USING ASSP with Spamcop

[Tazia]

Hello,

I use ASSP in front of my mailservers. I am getting nearly 100% effectiveness doing this, but since I have a number of honeypot addresses, I thought I would send the spam along to Spamcop since I make use of your dnsbl on my other client servers. However, you don't like my headers because ASSP uses localhost as the IP. I have a number of IP addresses and LOCALHOST covers them all, so using another IP isn't an option.

Received: from ASSP-nospam [127.0.0.1] by AMYS-ANSWERS.COM

  (SMTPD32-8.12) id A115C4E0266; Wed, 18 Aug 2004 16:58:45 -0500

Received: from 210.139.51.204 ([210.139.51.204] helo=pl716.nas921.kanazawa.nttpc.ne.jp) by ASSP-nospam ; 18 Aug 04 21:58:42 -0000

Received: from web53903.mail.yahoo.com ([206.50.36.220]) by mc5-f4.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);

  Thu, 19 Aug 2004 13:47:39 +0100

Message-ID: <20040678172590.6344.qmail[at]web53910.mail.yahoo.com>

Received: from [200.7.100.189] by web53910.mail.yahoo.com via HTTP; Thu, 19 Aug 2004 13:49:39 +0100

I don't want to disable ASSP. Can we get this to work?

Tazia

[Merlyn]

Looks to me like ASSP does not create a valid header. It might work if it had a FQDN.

The two received lines here are invalid:

It will die on this one because 127.0.0.1 is not a routable IP.

----------------------------------------------------------------------------------

Received: from ASSP-nospam [127.0.0.1] by AMYS-ANSWERS.COM

(SMTPD32-8.12) id A115C4E0266; Wed, 18 Aug 2004 16:58:45 -0500

----------------------------------------------------------------------------------

This one would work if ASSP-nospam was RFC compliant and it had a fully qualified domain name.

-----------------------------------------------------------------------------------

Received: from 210.139.51.204 ([210.139.51.204] helo=pl716.nas921.kanazawa.nttpc.ne.jp) by ASSP-nospam ; 18 Aug 04 21:58:42 -0000

------------------------------------------------------------------------------------

Your setup is not creating the right headers. I am not an expert on mailhosts and I am sure others will post more.

[Wazoo]

Another question .. did you post in the Forum because you are having these issues with your "mail host" ... or are you having problems with configuring your SpamCop reporting account with the Mail-Host settings of this account? Strangely enough, this kind of issue is what the Mail-Host thing is supposed to try to work around ... however, this would work for "your" reporting, but still leave other users on your network (that tried to report spam via SpamCop) screwed until they also stepped through the configuration for their accounts also ..... better to fix your server issues ...

[Tazia]

Another question .. did you post in the Forum because you are having these issues with your "mail host" ... or are you having problems with configuring your SpamCop reporting account with the Mail-Host settings of this account?  Strangely enough, this kind of issue is what the Mail-Host thing is supposed to try to work around ... however, this would work for "your" reporting, but still leave other users on your network (that tried to report spam via SpamCop) screwed until they also stepped through the configuration for their accounts also ..... better to fix your server issues ...

15412[/snapback]

ASSP works as a proxy. It listens on port 25 of all my IP addresses. It gets the email first and through baysian filtering, whitelists, and greylists parses the email to the mail server. By the time it reaches the mail server my clients don't ever see a spam. Only *I* do and that is to monitor the occasional false positive.

No one else would be sending reports but me. None of my other clients ever see spam. ASSP copies all spam to an address I have set up for training.

This isn't really for *my* benefit. I have my spam problem well under control. However I have several "honeypot" addresses. If they can be used by spamcop to help with their cause, then I want to be able to do that.

I can find out if ASSP can announce itself with a DNS verifiable IP, but at my end it doesn't matter as it never "sends" email and all my IPs are reverse resolvable.

Thanks,

Tazia

[Wazoo]

We're not together yet. The "Mail-Host" thing at SpamCop is a configuration of "your" reporting account ..... whereas, I believe you are talking about using a computer at your end as a "host for e-mail services" ..... not the same thing ... which would also suggest that I move your Topic into another Forum ....

[dbiel]

Wazoo, you seem to be right as this is not really a mailhost issue but configuring mailhosts may be part of the solution.

First major point. you failed to post the track ULR so we are acting on incomplete information.

Second major point. How are your submitting the report? cut and past, forward, etc

Third major point, what type of account are you using, free reporting, paid reporting, email account.

Forth major point, what steps did you take to set up your MailHost file on your SpamCop account?

And as Merlyn states below, the set up of you servers also needs adjustment.

[Merlyn]

I am not being mean here, so here goes:

ASSP only reflects the way you have your machine setup. If you placed your complete name on your machine including your dns suffix ASSP would reflect a FQDN.

