honcho Posted January 30, 2004 Share Posted January 30, 2004 Hi. I have 2 email address pelle[at]example1.com pelle[at]example2.com pelle[at]example1.com has MX record :mail1.otherISP.com but is redirected there to pelle[at]example2.com which is hosted by me by the mailserver mail.example2.com so when I get spam to pelle[at]example1.com---redirect--->pelle[at]example2.com spamcop wrongfully says that mail1.otherISP.com is the originator? here is a modified header: Return-path: <e_blevinsuh[at]afloat.demon.co.uk> Envelope-to: pelle[at]example2.com --->modified Delivery-date: Fri, 30 Jan 2004 13:33:16 +0100 Received: from [190.21.97.18] (helo=mail1.otherISP.com) --->modified by mail.example2.com with esmtp (Exim 3.22 #1) --->modified id 1AmXpk-00000n-00 for pelle[at]example2.com; Fri, 30 Jan 2004 13:33:16 +0100 --->modified Received: from [62.43.75.24] (helo=cfs.nrcan.gc.ca) by mail1.otherISP.com with esmtp (Exim 4.24) --->modified id 1AmXec-0005RY-Db for pelle[at]example1.com ; Fri, 30 Jan 2004 13:21:50 +0100 --->modified Message-ID: <NGCDCKJKPCBIPLBAFDEOBLDDIJAA.e_blevinsuh[at]afloat.demon.co.uk> From: "Elton Blevins" <e_blevinsuh[at]afloat.demon.co.uk> To: pelle[at]example1.com --->modified Subject: turn your spud into a stud! Date: Fri, 30 Jan 2004 10:17:17 +0000 MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 the spam really originated from [62.43.75.24] (helo=cfs.nrcan.gc.ca) (this is the only thing UNmodified in the example above) My friend owns the company otherISP.com:) and I have checked for open relays, bur there arent any. They use SMTP authentication also. My own mailserver is also checked thoroughly. can anyone explain this? sorry for the bad highschool english:) /pelle Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2004 Share Posted January 30, 2004 If 190.21.97.18 really is the IP Address of mail1.otherISP.com, it is in unauthorized space. It appears that you munged too much. Could you possibly munge just the LHS (Left Hand Side) of the email addresses, and leave the domains and IP Addresses alone? SpamCop's parsing of the email is probably breaking, but we can't see where due to the munging. Thanks! Link to comment Share on other sites More sharing options...
honcho Posted January 30, 2004 Author Share Posted January 30, 2004 no I changed it to protect my friends company.. but it matches the REAL mailserver for my friend.... Link to comment Share on other sites More sharing options...
honcho Posted January 30, 2004 Author Share Posted January 30, 2004 I used Outlook to report it, sending it as an attached file dont know what munging means, sorry:) Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2004 Share Posted January 30, 2004 In this case, by "munging", I meant what you wrote as "--->modified". If you are uncomfortable with posting the domains and IP Addresses, please email deputies at spamcop.net instead. Thanks! Link to comment Share on other sites More sharing options...
honcho Posted January 30, 2004 Author Share Posted January 30, 2004 I fyou like I could send you an unmodified version to your email? Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2004 Share Posted January 30, 2004 I fyou like I could send you an unmodified version to your email? No, thank you. Please email deputies at spamcop.net instead. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.