Cutsnake88

[Resolved] Spamcop identifying originating IP for Outlook365 Exchange headers as "internal source" (mine)

5 posts in this topic

After using Spamcop for years, I've changed my email setup and now can't get it to work.

A few months ago, I switched from hosted POP mail on a VPS to Outlook365 Exchange email. I know how to get the full headers - which are HUGE, but the originating IP is easy to find - but when I paste them with the email body into a Spamcop report, I get a message saying that it has identified the spam as having an "internal IP source", and "no source IP found". Screenshot below.

The issue appears to be that the first line of the Exchange header does NOT include the originating IP. It's further down. I'm attaching the beginning of the headers for a recent spam, and you can see that the originating IP is 103.246.249.41, but that's found further down.

Received: from SY3AUS01FT014.eop-AUS01.prod.protection.outlook.com
 (10.152.234.52) by SY3AUS01HT005.eop-AUS01.prod.protection.outlook.com
 (10.152.234.113) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8; Fri, 27 Jan
 2017 20:33:38 +0000
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (65.55.88.147) by
 SY3AUS01FT014.mail.protection.outlook.com (10.152.234.114) with Microsoft
 SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8 via Frontend
 Transport; Fri, 27 Jan 2017 20:33:37 +0000
Received: from ME1PR01CA0089.ausprd01.prod.outlook.com (10.171.8.22) by
 ME1PR01MB1860.ausprd01.prod.outlook.com (10.171.12.142) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.874.12; Fri, 27 Jan 2017 20:33:35 +0000
Received: from ME1AUS01FT011.eop-AUS01.prod.protection.outlook.com
 (2a01:111:f400:7eb4::204) by ME1PR01CA0089.outlook.office365.com
 (2603:10c6:200:18::22) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.12 via
 Frontend Transport; Fri, 27 Jan 2017 20:33:35 +0000
Authentication-Results: spf=none (sender IP is 103.246.249.41)
 smtp.mailfrom=halwaaameat.com; mungeddomain.com; dkim=pass (signature was
 verified) header.d=halwaaameat.com;mungeddomain.com; dmarc=bestguesspass
 action=none header.from=halwaaameat.com;mungeddomain.com; dkim=pass
 (signature was verified) header.d=halwaaameat.com;
Received-SPF: None (protection.outlook.com: halwaaameat.com does not designate
 permitted sender hosts)
Received: from halwaaameat.com (103.246.249.41) by
 ME1AUS01FT011.mail.protection.outlook.com (10.152.232.98) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.803.8 via Frontend Transport; Fri, 27 Jan 2017 20:33:34 +0000

SO... I still want to use Spamcop, but how do I do it when the start of my headers look like this^^??

 

2017-01-28_0925

 

Edited by Cutsnake88
Title was unclear

Share this post


Link to post
Share on other sites

 

Have you updated your mailhost configuration for your Spamcop reporting account?

Edited by lisati

Share this post


Link to post
Share on other sites
1 hour ago, lisati said:

 

Have you updated your mailhost configuration for your Spamcop reporting account?

Yay! That was the problem. Stupidly didn't even think of it, as I had thought it was my email addresses (not server) that needed to be registered, and those hadn't changed. 

Thank you very much!

Share this post


Link to post
Share on other sites

Can I mark this resolved then?

Share this post


Link to post
Share on other sites
39 minutes ago, Lking said:

Can I mark this resolved then?

Yes. Thank you very much for your help. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now