You should learn how networking works or hire someone to set your machines up or open the manual, it is full of interesting items.

[Ellen]

Hello,

I use ASSP in front of my mailservers.  I am getting nearly 100% effectiveness doing this, but since I have a number of honeypot addresses, I thought I would send the spam along to Spamcop since I make use of your dnsbl on my other client servers.  However, you don't like my headers because ASSP uses localhost as the IP.  I have a number of IP addresses and LOCALHOST covers them all, so using another IP isn't an option.

I don't want to disable ASSP.  Can we get this to work?

Tazia

15410[/snapback]

Send me a tracking url for a parse of one of these and your registered SC email address and a brief description of what you are doing and what ASSP is doing and I will talk to Julian.

[Tazia]

I am not being mean here, so here goes:

ASSP only reflects the way you have your machine setup.  If you placed your complete name on your machine including your dns suffix ASSP would reflect a FQDN.

You should learn how networking works or hire someone to set your machines up or open the manual, it is full of interesting items.

What are you trying to be? Certainly not useful.

Unless you are using ASSP and are managing a multi-server, multi-domain network, your comments about what I need to know, who I need to hire, or what I need to read are nothing more than some sort of quest to be "king of the forum" through posting nonsense trying to pass as knowledge.

Tazia

[Wazoo]

Tazia, let me point out that Merlyn has made multiple posts within this Topic ... actually, a number of folks have posted within this Topic. I find it very odd that you have chosen to respond to only two .... one of mine that still has questions unanswered, and this last one of Merlyn's which you don't actually comment about the specific data actually involved. If his (previous) suggestions didn't work, say so. If you've not even looked at it, then you should also admit to that. Else, you might explain to all of "us" why the suggestions aren't applicable in your case, such that the next time your question shows up, "we" would have that additional knowledge so as to come up with a better suggestion ....????

[StevenUnderwood]

What are you trying to be? Certainly not useful.

He sure is. He does not need to know how your network is configured to know how the SMTP headers should be.

In order for the parser to work correctly, the machine (or software) receiving the message from the internet nneds to identify itself as being on the internet and where it received if from. Localhost can not be on the internet so the parser will not acknowledge the transfer.

[Tazia]

Tazia, let me point out that Merlyn has made multiple posts within this Topic ... actually, a number of folks have posted within this Topic.  I find it very odd that you have chosen to respond to only two .... one of mine that still has questions unanswered, and this last one of Merlyn's which you don't actually comment about the specific data actually involved.  If his (previous) suggestions didn't work, say so.  If you've not even looked at it, then you should also admit to that.  Else, you might explain to all of "us" why the suggestions aren't applicable in your case, such that the next time your question shows up, "we" would have that additional knowledge so as to come up with a better suggestion ....????

15589[/snapback]

Merlyn stated he is not an expert on mailhosts and then proceeded with a disparaging comment about my ability, which he knows nothing about. He needed to stop at not being an expert on mailhosts. I should have ignored him, because I knew that he didn't know enough to be helpful, but I was annoyed that he felt the need to disparage me.

A simple "SPAMCOP chokes on localhost configurations" would have sufficed.

As my situation clearly shows, sending servers don't need receivers to announce themselves "properly" to send mail. My servers announce themselves to receivers correctly and at this point in time that's all that matters to me.

The error message I was receiving during submission didn't make much sense because it never occurred to me that SPAMCOP would care how my server announces itself to senders.

Everything on my machines acts nicer when I use ASSP with the Localhost configuration with my multi IP/ multi homed setup. I intend to keep it that way.

Thanks,

Tazia

[StevenUnderwood]

A simple "SPAMCOP chokes on localhost configurations" would have sufficed.

Except that would not have been acurate. Spamcop chokes when the chain is broken between the source and destination.

As my situation clearly shows, sending servers don't need receivers to announce themselves "properly" to send mail. My servers announce themselves to receivers correctly and at this point in time that's all that matters to me.

No, headers do NOT need to be RFC compliant to have the message complete it's journey. They do need to be to accurately determine the original source of the message, otherwise they should not be trusted. Spamcop requires RFC compliant heades in order to do its work, so as long as you do not have RFC compliant headers, you should not use spamcop to report your spam.

Everything on my machines acts nicer when I use ASSP with the Localhost configuration with my multi IP/ multi homed setup. I intend to keep it that way.

That is your choice to make.

[fribo]

Everything on my machines acts nicer when I use ASSP with the Localhost configuration with my multi IP/ multi homed setup.  I intend to keep it that way.

15604[/snapback]

May be you can change "What the program calls itself in the email "received by" header. Usually ASSP-nospam." to a full blown correct HELO name. It should contain a period. That helps against some servers which check for valid HELO. I used "assp01.mydomain.de" for that purpose.