Jump to content
Sign in to follow this  
Followers 0
DavidT

Problems adding a mailhost

By DavidT, in Mailhost Configuration of your Reporting Account

Recommended Posts

DavidT    0

DavidT
Posted (edited)

Update: this issue is now moot, because I've decided to kill the address in question instead of trying to get the email server admins at the GBGM to fix their problem...see my last post, further down this topic.

I'm setting up my mailhosts, and I occasionally receive mail at an address "[at]gbgmchurches.gbgm-umc.org" (which is forwarded to another address, which is then forwarded to my SpamCop address). So, I had the "account configuration email" sent to the address and processed it on the web form, but was met with this error message:

Sorry, SpamCop has encountered errors:

Source IP not found.

Your email host does not appear to correctly identify the sending IP of

the email you receive.

The last address identified by your mail host was 192.168.10.42 ().

This does not appear to be a spamcop.net address.

I've written to "deputies" but haven't received an answer so I'm looking for guidance here. Here are the header lines before and after that IP address:

Received: from dns1.gbgm-umc.org (HELO mail.gbgm-umc.org) ([63.70.201.2])

(envelope-sender <service[at]admin.spamcop.net>)

by smtp04-01.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP

for <[x][at][y].org>; 8 Sep 2004 20:34:34 -0000

Received: from mail.gbgm-umc.org (mail.gbgm-umc.org [63.70.201.42])

by gbgmchurches.gbgm-umc.org (Build 101 8.9.3/NT-8.9.3) with ESMTP id QAA30009

for <[x][at]gbgmchurches.gbgm-umc.org>; Wed, 08 Sep 2004 16:35:11 -0400

Received: from mail.gbgm-umc.org (mail.gbgm-umc.org [192.168.10.42] (may be forged))

by mail.gbgm-umc.org (Switch-2.2.6/Switch-2.2.4) with SMTP id W88K33HO23585

for <[x][at]gbgmchurches.gbgm-umc.org>; Wed, 08 Sep 2004 16:39:53 -0400

X-SpamCop-Conf: [deleted]

Received: from [68.99.219.217] by spamcop.net

with HTTP; Wed, 08 Sep 2004 20:34:31 GMT

The "192" IP is obviously an internal network address, but I can see appropriate IPs before and after that one that SpamCop should have seen as the server IPs.

More info: I received a spam at that address, and I ran it through the parser, so here's the tracking URL (I cancelled the reports):

http://www.spamcop.net/sc?id=z650648064z20...87bd2506d02dd4z

The parse would have indeed sent reports to the correct places, so maybe there's no real problem if I can't get this host configured?

DT

Edited by DavidT

Share this post

Link to post
Share on other sites

StevenUnderwood    0

StevenUnderwood
Posted
3: Received: from mail.gbgm-umc.org (mail.gbgm-umc.org [63.70.201.42]) by gbgmchurches.gbgm-umc.org (Build 101 8.9.3/NT-8.9.3) with ESMTP id QAA29852; Wed, 08 Sep 2004 16:00:24 -0400

Hostname verified: mail.gbgm-umc.org

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

David:

I see it sending a report to MCI for the server "dns1.gbgm-umc.org (HELO mail.gbgm-umc.org) ([63.70.201.2])" which is also the same server from your confirmation.

Your headers do not show how the message gets from: dns1.gbgm-umc.org ([63.70.201.2])

to: (mail.gbgm-umc.org [63.70.201.42])

The headers from this source also do not show where they got the message from on the internet.

Share this post

Link to post
Share on other sites

DavidT    0

DavidT
Posted
I see it sending a report to MCI for the server "dns1.gbgm-umc.org (HELO mail.gbgm-umc.org) ([63.70.201.2])" which is also the same server from your confirmation.

Oops...you're right. Wouldn't want that to happen.

Your headers do not show how the message gets from: dns1.gbgm-umc.org ([63.70.201.2])

to: (mail.gbgm-umc.org [63.70.201.42])

Wait....I think you're reading the Received headers in the wrong order. The message went from the "mail" to the "dns1" servers, not the other way around....I think....

The headers from this source also do not show where they got the message from on the internet.

True....it seems to be missing the "HELO" from SpamCop...something like this:

Received: from 64.74.133.245 (HELO spamcop.net) (64.74.133.245) etc.

So I'm guessing that this might be part of the issue and that it indicates a configuration problem at the "gbgm-umc" servers.

