a snipe at you.

...Attn: Moderators -- please consider moving this from Help to Email.

Share this post


Link to post
Share on other sites

No offense taken. It's bewildering to know where to post for which help.

Realising that this thread will possibly move, let me add this information.

Somehow a blacklisted IP address, which has nothing to do with me or my mailserver, is for some reason included in all mail that is incoming to me and is therefore blocked.

Here's the offending IP address: Query bl.spamcop.net - 213.166.65.2

Now how the heck do I resolve this problem and continue using my private mailserver IP of 212.23.23.125 ?

Thanks,

Grant.

Share this post


Link to post
Share on other sites

Sorry, should add that the reason that all incoming mail to me is getting blocked is that it is forwarded to spamcop via my server and then downloaded via pop to me (or rather should be).

But it's my completely legitimate private mailserver 212.23.23.125 which is having the problem, because somehow this blocked IP 213.166.65.2 is associated and I have no idea why?

Thanks for help.

Grant.

Share this post


Link to post
Share on other sites

I'm having a bit of a struggle working out your "not associated with me" e-mail server statements. You say this sample is "an e-mail to myself. If so, please explain why the address of grant[at]printhouse.co.uk is not associated with the server called mailgate.printhouse.co.uk .... there sure seems to be some small connection there.

Query bl.spamcop.net - 213.166.65.2

DNS error: 213.166.65.2 has no reverse dns

213.166.65.2 listed in bl.spamcop.net (127.0.0.2)

Been reported as a source of spam about 100 times

The spam reports are an issue, and the lack of rDNS can get this IP blocked in other lists.

Query bl.spamcop.net - 212.23.23.125

212.23.23.125 is dsl-212-23-23-125.zen.co.uk

212.23.23.125 not listed in bl.spamcop.net

Resolved 212.23.23.125 to dsl-212-23-23-125.zen.co.uk.

dsl-212-23-23-125.zen.co.uk. has no MX records

This does not bode wll for the future either. Basically suggesting an e-mail server running on a subscriber line, which also will be blocked by many.

You say "no connection" but appearances suggest "there is a connection" with the IP that is currently listed in the SpamCop DNSbl .. and it's my understanding that any IP in the headers showing as "bad" IPs will cause the e-mail to head off to the Held e-mail folder. Notice that the line;

X-SpamCop-Checked: 192.168.1.101 212.23.23.125 213.166.65.2

says that the decision process stopped at 213.166.65.2, as that IP was found to be on the BL, as seen on the next line;

X-SpamCop-Disposition: Blocked bl.spamcop.net

And of course, yet another question; if 212.23.23.125 is "your e-mail server", then who/what is;

Received: from [212.23.23.120] (helo=grant) ??

Share this post


Link to post
Share on other sites

Hi Wazoo,

Thanks for your detailed thoughts above.

I've been thinking about this situation overnight (yes I think I dreamed about it) and this is what I think has happened. Below that, I'll comment on your comments and perhaps you can provide some useful advice from there.

Okay, the situation.

Yesterday SpamCop was working beautifully for me on this account, but I then went to Held Mail and found a ton of spam there. The first page was complete spam so I decided to report and delete in order to look further through the list.

Now in doing so I may have caused the problem and here's why (I think?)...

In order to get my mail from my own company 'printhouse' mailserver on 212.23.23.125 into spamcop for checking and then back to me, I've forwarded any mail to my personal email address (that's Grant) to my spamcop address.

I am then using pop to download the mail from spamcop to my own mailclient, Outlook.

So, by the time I've hit the report button in spamcop to report a bunch of spam, it appears to be the case that the header now contains my legitimate IP address 212.23.23.125 as well as the address which appears to have been spamming: 213.166.65.2

Now my IP address (212.23.23.125) is not blacklisted (though you've mentioned that it needs an MX record I think), my problem seems to be that whenever my mailserver forwards email it somehow ends up routing via the blocked address of 213.166.65.2

According to this report:

X-SpamCop-Checked: 192.168.1.101 212.23.23.125 213.166.65.2

says that the decision process stopped at 213.166.65.2

Now although there's no reverse DNS on that blacklisted 213.166.65.2 IP, I do know that it refers to a company called Trams (or digitalexchange) who were bought by my own ISP who route my mail called ZEN.

So (my night time thinking about this leads me to five conclusions and I'd appreciate your thought as to whether I'm right).

First of all, I was the one who originally reported the spammer associated with 213.166.65.2 (when I look at the spam reports on that IP in SpamCop, it's definitely the email that I reported).

