jhg Posted June 19, 2015 Share Posted June 19, 2015 Please see https://www.spamcop.net/sc?id=z6139253206z712180235a6aaed02449cae06c1ba29cz Specifically: 4: Received: from blog.wim888.tw ([220.142.72.6]) by lnservice.com with MailEnable ESMTP; Fri, 19 Jun 2015 17:57:54 +0200 Hostname verified: 220-142-72-6.dynamic.hinet.netPossible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. This looks like a legitimate hop from the originating host. Can someone explain why this was not trusted? Link to comment Share on other sites More sharing options...
Lking Posted June 19, 2015 Share Posted June 19, 2015 Supposed receiving system not associated with any of your mailhosts This is the clue. I would suggest that you check your mailhosts. Your service provider may have changed/updated your mail server configuration which has caused your mailhosts to be out of date. Link to comment Share on other sites More sharing options...
petzl Posted June 20, 2015 Share Posted June 20, 2015 as is said you need to reset/update your SpamCop mailhost settings The spam came from a BOTNET attack host 220.142.72.6 abuse[at]twnic.net.tw http://cbl.abuseat.org/lookup.cgi?ip=220.142.72.6 Link to comment Share on other sites More sharing options...
jhg Posted June 20, 2015 Author Share Posted June 20, 2015 I must be missing something obvious. Extracting the Received lines and inverting their order I get the following chain blog.wim888.tw (220.142.72.6) --> lnservice.com lnservice.com (176.28.44.23) --> in-008.ord.mailroute.net --------+ in-008.ord.mailroute.net (199.89.2.11) --> localhost loopback localhost --> in-008.ord.mailroute.net --------+ in-008.ord.mailroute.net --> acmsmtp01.acm.org acmsmtp01.acm.org (64.238.147.78) --> smtp.jhmg.net The "border" between my mailhosts and the outside world is at in-008.ord.mailroute.net. lnservice.com is an external system through which the mail was routed from the botnet. I notice that the NEXT hop (in-008.ord.mailroute.net (199.89.2.11)) should be in my mailhosts but isn't. Is it really THAT hop that is the problem? A lot of my mail is processed by mailroute.net before being sent on to my ACM address, and MailRoute seems to regularly change the hosts that process mail. Is there a way to configure SpamCop mailhosts with a wildcard to recognize all of MailRoute's receiving hosts? I've been down this road before and had to get an admin to set up the mailhosts because the automatic config process based on sending test emails does not work for MailRoute. Link to comment Share on other sites More sharing options...
turetzsr Posted June 20, 2015 Share Posted June 20, 2015        Perhaps I am also missing something obvious but didn't you answer your own question with the following? 've been down this road before and had to get an admin to set up the mailhosts because the automatic config process based on sending test emails does not work for MailRoute.        This appears to me to be precisely what Lou offered, in different words: Your service provider may have changed/updated your mail server configuration which has caused your mailhosts to be out of date.        As far as I am aware, only manual intervention by an SC Admin/ Deputy can fix this (I have the same issue from time to time). Good luck! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.