honcho 0 Posted January 30, 2004 Hi. I have 2 email address pelle[at]example1.com pelle[at]example2.com pelle[at]example1.com has MX record :mail1.otherISP.com but is redirected there to pelle[at]example2.com which is hosted by me by the mailserver mail.example2.com so when I get spam to pelle[at]example1.com---redirect--->pelle[at]example2.com spamcop wrongfully says that mail1.otherISP.com is the originator? here is a modified header: Return-path: <e_blevinsuh[at]afloat.demon.co.uk> Envelope-to: pelle[at]example2.com --->modified Delivery-date: Fri, 30 Jan 2004 13:33:16 +0100 Received: from [190.21.97.18] (helo=mail1.otherISP.com) --->modified by mail.example2.com with esmtp (Exim 3.22 #1) --->modified id 1AmXpk-00000n-00 for pelle[at]example2.com; Fri, 30 Jan 2004 13:33:16 +0100 --->modified Received: from [62.43.75.24] (helo=cfs.nrcan.gc.ca) by mail1.otherISP.com with esmtp (Exim 4.24) --->modified id 1AmXec-0005RY-Db for pelle[at]example1.com ; Fri, 30 Jan 2004 13:21:50 +0100 --->modified Message-ID: <NGCDCKJKPCBIPLBAFDEOBLDDIJAA.e_blevinsuh[at]afloat.demon.co.uk> From: "Elton Blevins" <e_blevinsuh[at]afloat.demon.co.uk> To: pelle[at]example1.com --->modified Subject: turn your spud into a stud! Date: Fri, 30 Jan 2004 10:17:17 +0000 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 the spam really originated from [62.43.75.24] (helo=cfs.nrcan.gc.ca) (this is the only thing UNmodified in the example above) My friend owns the company otherISP.com:) and I have checked for open relays, bur there arent any. They use SMTP authentication also. My own mailserver is also checked thoroughly. can anyone explain this? sorry for the bad highschool english:) /pelle Share this post Link to post Share on other sites
Jeff G. 0 Posted January 30, 2004 If 190.21.97.18 really is the IP Address of mail1.otherISP.com, it is in unauthorized space. It appears that you munged too much. Could you possibly munge just the LHS (Left Hand Side) of the email addresses, and leave the domains and IP Addresses alone? SpamCop's parsing of the email is probably breaking, but we can't see where due to the munging. Thanks! Share this post Link to post Share on other sites
honcho 0 Posted January 30, 2004 no I changed it to protect my friends company.. but it matches the REAL mailserver for my friend.... Share this post Link to post Share on other sites
honcho 0 Posted January 30, 2004 I used Outlook to report it, sending it as an attached file dont know what munging means, sorry:) Share this post Link to post Share on other sites
Jeff G. 0 Posted January 30, 2004 (edited) In this case, by "munging", I meant what you wrote as "--->modified". If you are uncomfortable with posting the domains and IP Addresses, please email deputies at spamcop.net instead. Thanks! Edited January 30, 2004 by JeffG Share this post Link to post Share on other sites
honcho 0 Posted January 30, 2004 I fyou like I could send you an unmodified version to your email? Share this post Link to post Share on other sites
Jeff G. 0 Posted January 30, 2004 I fyou like I could send you an unmodified version to your email? No, thank you. Please email deputies at spamcop.net instead. Thanks! Share this post Link to post Share on other sites