DT

Share this post

Link to post
Share on other sites

StevenUnderwood    0

StevenUnderwood
Posted

I'm following the path the way spamcop does (top down), from the receiving end to the source. The red color items are missing from your headers (at least).

smtp04-01.mesa1.secureserver.net = 64.202.166.104 received from: ([63.70.201.2]) = dns1.gbgm-umc.org

dns1.gbgm-umc.org = 63.70.201.2 received from: 63.70.201.7 = gbgmchurches.gbgm-umc.org

gbgmchurches.gbgm-umc.org = 63.70.201.7 received from: ([63.70.201.42]) = mail.gbgm-umc.org

mail.gbgm-umc.org = 63.70.201.42 received from: internetsource?

Share this post

Link to post
Share on other sites

DavidT    0

DavidT
Posted

Thanks, Steven. I've just decided to nuke that address so that I won't receive any more spam from that system. I thought I had to leave a forward there so that they could contact me, but it turned out not to be required. Their mail servers are obviously misconfigured, so it will be better if I simply don't receive anything at all from that system, thus negating the need to add this particular mail host.

David T.

Share this post

Link to post
Share on other sites

netadwizards    0

netadwizards
Posted
decided to nuke that address so that I won't receive any more spam from that system

Hi, Since "can-spam" opened the spam floodgates I have taken to blocking the IP address of problem spam sources -- if I'm understanding what you describe correctly.

Since it appears you have a hosted domain this should'nt be a big problem for your host once you find the right person to talk to. Most of the sources causing this kind of problem are in Korea, China or other similar offshore providers so you don't have to worry too much about blocking good mail from an IP block.

Just a thought

B)

Share this post

Link to post
Share on other sites

DavidT    0

DavidT
Posted (edited)
if I'm understanding what you describe correctly.

No, I don't think you are.

Since it appears you have a hosted domain this should'nt be a big problem for your host once you find the right person to talk to. Most of the sources causing this kind of problem are in Korea, China or other similar offshore providers so you don't have to worry too much about blocking good mail from an IP block.

No, what I was talking about was an email address associated with some free web space for my church. I don't publish or use the address, but it was havested years ago, and so now nothing but spam is sent to it. I was trying to add the server involved as a "mail host" (which is the global topic of this forum, not specifics about blocking spam), but was having technical problems doing so due to a server MTA misconfiguration that's producing incomplete headers. I've given up on that mailhost and nuked the address.

I *do* thank "netadwizards" for trying to be helpful...but the system admins involved in the actual mail host aren't all that competent (hence the defective headers that caused the mailhost registration process to fail), and the domain to which the messages are forwarded is only a redirect with a few mail aliases, registered at GoDaddy, and so having them do any customized IP range blocks isn't an option.

I see that you're brand new here, so I'm a bit surprised that you're posting in the "mail hosts" forum, but maybe you started from the top of your screen and are working your way down. I'd strongly suggest that you go into the Help forum and read through the pinned items and FAQ, as well as browse through some active threads before posting any further...just a suggestion.

DT

Edited by DavidT

Share this post

Link to post
Share on other sites

dbiel    0

dbiel
Posted

Sorry I never saw this post before. I know you have given up on registering this one, but thought I would add a note about a possble problem I see in your post which was not addressed in any of the replies

I'm setting up my mailhosts, and I occasionally receive mail at an address "[at]gbgmchurches.gbgm-umc.org" (which is forwarded to another address, which is then forwarded to my SpamCop address). So, I had the "account configuration email" sent to the address and processed it on the web form, but was met with this error message:

Did you register the "which is forwarded to another address" address first?

The sequence of adding mailhosts is important.

You have to start with SpamCop and work each chain back step by step until you get to the expreme point were mail first enters each of you unique addresses.

If you had done this, disregard my reply. But I found the lack of any mention to it might be confusing to someone with a simplier problem that had not followed the sequence.

The result you received is an expected result if the steps are by passed.

Share this post

Link to post
Share on other sites

DavidT    0

DavidT
Posted
Sorry I never saw this post before.  I know you have given up on registering this one, but thought I would add a note about a possble problem I see in your post which was not addressed in any of the repliesDid you register the "which is forwarded to another address" address first?

Yes, I did. The problem with this host is that the server's mail software isn't producing complete headers....leaving off the initial "HELO" Received line, so unless that got fixed, the mailhost registration process wasn't going to work.

Thanks for trying to help, but this topic is dead now...it just hasn't scrolled off the front page yet, but it will, if we stop adding new replies. ;-)

DT

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Mailhost Configuration of your Reporting Account
×