Secondly, in reporting them it has inadvertently hit me, because my mailserver must somehow route out via that IP which is in someway connected to my ISP.

Third, I should bring the spam report to the attention of my ISP Zen, in order that they can cut off the spammer who has abused 213.166.65.2

Forth, I need to set an MX record against my own mailserver 212.23.23.125 (anything else that I should be doing here?)

Six, that it's safest for me never to report spam whilst I have my mail being filtered by first getting delivered to my own PrintHouse mailserver at 212.23.23.125 and then having that server forward mail onto my spamcop account and downloading it from there.

If I'm right about all that, is it the case that I just need to wait about another day and I should then be able to use SpamCop (assuming no one else reports that spammer), because 213.166.65.2 would automatically drop out of the database?

I've edited in comments to yours below and your feedback on my comments above would be much appreciated.

>> I'm having a bit of a struggle working out your "not associated with me" e-mail server statements. You say this sample is "an e-mail to myself. If so, please explain why the address of grant[at]printhouse.co.uk is not associated with the server called mailgate.printhouse.co.uk .... there sure seems to be some small connection there.

PrintHouse is my own company, we run our own mailserver mailgate.printhouse.co.uk on 212.23.23.125 so obviously that's all associated with me. It's the 213.166.65.2 that I have no knowledge of, other than my description above.

>> Query bl.spamcop.net - 213.166.65.2

DNS error: 213.166.65.2 has no reverse dns

213.166.65.2 listed in bl.spamcop.net (127.0.0.2)

Been reported as a source of spam about 100 times

>> The spam reports are an issue, and the lack of rDNS can get this IP blocked in other lists.

Yes, those 100 times were all me reporting that IP for spam I received as explained above.

>> Query bl.spamcop.net - 212.23.23.125

212.23.23.125 is dsl-212-23-23-125.zen.co.uk

212.23.23.125 not listed in bl.spamcop.net

Resolved 212.23.23.125 to dsl-212-23-23-125.zen.co.uk.

dsl-212-23-23-125.zen.co.uk. has no MX records

>> This does not bode wll for the future either. Basically suggesting an e-mail server running on a subscriber line, which also will be blocked by many.

As explained above, this is the record of my mailserver on that IP address. What should I do with this record to make everyone happy?

>>> You say "no connection" but appearances suggest "there is a connection" with the IP that is currently listed in the SpamCop DNSbl .. and it's my understanding that any IP in the headers showing as "bad" IPs will cause the e-mail to head off to the Held e-mail folder. Notice that the line;

X-SpamCop-Checked: 192.168.1.101 212.23.23.125 213.166.65.2

says that the decision process stopped at 213.166.65.2, as that IP was found to be on the BL, as seen on the next line;

X-SpamCop-Disposition: Blocked bl.spamcop.net

As above, it's just the 213.166.65.2 bit of that (which is the part which is being blocked, that I have no connection with, though as my overnight thinking suggest, I now believe this must be an IP of my ISP and that my mailserver may be routing mail via this bad IP.

>> And of course, yet another question; if 212.23.23.125 is "your e-mail server", then who/what is; Received: from [212.23.23.120] (helo=grant) ??

.125 is my mailserver and 120 is my fixed IP address when at work.

Thanks again.

Grant Shapps

Share this post


Link to post
Share on other sites

Thought the forum might find it useful to know that I have the problem resolved. Here's my communication with SpamCop on the subject:

---

Hi Grant,

The problem is in the dns/rdns setup of 213.166.65.2, which was causing a chain

error and all your reports were picking that IP up as the source. I've set a

trusted flag for that server and delisted it.

Richard

Please include all previous correspondence with replies

----

----- Original Message -----

From: "Grant Shapps" <grant[at]printhouse.co.uk>

To: <isphelp1[at]admin.spamcop.net>

Sent: Tuesday, April 13, 2004 4:30 PM

Subject: Wrongly included myself in spam report and now blacklisted

> Hi,

>

> I personally reported a spammer at (213.166.65.2) earlier today (report

> below).

>

> But unfortunately I seem to share the same IP address, because my

> legitimate mailserver at 212.23.23.125 sends mail via the same ISP as

> follows:

>

> from dsl-212-23-23-125.zen.co.uk (HELO mailgate.printhouse.co.uk)

> (212.23.23.125)

>

> ... so the upshot is that in using spamcop to report a spammer, my own

> outgoing mail is now getting blacklisted. Urgghhh. Please advise what

> to do now?

>

> Thanks,

> Grant Shapps

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×