Jump to content
Sign in to follow this  
jhg

What causes

Recommended Posts

Please see https://www.spamcop.net/sc?id=z6139253206z712180235a6aaed02449cae06c1ba29cz

Specifically:

4: Received: from blog.wim888.tw ([220.142.72.6]) by lnservice.com with MailEnable ESMTP; Fri, 19 Jun 2015 17:57:54 +0200
Hostname verified: 220-142-72-6.dynamic.hinet.netPossible forgery. 
Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

This looks like a legitimate hop from the originating host.

Can someone explain why this was not trusted?

Edited by jhg

Share this post


Link to post
Share on other sites

Supposed receiving system not associated with any of your mailhosts

This is the clue. I would suggest that you check your mailhosts. Your service provider may have changed/updated your mail server configuration which has caused your mailhosts to be out of date.

Share this post


Link to post
Share on other sites

I must be missing something obvious. Extracting the Received lines and inverting their order I get the following chain

blog.wim888.tw (220.142.72.6)           --> lnservice.com
lnservice.com (176.28.44.23)            --> in-008.ord.mailroute.net --------+
in-008.ord.mailroute.net (199.89.2.11)  --> localhost                     loopback
localhost                               --> in-008.ord.mailroute.net --------+
in-008.ord.mailroute.net                --> acmsmtp01.acm.org
acmsmtp01.acm.org (64.238.147.78)       --> smtp.jhmg.net

The "border" between my mailhosts and the outside world is at in-008.ord.mailroute.net. lnservice.com is an external system through which the mail was routed from the botnet.

I notice that the NEXT hop (in-008.ord.mailroute.net (199.89.2.11)) should be in my mailhosts but isn't. Is it really THAT hop that is the problem?

A lot of my mail is processed by mailroute.net before being sent on to my ACM address, and MailRoute seems to regularly change the hosts that process mail. Is there a way to configure SpamCop mailhosts with a wildcard to recognize all of MailRoute's receiving hosts? I've been down this road before and had to get an admin to set up the mailhosts because the automatic config process based on sending test emails does not work for MailRoute.

Share this post


Link to post
Share on other sites

&nbsp &nbsp&nbsp&nbsp&nbsp Perhaps I am also missing something obvious but didn't you answer your own question with the following?

've been down this road before and had to get an admin to set up the mailhosts because the automatic config process based on sending test emails does not work for MailRoute.

&nbsp &nbsp&nbsp&nbsp&nbsp This appears to me to be precisely what Lou offered, in different words:

Your service provider may have changed/updated your mail server configuration which has caused your mailhosts to be out of date.

&nbsp &nbsp&nbsp&nbsp&nbsp As far as I am aware, only manual intervention by an SC Admin/ Deputy can fix this (I have the same issue from time to time). Good luck!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×