Jump to content
Sign in to follow this  
honcho

email redirection trouble

Recommended Posts

Hi.

I have 2 email address

pelle[at]example1.com

pelle[at]example2.com

pelle[at]example1.com has MX record :mail1.otherISP.com but is redirected there to pelle[at]example2.com which is hosted by me by the mailserver mail.example2.com

so when I get spam to pelle[at]example1.com---redirect--->pelle[at]example2.com

spamcop wrongfully says that mail1.otherISP.com is the originator?

here is a modified header:

Return-path: <e_blevinsuh[at]afloat.demon.co.uk>

Envelope-to: pelle[at]example2.com --->modified

Delivery-date: Fri, 30 Jan 2004 13:33:16 +0100

Received: from [190.21.97.18] (helo=mail1.otherISP.com) --->modified

by mail.example2.com with esmtp (Exim 3.22 #1) --->modified

id 1AmXpk-00000n-00

for pelle[at]example2.com; Fri, 30 Jan 2004 13:33:16 +0100 --->modified

Received: from [62.43.75.24] (helo=cfs.nrcan.gc.ca)

by mail1.otherISP.com with esmtp (Exim 4.24) --->modified

id 1AmXec-0005RY-Db

for pelle[at]example1.com ; Fri, 30 Jan 2004 13:21:50 +0100 --->modified

Message-ID: <NGCDCKJKPCBIPLBAFDEOBLDDIJAA.e_blevinsuh[at]afloat.demon.co.uk>

From: "Elton Blevins" <e_blevinsuh[at]afloat.demon.co.uk>

To: pelle[at]example1.com --->modified

Subject: turn your spud into a stud!

Date: Fri, 30 Jan 2004 10:17:17 +0000

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: base64

the spam really originated from [62.43.75.24] (helo=cfs.nrcan.gc.ca) (this is the only thing UNmodified in the example above)

My friend owns the company otherISP.com:) and I have checked for open relays, bur there arent any. They use SMTP authentication also.

My own mailserver is also checked thoroughly.

can anyone explain this?

sorry for the bad highschool english:)

/pelle

Share this post


Link to post
Share on other sites

If 190.21.97.18 really is the IP Address of mail1.otherISP.com, it is in unauthorized space.

It appears that you munged too much. Could you possibly munge just the LHS (Left Hand Side) of the email addresses, and leave the domains and IP Addresses alone? SpamCop's parsing of the email is probably breaking, but we can't see where due to the munging.

Thanks!

Share this post


Link to post
Share on other sites

In this case, by "munging", I meant what you wrote as "--->modified". If you are uncomfortable with posting the domains and IP Addresses, please email deputies at spamcop.net instead. Thanks!

Edited by JeffG

Share this post


Link to post
Share on other sites
I fyou like I could send you an unmodified version to your email?

No, thank you. Please email deputies at spamcop.net instead. Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×